# AgentLink overview

**AgentLink** helps **SaaS applications and organizations** make their products **AI-native** by securely exposing product capabilities to **AI platforms and agents** (e.g., ChatGPT, Claude, Gemini, and custom agents).
Your customers can then **ask, automate, and act** on your product through AI—while you retain **security, governance, and observability**.

AgentLink implements an **MCP (Model Context Protocol) Gateway** that fronts your APIs and tools, enforcing **authentication, authorization, guardrails, data protection, and auditing** for every agent-initiated action.

## What value does AgentLink unlock?

- **AI-native customer experiences** — Let customers use your product via natural language and autonomous agents.
- **Fast time-to-integrate** — Import tools from **OpenAPI** or **GraphQL** and expose them to agents in minutes.
- **Enterprise-grade control** — Centralize **RBAC/ABAC**, **policy guardrails**, **approvals**, and **data masking**.
- **Full observability** — Track who did what, when, why, and through which AI platform.
- **Multi-tenant by design** — Clean separation of tenants, claims-aware access, and per-tenant policy control.


## How AgentLink fits into your product

1. **You connect your product APIs** (REST/GraphQL) to **AgentLink** as **Tools**.
2. **Your customers connect their AI platform/agent** to your **AgentLink MCP gateway** from your app UI.
3. **Agents discover and call your tools** through AgentLink.
4. **AgentLink enforces** access control, policies, approvals, and **data protection**, then forwards requests to your APIs.
5. **All activity is monitored and auditable** for security and compliance.


## Core capabilities (at a glance)

| Capability | What it gives you |
|  --- | --- |
| **Tool Management** | Import from OpenAPI/GraphQL, enable/disable, edit definitions, track usage. |
| **Access Control (RBAC/ABAC)** | Map tools to **roles/permissions** using **JWT attributes** (tenant, role, scopes). |
| **Policies & Guardrails** | Conditional **Allow/Deny/Approval/Step-up** based on context (amount, resource, user, tenant). |
| **Approval Flows** | Human-in-the-loop for sensitive actions; approvers by role/email; email/SMS notifications. |
| **Data Protection** | **Mask/redact PII/PHI/PCI** and custom fields in tool inputs/outputs. |
| **Monitoring & Auditing** | End-to-end event trails: tool calls, policy decisions, admins, keys, configuration changes. |
| **Configuration** | API forwarding target, custom domain, secrets, timeouts, authentication, DCR. |


## Designed for SaaS, friendly to enterprise IT

- **Tenant-aware** by default (claims-driven controls).
- **Bring-your-auth**: use your JWTs/claims to drive access and entitlements.
- **Least-privilege for agents** via fine-grained tools and conditional policies.
- **Separation of duties** with approval flows and audit logs.


## Security & Compliance standpoint

- **Authentication & authorization** on every call.
- **Data minimization** via field-level masking and redaction.
- **Auditability** for SOC 2 / GDPR / HIPAA workflows.
- **Policy versioning** and change tracking through Monitoring.


## Get started

- **Onboarding flow (5 steps):** guided, chat-based setup of your MCP server and first tools.
- **Import your APIs:** point AgentLink to your **OpenAPI** or **GraphQL** schema.
- **Connect an AI platform:** let customers link ChatGPT/Claude/Gemini (or your in-app agent) to your MCP gateway.


> Continue with **[Getting Started → Quickstart](/agent-link/getting-started/quickstart)**.


## Related topics

- [Core Concepts](/agent-link/introduction/core-concepts)
- [Tools → About Tools](/agent-link/tools/about-tools)
- [Access Control](/agent-link/access-control/overview)
- [Policies & Guardrails](/agent-link/policies/overview)
- [Approval Flows](/agent-link/policies/approval-flows)
- [Data Protection](/agent-link/data-protection/overview)