github/AutoGPT
1
1
Fork 0
mirror of https://github.com/Significant-Gravitas/AutoGPT.git synced 2026-01-13 17:18:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
native-auth
AutoGPT/docs/content/platform/integrating/api-guide.md
Reinier van der Leer 3dbc03e488 feat(platform): OAuth API & Single Sign-On (#11617) 
We want to provide Single Sign-On for multiple AutoGPT apps that use the
Platform as their backend.

### Changes 🏗️

Backend:
- DB + logic + API for OAuth flow (w/ tests)
  - DB schema additions for OAuth apps, codes, and tokens
  - Token creation/validation/management logic
- OAuth flow endpoints (app info, authorize, token exchange, introspect,
revoke)
  - E2E OAuth API integration tests
- Other OAuth-related endpoints (upload app logo, list owned apps,
external `/me` endpoint)
    - App logo asset management
  - Adjust external API middleware to support auth with access token
  - Expired token clean-up job
    - Add `OAUTH_TOKEN_CLEANUP_INTERVAL_HOURS` setting (optional)
- `poetry run oauth-tool`: dev tool to test the OAuth flows and register
new OAuth apps
- `poetry run export-api-schema`: dev tool to quickly export the OpenAPI
schema (much quicker than spinning up the backend)

Frontend:
- Frontend UI for app authorization (`/auth/authorize`)
  - Re-redirect after login/signup
- Frontend flow to batch-auth integrations on request of the client app
(`/auth/integrations/setup-wizard`)
  - Debug `CredentialInputs` component
- Add `/profile/oauth-apps` management page
- Add `isOurProblem` flag to `ErrorCard` to hide action buttons when the
error isn't our fault
- Add `showTitle` flag to `CredentialsInput` to hide built-in title for
layout reasons

DX:
- Add [API
guide](https://github.com/Significant-Gravitas/AutoGPT/blob/pwuts/sso/docs/content/platform/integrating/api-guide.md)
and [OAuth
guide](https://github.com/Significant-Gravitas/AutoGPT/blob/pwuts/sso/docs/content/platform/integrating/oauth-guide.md)

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
  - [x] Manually verify test coverage of OAuth API tests
  - Test `/auth/authorize` using `poetry run oauth-tool test-server`
    - [x] Works
    - [x] Looks okay
- Test `/auth/integrations/setup-wizard` using `poetry run oauth-tool
test-server`
    - [x] Works
    - [x] Looks okay
  - Test `/profile/oauth-apps` page
    - [x] All owned OAuth apps show up
    - [x] Enabling/disabling apps works
- [ ] ~~Uploading logos works~~ can only test this once deployed to dev

#### For configuration changes:

- [x] `.env.default` is updated or already compatible with my changes
- [x] `docker-compose.yml` is updated or already compatible with my
changes
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)
2025-12-19 21:05:16 +01:00

2.6 KiB
Raw Permalink Blame History

AutoGPT Platform External API Guide

The AutoGPT Platform provides an External API that allows you to programmatically interact with agents, blocks, the store, and more.

API Documentation

Full API documentation with interactive examples is available at:

https://backend.agpt.co/external-api/docs

This Swagger UI documentation includes all available endpoints, request/response schemas, and allows you to try out API calls directly.

Authentication Methods

The External API supports two authentication methods:

1. API Keys

API keys are the simplest way to authenticate. Generate an API key from your AutoGPT Platform account settings and include it in your requests:

GET /external-api/v1/blocks
X-API-Key: your_api_key_here

API keys are ideal for:

  • Server-to-server integrations
  • Personal scripts and automation
  • Backend services

2. OAuth 2.0 (Single Sign-On)

For applications that need to act on behalf of users, use OAuth 2.0. This allows users to authorize your application to access their AutoGPT resources.

OAuth is ideal for:

  • Third-party applications
  • "Sign in with AutoGPT" (SSO, Single Sign-On) functionality
  • Applications that need user-specific permissions

See the SSO Integration Guide for complete OAuth implementation details.

Available Scopes

When using OAuth, request only the scopes your application needs:

Scope Description
IDENTITY Read user ID, e-mail, and timezone
EXECUTE_GRAPH Run agents
READ_GRAPH Read agent run results
EXECUTE_BLOCK Run individual blocks
READ_BLOCK Read block definitions
READ_STORE Access the agent store
USE_TOOLS Use platform tools
MANAGE_INTEGRATIONS Create and update user integrations
READ_INTEGRATIONS Read user integration status
DELETE_INTEGRATIONS Remove user integrations

Quick Start

Using an API Key

# List available blocks
curl -H "X-API-Key: YOUR_API_KEY" \
  https://backend.agpt.co/external-api/v1/blocks

Using OAuth

  1. Register an OAuth application (contact platform administrator)
  2. Implement the OAuth flow as described in the SSO Guide
  3. Use the obtained access token:
curl -H "Authorization: Bearer agpt_xt_..." \
  https://backend.agpt.co/external-api/v1/blocks

Support

For issues or questions about API integration:

Reference in New Issue View Git Blame Copy Permalink