Perform tasks in external systems

Action Tools

Action-oriented tools allow your AI to perform tasks in external systems, such as creating records, sending notifications, or updating data.

Overview

Unlike data acquisition tools that only fetch information, Action Tools use methods like
text
POST
,
text
PUT
,
text
PATCH
, or
text
DELETE
to trigger side effects in your applications or third-party services.

Configuration

To create an Action Tool:
  1. Navigate to your Site → API Tools → New Tool.
  2. Select REST API as the protocol.
  3. Choose the appropriate Method (
    text
    POST
    ,
    text
    PUT
    ,
    text
    PATCH
    , or
    text
    DELETE
    ).
  4. Provide the URL of your endpoint.
  5. Define any Parameters the AI should extract from the conversation to send in the request body.
  6. (Recommended) Enable Requires Confirmation for safety.

Confirmation Flow (Human-in-the-Loop)

For safety, sensitive actions should always require human consent. Vindex Ai implements this through a secure Two-Step Handshake.

1. The Halted Request

When an agent wants to call a tool with
text
requires_confirmation
enabled, the Gateway intercepts the call. Instead of reaching your API, the Gateway returns a special response to your frontend:
json
{
  "status": "CONFIRMATION_REQUIRED",
  "tool": "issue_refund",
  "arguments": {
    "invoice_id": "inv_123",
    "amount": 50.00
  },
  "message": "This action requires user approval."
}

2. User Approval

Your application UI should detect this status and present a confirmation dialog to the user. This ensures the user sees exactly what the AI intends to do (the
text
arguments
) before it happens.

3. Authorized Execution

Once the user clicks "Confirm", your client sends the request back to the Gateway, but now including a
text
confirmed: true
parameter.
The Gateway verifies this flag and only then executes the actual HTTP request to your backend API. This prevents the AI from accidentally triggering actions without explicit human authorization.

Security Benefits

  • Tamper Resistance: Even if the AI model tries to bypass the check, the Gateway backend refuses to make the final API call without the
    text
    confirmed
    flag from the client.
  • Data Transparency: Users see the exact JSON payload being sent to the external system.
  • Audit Logging: Every proposed and confirmed action is logged for compliance.

Examples

Newsletter Subscription

  • Name:
    text
    subscribe_to_newsletter
  • Method:
    text
    POST
  • URL:
    text
    https://api.yoursite.com/v1/subscribe
  • Parameters:
    text
    email
    (string)
  • Requires Confirmation:
    text
    false
    (low risk)

Support Ticket Creation

  • Name:
    text
    create_support_ticket
  • Method:
    text
    POST
  • URL:
    text
    https://api.yoursite.com/v1/tickets
  • Parameters:
    text
    subject
    (string),
    text
    priority
    (string),
    text
    description
    (string)
  • Requires Confirmation:
    text
    true
    (high value)

Delete Resource

  • Name:
    text
    delete_account
  • Method:
    text
    DELETE
  • URL:
    text
    https://api.yoursite.com/v1/users/{id}
  • Parameters:
    text
    user_id
    (string)
  • Requires Confirmation:
    text
    true
    (destructive action)
PreviousTools OverviewNextWeb Scraper