You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-services/agents/how-to/tools/openapi-spec.md
+41-4Lines changed: 41 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,7 +41,9 @@ work together, generate client code, create tests, apply design standards, and m
41
41
42
42
## Authenticating with API Key
43
43
44
-
1. Verify that the OpenAPI spec supports API keys: it has `securitySchemes` section and has one scheme of type `apiKey`. For example:
44
+
With API key authentication type, you can authenticate your OpenAPI spec with various methods such as API key, Bearer token.
45
+
46
+
1. Update your OpenAPI spec security schemes: it has `securitySchemes` section and has one scheme of type `apiKey`. For example:
45
47
```json
46
48
"securitySchemes": {
47
49
"apiKeyHeader": {
@@ -51,7 +53,16 @@ work together, generate client code, create tests, apply design standards, and m
51
53
}
52
54
}
53
55
```
54
-
If the security schemes include multiple schemes, we recommend keeping only one of them.
56
+
You usually only need to update the `name` field, which corresponds to the name of `key` in the connection. If the security schemes include multiple schemes, we recommend keeping only one of them.
57
+
58
+
1. Update your OpenAPI spec to include `security` section:
59
+
```json
60
+
"security": [
61
+
{
62
+
"apiKeyHeader": []
63
+
}
64
+
]
65
+
```
55
66
56
67
1. Remove any parameter in the OpenAPI spec that needs API key, because API key will be stored and passed through a connection, as described later in this article.
57
68
@@ -71,7 +82,7 @@ work together, generate client code, create tests, apply design standards, and m
71
82
:::image type="content" source="../../media/tools/bing/api-key-connection.png" alt-text="A screenshot of the custom keys selection for the AI project." lightbox="../../media/tools/bing/api-key-connection.png":::
72
83
73
84
1. Enter the following information
74
-
- key: `name` of your security scheme. In this example, it should be `x-api-key`
85
+
- key: `name`field of your security scheme. In this example, it should be `x-api-key`
75
86
```json
76
87
"securitySchemes": {
77
88
"apiKeyHeader": {
@@ -84,9 +95,35 @@ work together, generate client code, create tests, apply design standards, and m
84
95
- value: YOUR_API_KEY
85
96
- Connection name: YOUR_CONNECTION_NAME (You will use this connection name in the sample code below.)
86
97
- Access: you can choose either *this project only* or *shared to all projects*. Just make sure in the sample code below, the project you entered connection string for has access to this connection.
87
-
98
+
99
+
1. Once you have created a connection, you can use it through SDK or REST API. Please use the tabs above to navigate to your preferred ways of usage.
100
+
101
+
## Authenticating with Managed Identity (Microsoft Entra ID)
102
+
[Managed Identity (Microsoft Entra ID)](https://learn.microsoft.com/en-us/entra/fundamentals/whatis) is a cloud-based identity and access management service that your employees can use to access external resources. Microsoft Entra ID allows you to authenticate your APIs with additional security without the need to pass in API keys. Once you have set up Managed Identity authentication, it will authenticate through the Azure AI Service your agent is using.
103
+
104
+
To set up authenticating with Managed Identity:
105
+
1. Enable the Azure AI Service of your agent has `system assigned managed identity` enabled.
1. Create a resource of the service you want to connect to through OpenAPI spec
109
+
110
+
1. Assign Azure AI Service proper access to the resource
111
+
1. Click "Access Control" of your resource
112
+
113
+
1. Click "Add" and then "add role assignement" on the top
114
+
115
+
1. Select the proper role assignment needed, usually it will require at least READER role. Then click "Next"
116
+
117
+
1. Select "Managed identity" and then click "select members"
118
+
119
+
1. In the Managed Identity dropdown, search for "Azure AI services" and then select the AI Service of your agent.
120
+
121
+
1. Click "Finish"
122
+
123
+
1. Once you have it set up, you can use continue creating the tool through SDK or REST API. Please use the tabs above to navigate to your preferred ways of usage.
88
124
::: zone-end
89
125
126
+
90
127
::: zone pivot="code-example"
91
128
## Step 1: Create a project client
92
129
Create a client object, which will contain the connection string for connecting to your AI project and other resources.
0 commit comments