Brain AIx
Connections

Create a custom HTTP tool

Wrap any REST API into one or more tools, with its own authentication and built-in testing.

When the service you want to integrate has no MCP but does have a REST/HTTP API, you can wrap it yourself as one or more tools. They're created from Connections → Tool Studio → Custom HTTP.

Groups and tools

Every HTTP tool belongs to a group — the group represents the service (for example "Internal CRM") and can have a default authentication every one of its tools inherits. Each tool is a single endpoint (one method + one URL) and can use the group's authentication or its own.

Two ways to create tools

ModeHow it works
Import OpenAPIPaste the OpenAPI / Swagger URL (the spec document itself, not the Swagger UI page) plus, optionally, a group name and a base URL — the latter is only used if the spec doesn't declare its servers. Brain creates a new group with one tool per operation in the spec.
Build manuallyAdd a tool to an existing group, or create a new one (name and optional description), and define the endpoint yourself.
When importing, paste the direct link to the spec document (it often ends in /docs-json or /docs-yaml) — if you paste the Swagger UI page instead, Brain won't be able to read it. Import only suggests each operation's authentication scheme; add the real credentials afterward, from the group's or the tool's own authentication.

Configuring a manual endpoint

You define the tool name (in snake_case — it's the name the digital human calls), the HTTP method and the URL. Then you fill in four tabs:

TabWhat it configures
AuthenticationHow this call authenticates — see below.
ParametersThe arguments the digital human fills in: whether each is required, its name, type (text, number, boolean…), location (path, query, header or body) and description.
HeadersFixed headers on the request. Each one has a Secret checkbox — unchecked stores it as plain text, checked stores it encrypted.
BodyOnly for methods that carry a body (POST, PUT, PATCH…). JSON body (with {placeholder} substitution) or form-urlencoded.

Brain automatically classifies the tool as read-only or write based on its method (GET = read; everything else = write) — this determines, among other things, whether it needs your approval before it runs (see Permissions and access).

Authentication

Every tool can either inherit the group's authentication or define its own:

MethodWhat it's for
No authPublic endpoints.
Bearer tokenA fixed token sent as Authorization: Bearer ….
API keyA fixed value in a header or query param you name.
Basic authUsername and password.
OAuth2 client credentialsBrain fetches and renews the token automatically from a token URL, client ID/secret and scopes.
Auto-renewing token (login)For APIs with a dynamic login: Brain calls a login endpoint (a URL of its own, or reusing another of your tools), extracts the token from the response, caches it, and renews it before it expires.

Any static method (Bearer, API key or Basic) can also carry a fallback login: if the API returns 401/403, Brain calls that login to get a fresh token and automatically retries the call.

A write tool can create or modify data in the external system. Scope its permissions to the minimum it needs — see Permissions and access.

Test before you use it

Every tool ships with its own test panel: it generates sample arguments (from the schema or with AI — you can Regenerate), runs a real call against the endpoint, and shows you the execution log, the authentication log, the generated curl (credentials masked), the raw response, and a list of checks. If something fails, Brain can propose suggestions you apply with one click.

Testing a write tool sends a real request — it can create or modify data. Every test asks for your confirmation and makes exactly one call, with no automatic retries.

Managing a group

Every group has its own page with two tabs:

  • Configuration — edit the group's name, its default authentication, the list of tools (with their method, permissions, and a full editor per tool), and which digital humans have access.
  • History — every real call made through the group: which tool, method, digital human, status, duration, and the chat message that triggered it. Failed calls include the cause and how to fix it.
If you switch a tool from "inherit the group's authentication" to its own and then back to inherit, Brain keeps the non-secret configuration in case you need it again — but its own credential is deleted.