When the service you want to integrate has no MCP but does have a REST/HTTP API, you can wrap it yourself as one or more tools. They're created from Connections → Tool Studio → Custom HTTP.
Groups and tools
Every HTTP tool belongs to a group — the group represents the service (for example "Internal CRM") and can have a default authentication every one of its tools inherits. Each tool is a single endpoint (one method + one URL) and can use the group's authentication or its own.
Two ways to create tools
| Mode | How it works |
|---|---|
| Import OpenAPI | Paste the OpenAPI / Swagger URL (the spec document itself, not the Swagger UI page) plus, optionally, a group name and a base URL — the latter is only used if the spec doesn't declare its servers. Brain creates a new group with one tool per operation in the spec. |
| Build manually | Add a tool to an existing group, or create a new one (name and optional description), and define the endpoint yourself. |
Configuring a manual endpoint
You define the tool name (in snake_case — it's the name the digital human calls), the HTTP method and the URL. Then you fill in four tabs:
| Tab | What it configures |
|---|---|
| Authentication | How this call authenticates — see below. |
| Parameters | The arguments the digital human fills in: whether each is required, its name, type (text, number, boolean…), location (path, query, header or body) and description. |
| Headers | Fixed headers on the request. Each one has a Secret checkbox — unchecked stores it as plain text, checked stores it encrypted. |
| Body | Only for methods that carry a body (POST, PUT, PATCH…). JSON body (with {placeholder} substitution) or form-urlencoded. |
Brain automatically classifies the tool as read-only or write based on its method (GET = read; everything else = write) — this determines, among other things, whether it needs your approval before it runs (see Permissions and access).
Authentication
Every tool can either inherit the group's authentication or define its own:
| Method | What it's for |
|---|---|
| No auth | Public endpoints. |
| Bearer token | A fixed token sent as Authorization: Bearer …. |
| API key | A fixed value in a header or query param you name. |
| Basic auth | Username and password. |
| OAuth2 client credentials | Brain fetches and renews the token automatically from a token URL, client ID/secret and scopes. |
| Auto-renewing token (login) | For APIs with a dynamic login: Brain calls a login endpoint (a URL of its own, or reusing another of your tools), extracts the token from the response, caches it, and renews it before it expires. |
Any static method (Bearer, API key or Basic) can also carry a fallback login: if the API returns 401/403, Brain calls that login to get a fresh token and automatically retries the call.
Test before you use it
Every tool ships with its own test panel: it generates sample arguments (from the schema or with AI — you can Regenerate), runs a real call against the endpoint, and shows you the execution log, the authentication log, the generated curl (credentials masked), the raw response, and a list of checks. If something fails, Brain can propose suggestions you apply with one click.
Managing a group
Every group has its own page with two tabs:
- Configuration — edit the group's name, its default authentication, the list of tools (with their method, permissions, and a full editor per tool), and which digital humans have access.
- History — every real call made through the group: which tool, method, digital human, status, duration, and the chat message that triggered it. Failed calls include the cause and how to fix it.