Airgentic Help
This module covers two advanced capabilities: custom functions that extend agent behaviour, and secure services that restrict access to authenticated users. Read this when your service uses these features or when you're planning to implement them.
Functions let agents perform actions beyond answering from the knowledge base:
| Capability | Examples |
|---|---|
| Enhanced search | Search with specific filters, scopes, or product model restrictions |
| External API calls | Order lookup, CRM queries, booking systems, weather |
| Email sending | Escalate enquiries, send confirmations, notify staff |
| Maps | Display store locations, service areas |
| Custom logic | Validate input, transform data, route conversations |
Functions extend what the AI can do without requiring changes to the underlying platform.
Good use cases:
- You need to call an external API (CRM, e-commerce, internal systems)
- You want to send emails programmatically
- You need search with custom filters not available by default
- You want to display rich content (maps, formatted data)
- You need escalation workflows with specific data capture
When you don't need functions:
- Basic Q&A from your content works fine → Use default search
- You just need exact answers → Use curated answers
- You want different handling for different question types → Use specialist agents with different prompts
Functions are written in AirScript, a secure subset of Python.
Each function has two parts:
The .py file — AirScript code that runs when the function is called:
async def run(air):
location = air.args.get("location", "")
# ... do something with location ...
air.reply_to_llm(f"Result for {location}")
The .function file — JSON schema that tells the AI when and how to call the function:
{
"name": "get_weather",
"description": "Get the current weather for a location.",
"parameters": {
"type": "object",
"properties": {
"location": {
"type": "string",
"description": "The city or location to get the weather for."
}
},
"required": ["location"]
}
}
The description is critical — the AI uses it to decide when to call the function.
Global Functions — Provided by Airgentic for common use cases:
- escalate_to_human — Collect contact details and email the conversation
- get_weather — Look up weather for a location
- create_support_ticket — Send ticket data to an external system
- check_order_status — Query an order API
- schedule_callback — Email a callback request
You can use global functions as-is or copy and customise them.
Your Functions — Functions you create or customised copies of global functions. You have full control over these.
Functions often need configuration values (API keys, email addresses, endpoints).
How it works:
- Functions read variables using air.get_config('variable_name')
- Variables are defined in the agent's configuration
- When you add a function to an agent, required variables are automatically created
- Variables can be regular (visible) or secret (encrypted and masked)
Setting variable values:
1. Add the function to an agent
2. Save the agent configuration
3. Fill in the variable values in the AirScript Variables section
4. Save again
Related: Editing an Agent
Functions are enabled per-agent:
Only agents with a function enabled can call it. This lets you have some agents with function access and others without.
What to check:
- Is the function being called when expected?
- Are the arguments correct?
- Is the function returning the right result?
- Is the AI using the result appropriately?
air API provides the only external accessRelated: Functions Overview, AirScript Functions
A secure service restricts access to authenticated users only:
Without secure services, your service is publicly accessible.
The flow uses OpenID Connect (OIDC) and PKCE:
Key security points:
- No passwords in the widget
- No secrets in the page embed code
- Standard protocols (OIDC + PKCE)
- Tokens are short-lived
Secure service setup is a joint effort:
What your IT team does:
1. Register an application in your identity provider
2. Configure redirect URIs to match your site
3. Provide Airgentic with client ID, tenant ID, and redirect URLs
4. Embed the secure widget code on your site
What Airgentic does:
1. Enable secure mode on your service
2. Configure allowed origins
3. Set up the identity provider connection
4. Apply authorisation rules
See Secure Services Checklist for the detailed task list.
After a user authenticates, you can control who is allowed access:
| Method | How it works |
|---|---|
| Email domain | Allow all users from your domain (e.g., @company.com) |
| Individual emails | Allow specific email addresses |
| Group membership | Allow users in specific IdP groups |
You can combine methods — a user matching any rule is granted access.
| Provider | Notes |
|---|---|
| Microsoft Entra ID | Requires Tenant ID; common for Microsoft 365 organisations |
| Okta | Requires Okta domain |
| Google Workspace | Automatic configuration |
| Other OIDC providers | Manual issuer URL configuration |
When using secure services, documents can be:
Use secure documents for internal or confidential content.
| Issue | Solution |
|---|---|
| Redirect loop | Redirect URI mismatch — verify it matches in IdP, Airgentic, and embed code |
| Access denied after login | Check authorisation rules (domain, email, groups) |
| Widget not loading | Check allowed origins include your site |
| Invalid client error | Client ID mismatch between IdP and Airgentic config |
Related: Secure Services Overview, Secure Services Checklist
| Scenario | Use functions? |
|---|---|
| Need to query an external API | Yes |
| Need to send emails from the chatbot | Yes |
| Want to display a store locator map | Yes |
| Just need better answers from your content | No — improve content or use curated answers |
| Want different tone for different questions | No — use specialist agents |
| Scenario | Use secure services? |
|---|---|
| Internal staff tool (intranet, HR, IT support) | Yes |
| Content contains confidential information | Yes |
| Need to audit who accessed what | Yes |
| Public customer support on your website | No — public access is fine |
| Mixed internal and external users | Consider — may need separate services |
Back to: Optional Deep-Dives