Share via

How to leverage an AI Project's project/connected resource/custom key as an api key for an OpenAPITool

Greg Oliver 0 Reputation points Microsoft Employee
2025-06-09T11:18:54.19+00:00

I'm following the steps given on this page: https://learn.microsoft.com/en-us/azure/ai-services/agents/how-to/tools/openapi-spec. Specifically, I am attempting to use an api key in an OpenAPITool as detailed here: https://learn.microsoft.com/en-us/azure/ai-services/agents/how-to/tools/openapi-spec#authenticating-with-api-key.

The api works correctly from a swagger UI - I can put the api key into the header and call the endpoint.

I did the steps 1-4 - I think correctly but it's hard to know. Step 5 suggests that there are samples available to take me the rest of the way, but there are no samples linked to the page.

I am using the Python SDK to create the agent.


def load_openapi_tool() -> OpenApiTool:
    with open(OPENAPI_SPEC_PATH, "r") as f:
        spec = jsonref.loads(f.read())

    auth = OpenApiAnonymousAuthDetails()

    return OpenApiTool(
        name="exemptions", 
        spec=spec, 
        description="Manage Azure Policy Exemptions", 
        auth=auth)


def create_agent(client: AIProjectClient, openapi_tool: OpenApiTool):
    api_key_connection = client.connections.get("api_list_exemptions_by_subscription")
    agent = client.agents.create_agent(
        model=MODEL_NAME,
        name=AGENT_NAME,
        tools=openapi_tool.definitions,
        instructions=INSTRUCTIONS
    )

Here's the connected resource/custom key:

User's image

Relevant bits of the OpenAPI spec:

User's image

Foundry Tools
Foundry Tools

Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Greg Oliver 0 Reputation points Microsoft Employee
    2025-06-11T10:03:33.3266667+00:00

    Solved.

    This line turns out to be unhelpful. Perhaps not damaging, but in any case not part of the solution:
    api_key_connection = client.connections.get("api_list_exemptions_by_subscription")

    Since an api key is being used to authenticate, the authentication option is not OpenApiAnonymousAuthDetails(), but instead OpenApiConnectionAuthDetails(...). OpenApiConnectionAuthDetails takes a parameter: security_scheme. The resulting line of code:

        auth = OpenApiConnectionAuthDetails(security_scheme=OpenApiConnectionSecurityScheme(connection_id=os.environ["CONNECTION_ID"]))

    In this context, the connection_id parameter points to a Foundry connected resource which is of type "Custom Key". The connection_id is an Azure resource id with the following structure:

    "/subscriptions/{subscription id}/resourceGroups/{rg name}/providers/Microsoft.CognitiveServices/accounts/{azure ai foundry name}/projects/{project name}/connections/{connected resource name}"

    Finally, in the OpenApi spec above, the securityScheme object is at the top level. It should be a child object of the "components" object, as such:

        "components": {
        "securitySchemes": {
            "apiKeyHeader": {
                "type": "apiKey",
                "name": "x-api-key",
                "in": "header"
            }
        }
    },

    Was this answer helpful?

    0 comments
  2. Anonymous
    2025-06-10T23:58:59.46+00:00

    Hi Greg Oliver

    You’ve successfully completed the initial steps for integrating an AI Project’s project/connected resource/custom key as an API key for use with an OpenAPITool, following the Azure documentation. However, I understand that step 5 references the availability of sample code without providing direct links, which may be causing confusion.

    Since you're working with the Python SDK to create the agent, the next steps involve properly loading the OpenAPI specification, configuring authentication using the custom key, and initializing the agent with the appropriate OpenAPITool settings.

    def load_openapi_tool() -> OpenApiTool:
with open(OPENAPI_SPEC_PATH, "r") as f:
spec = jsonref.loads(f.read())

# Set up authentication details (example using OpenApiAnonymousAuthDetails)
auth = OpenApiAnonymousAuthDetails()

return OpenApiTool(
name="exemptions",
spec=spec,
description="Manage Azure Policy Exemptions",
auth=auth
)

def create_agent(client: AIProjectClient, openapi_tool: OpenApiTool):
# Get the API key connection
api_key_connection = client.connections.get("api_list_exemptions_by_subscription")

# Create the agent with the OpenApiTool and necessary configurations
agent = client.agents.create_agent(
model="MODEL_NAME",
name="AGENT_NAME",
tools=openapi_tool.definitions,
instructions="INSTRUCTIONS"
)

    To ensure the integration is functioning correctly, first verify that the API key connection is properly retrieved from the AIProjectClient, and confirm that the OpenAPI specification path and authentication setup are accurate.

    Additionally, check that the agent is created with the correct model, tool definitions, and configuration parameters. After creation, test the agent to confirm it can interact with the OpenAPI endpoints as expected, and monitor its responses to ensure the API key authentication is working correctly. If configured properly, the agent should be able to use the OpenApiTool to manage Azure Policy Exemptions in line with the OpenAPI specification.

    Reference : OpenAPI spec code samples , Authenticating with API key

    If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue.

    Thanks

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.