AI Actions Authentication Methods

Authentication Methods

AI Actions support several authentication methods to securely connect to your external APIs. Choose the method that matches your API's requirements.

None

No authentication is sent with the request. Use this for public APIs that don't require credentials.

When to use: Public data endpoints, open APIs, or internal services behind a VPN.

Bearer Token

A fixed token is sent in the Authorization header with every request:

Authorization: Bearer your-token-here

The token is stored encrypted in your workspace and never exposed to customers or in API responses.

When to use: Most REST APIs that use API keys or access tokens. This is the most common authentication method.

Customer Bearer Token

Instead of a single workspace-wide token, this method uses the customer's own bearer token, passed via Helpium.identify({ bearerToken: "..." }).

Authorization: Bearer <customer-specific-token>

If a customer doesn't have a token set, the action falls back to the default token configured on the action itself.

When to use: APIs where each customer has their own credentials, for example, looking up a customer's account in your system using their personal API key.

Setting customer tokens: Customer tokens can be set via the API or manually on the customer's profile page. You can also pass them during widget initialization.

Security Considerations

• All authentication tokens are encrypted at rest. They are never stored in plain text
• Tokens are never exposed in chatbot responses to customers
• Actions run with a configurable timeout (1–30 seconds) to prevent hanging requests
• Every action call is logged with input, output, status, and duration for auditing
• Only workspace Owners can create, edit, or delete AI Actions