# Core concepts

AgentLink provides the foundation for **SaaS products** and **organizations** to safely open their APIs and product capabilities to **AI platforms and agents**.

It turns your product into an **AI-native platform**, allowing customers to interact with it through AI assistants (like ChatGPT, Claude, Gemini, or custom MCP agents) — while maintaining **security, governance, and compliance**.

This page explains the core concepts that make AgentLink work.

## MCP server

The **MCP Server** is the managed runtime that connects your product's APIs to the **Model Context Protocol (MCP)** ecosystem.

- It’s hosted and orchestrated by AgentLink.
- It exposes your APIs as **Tools** to AI agents.
- It acts as a secure gateway between your backend and external AI platforms.
- It enforces access control, data protection, and policies for every action.


Each organization or tenant can have its own isolated MCP server instance, enabling independent governance and customization.

## Tools

A **Tool** represents an action, function, or API endpoint that an AI agent can invoke through AgentLink.

- Tools are imported from **OpenAPI** or **GraphQL** schema files.
- Each tool defines metadata like name, description, input/output schema, and authentication type.
- You can **enable, disable, edit, or remove** tools directly from the AgentLink dashboard.
- Tools are automatically discoverable by connected AI agents via MCP.


**Example:**

| Tool Name | Description | Type |
|  --- | --- | --- |
| `create_expense_report` | Creates a new expense report in your product | REST (OpenAPI) |
| `get_user_profile` | Fetches user profile data | GraphQL Query |


## Users, tenants, and claims

AgentLink is **multi-tenant** and **identity-aware** by design.

- **Users** represent individuals interacting with your product.
- **Tenants** correspond to logical customer environments (e.g., different organizations using your SaaS).
- **Claims** are attributes from your authentication tokens (JWTs) that represent identity, role, or scope.


Example JWT:


```json
{
  "user_id": "u-12345",
  "tenant": "acme-inc",
  "role": "finance_admin",
  "region": "US"
}
```

AgentLink uses these claims to apply **Access Control** and **Policy rules** dynamically per tenant or user.

## Access control (RBAC / ABAC)

Access Control defines **who can see or execute which tools** through AgentLink.

- **RBAC (Role-Based Access Control):** map tools to roles (e.g., only users with `finance_admin` can approve expenses).
- **ABAC (Attribute-Based Access Control):** use JWT claims like `region`, `department`, or `entitlement` to restrict tool access.


Access rules are defined in the **Access Control** screen and can be based on **roles** or **JWT attributes**.
This ensures each AI agent invocation respects the same security boundaries as your core application.

## Policies and guardrails

**Policies** define what actions are allowed or restricted when AI agents call your tools.

Each policy can result in one of several **actions**:

| Policy Action | Behavior |
|  --- | --- |
| **Allow** | The tool request executes normally. |
| **Deny** | The request is blocked and logged. |
| **Ask for Approval** | Requires human review before proceeding. |
| **Step-Up Authentication** | Requires additional verification (e.g., MFA, admin token). |


Policies can include **conditional logic** combining context and claim values.

**Example condition:**

> If the tool is `create_expense_report` and the amount is greater than 500, then **Ask for Approval**.


This enables fine-grained, dynamic governance for every AI-triggered request.

## Approval flows

When a policy requires approval, **Approval Flows** define who reviews and approves those requests.

- Approvers can be defined by **role** (e.g., `finance_manager`) or by **email address**.
- Notifications can be sent via **email** or **SMS**.
- Once approved, the original tool call automatically resumes.


Approval Flows ensure that sensitive or high-impact actions include a **human-in-the-loop** step.

**Example:**

| Flow Name | Trigger | Approvers | Notification |
|  --- | --- | --- | --- |
| Expense Approval | `amount > 500` | Role: `finance_manager` | Email + SMS |


## Data protection

**Data Protection** allows you to enforce **data masking and redaction** rules across tools.

This feature ensures that **sensitive fields** (like PII, PHI, or PCI data) are automatically hidden from AI agents unless explicitly allowed.

You can define:

- Which **tools** the rules apply to.
- Which **fields** to mask or redact.
- What **masking pattern** to apply (e.g., `***-**-####`).


**Example:**

| Field | Masking Type | Applies To |
|  --- | --- | --- |
| `ssn` | PII | HR API |
| `credit_card_number` | PCI | Payments API |


This is critical for maintaining **GDPR**, **HIPAA**, and **SOC 2** compliance in AI-driven operations.

## Monitoring and auditing

All actions within AgentLink are **monitored and logged** for transparency and troubleshooting.

You can see:

- Which user or AI agent invoked which tool
- When the request occurred
- What AI platform or model was used
- Which policies or approvals were triggered


The **Monitoring** screen provides a full activity timeline for your MCP environment — essential for **audit trails** and **incident analysis**.

## Configuration

The **Configuration** screen lets you control your MCP gateway settings.

You can:

- Define your **API forwarding endpoint** (the base URL where tool requests are sent).
- Configure a **custom domain** for your AgentLink instance.
- Manage **authentication and secret keys**.
- Adjust **timeout** and **retry** parameters.
- Enable advanced options such as **Dynamic Client Registration (DCR)**.


Configuration ensures a consistent and secure runtime environment for every tenant.

## Putting it all together

Here's how the core concepts interact inside AgentLink:

| Layer | Description |
|  --- | --- |
| **AI Agent** | The customer’s AI platform or assistant (e.g., ChatGPT, Claude, Gemini) that initiates actions. |
| **AgentLink MCP Gateway** | The secure bridge between AI agents and your product’s APIs. It applies all governance layers below. |
| → Access Control | Determines who can see and execute specific tools based on roles or attributes. |
| → Policies & Guardrails | Evaluate conditions and enforce allow, deny, approval, or step-up actions. |
| → Approval Flows | Trigger human reviews for sensitive or high-risk operations. |
| → Data Protection | Masks or redacts sensitive fields in requests and responses. |
| → Monitoring & Auditing | Logs all tool executions, policy decisions, and approvals for visibility and compliance. |
| **Your SaaS Product APIs (Tools)** | The underlying APIs or GraphQL endpoints of your product that perform the actual business actions. |


Together, these layers ensure that every interaction between an AI agent and your product is **secure, policy-driven, and fully observable** — allowing you to safely become an **AI-native platform**.

## Related topics

- [Overview](/agent-link/introduction/overview)
- [Getting Started → Quickstart](/agent-link/getting-started/quickstart)
- [Policies & Guardrails](/agent-link/policies/overview)
- [Data Protection](/agent-link/data-protection/overview)