About tools
Tools are the foundation of AgentLink.
They represent the actions from your SaaS product that AI agents can discover and use through your MCP server.
Once your APIs are imported into AgentLink, each endpoint becomes a Tool that can be safely executed by AI platforms like ChatGPT, Claude, Gemini, or custom MCP agents — with full security, access control, and monitoring.
What is a tool?
A Tool is a structured definition of an operation your product exposes via API.
It includes everything the AI agent needs to understand how to use it:
| Field | Description |
|---|---|
| Name | The unique name of the tool (e.g., create_expense_report). |
| Description | Human-readable summary explaining what the tool does. |
| Input schema | Defines the expected parameters or request body. |
| Output schema | Describes the response format. |
| Auth type | Specifies whether the tool requires authentication or is public. |
AI agents use these structured definitions to automatically understand how to call your APIs and interpret responses.
How tools work
When an AI platform connects to your MCP server:
- It discovers all available tools defined under your application.
- It reads their schemas and descriptions to understand how to use them.
- When the user asks for an action (e.g., “Create an expense report for $500”), the agent selects the right tool, fills in parameters, and executes it through the MCP gateway.
- AgentLink enforces authentication, access control, and policies before forwarding the request to your actual API.
Every tool execution is audited and monitored, giving you full visibility into who did what, when, and through which platform.
Tool examples
| Example | Description |
|---|---|
create_expense_report | Creates a new expense report for a given employee. |
get_customer_profile | Fetches the profile details of a customer. |
update_invoice_status | Updates the payment status of an invoice. |
search_orders | Retrieves a list of customer orders with filters. |
Tools can represent REST endpoints, GraphQL queries, or mutations — AgentLink supports both formats out of the box.
Tool security
Every tool is governed by AgentLink's security model:
- Access Control (RBAC / ABAC) – restrict tool visibility and usage based on user roles or JWT claims.
- Policies and Guardrails – enforce conditions (e.g., approval required for high-value actions).
- Data Protection – mask or redact sensitive information in tool inputs and outputs.
- Monitoring and Auditing – record every tool execution for accountability and compliance.
This ensures AI agents only perform actions that are safe and authorized.
Tool lifecycle
| Stage | Description |
|---|---|
| Imported | Added automatically when you upload your OpenAPI or GraphQL schema. |
| Enabled | Tool is active and available to AI agents. |
| Disabled | Tool remains defined but cannot be executed. |
| Edited | You can change metadata such as name, description, or visibility. |
| Deleted | Tool is permanently removed from your MCP server. |
You can manage tools at any time from the Tools screen in the AgentLink dashboard.
Tool analytics
Each tool includes usage analytics visible from the dashboard:
- Number of executions over time
- Most active AI platforms
- Success and failure rates
- Policy enforcement metrics
These insights help you identify which APIs are most valuable to your AI-integrated customers.
Best practices
- Give each tool a clear, descriptive name — AI agents rely on it to infer usage.
- Include rich descriptions so agents understand context (avoid vague verbs like “process” or “handle”).
- Disable unused or deprecated tools to reduce noise and improve clarity for AI agents.
- Review tool analytics regularly to identify high-value or underutilized features.