Amazon SageMaker Unified Studio is in preview release and is subject to change.
Call functions from your chat agent app
Amazon Bedrock IDE functions let a model include information that it has no previous knowledge of in its response. For example, you can use a function to include dynamic information in a model's response such as a weather forecast, sports results, or traffic conditions.
In Amazon Bedrock IDE, a function calls an API hosted outside of Amazon Bedrock IDE. You either create the API yourself, or use an existing API. To create an API, you can use Amazon API Gateway.
To use a function in Amazon Bedrock IDE you add a function component to your app. As part of the function, you define an OpenAPI schema for the API that you want the model to call. You also specify how to authenticate the call to the API. When a model receives a prompt, it uses the schema and the prompt to determine if an API should be called and the parameters that the API should receive. If the API is called, the response from the model includes the output from the API.
APIs that you call in a function must have a response size that is less than 20K.
When add a function to an app, you need to specify the app's system prompt. The system prompt needs to be at least 40 characters long and should mention the new skills that the new function introduces.
You can use functions in a chat agent app.
Topics
Function schema
Amazon Bedrock IDE has the following requirements for the schema that you use to create a function.
-
The function schema must be OpenAPI version 3.0.0
. -
The function schema must be in JSON or YAML format.
-
The function can have no authentication, API key authentication, Bearer token authentication, or basic authentication. For more information, see Authentication methods.
-
You can have 0 or 1 server URL.
-
All Operation Objects
must have a description. -
All Parameter Objects
must have a description. -
Security scheme object
must have a type that is either apiKey
orhttp
.When the type is
http
, the scheme field must either bebasic
orbearer
.When the type is
apiKey
, thein
property must bequery
orheader
. Also, thename
property must be defined. -
Amazon Bedrock IDE only honors globally-scoped security requirement
. For more information, see Valid components for globally-scoped security requirements. -
Parameters (parameter.in) must be pass passed through query or path. You can't use cookies or headers to pass parameters.
-
Parameters (parameter schema type) must be primitive types, arrays, or objects (one-level JSON). You can't pass complex nested objects.
-
Parameter content (parameter.content) is mutually exclusive with the schema. Schema is more commonly used. Use content only for more complex types, or for complex serialization scenarios that are not covered by style and explode.
-
Parameter style and explode values.
form
andtrue
for query,simple
andfalse
for paths). For more information, see Parameter Serialization. -
Request body content must be passed as
application/json
. -
The schema can have up to 5 APIs and an app can use up to 5 APIs across all functions. For the model to correctly choose function, it is important to provide detailed descriptions of the API, including parameters, properties, and responses.
Valid components for globally-scoped security requirements
Amazon Bedrock IDE only honors
globally-scoped
security requirements
When the requirement array contains a security scheme object with type http
and scheme of bearer
or basic
, the array must contain a single entry.
Amazon Bedrock IDE ignores further entries.
When the requirement array contains a security scheme object with type
apiKey
, you can have a maximum of 2 entries.
For example, if you have the following components
"components": { "securitySchemes": { "api_key_1": { "type": "apiKey", "name": "appid1", "in": "query" }, "api_key_2": { "type": "apiKey", "name": "appid2", "in": "header" }, "api_key_3": { "type": "apiKey", "name": "appid3", "in": "cookie" }, "bearer_1": { "type": "http", "scheme": "bearer", }, "bearer_2": { "type": "http", "scheme": "bearer", }, "basic_1": { "type": "http", "scheme": "basic", }, "basic_2": { "type": "http", "scheme": "basic", }, "http_digest": { "type": "http", "scheme": "digest" }, "oauth2_1": { "type": "oauth2" } } }
The following are valid:
# 1 API key "security": [ { "api_key_1": [] } ], # 2 API keys "security": { { "api_key_1": [], "api_key_2": [] } } # Bearer "security": { "bearer_1": [] } # Basic "security": { "basic_1": [] }
The following are invalid:
# Invalid: `type` must only be `apiKey` or `http` "security": { "oauth2_1": [] } # Invalid: `scheme` must only be `basic` or `bearer` if `type` is `http` "security": { "http_digest": [] } # Invalid: `security` must only contain 1 entry if `type` is `basic` or `bearer` "security": { "basic_1": [], "basic_2": [] } # Invalid: `security` must not contain varying security types "security": { "api_key_1": [], "basic_1": [] } # Invalid: API key must only have `in` property set to `header` or `query` "security": { "api_key_1": [], "api_key_3": [] } # Invalid: `security` must not have more than 2 API keys "security": { { "api_key_1": [], "api_key_2": [], "api_key_3": [] } }
Authentication methods
Amazon Bedrock IDE supports the following methods for authenticating function calls to an API server. If you authenticate a function call, make sure the credentials you provide are correct as Amazon Bedrock IDE doesn't verify the credentials before you use them in a function call.
-
No authentication – No authentication means that the client doesn't need to provide any credentials to access a resource or service. This method is typically used for publicly available resources that don't require any form of authentication.
-
API keys
– An API key is a unique identifier used to authenticate a client application and allow it to access an API or service. You can add a maximum of two keys. -
Bearer token
– A bearer token is an opaque string that represents an authentication credential. It is typically obtained after a successful authentication process, such as OAuth 2.0. This method allows the client to access protected resources without having to send the actual credentials (username and password) with each request. Note
Amazon Bedrock IDE is unable to assure whether the token is valid or has already expired. It is your responsibility to make sure that you provide a valid token, and to update the token to a new one before it expires. If the token expires, Amazon Bedrock won't be able to successfully call APIs with the token.
-
Basic authentication
– Basic authentication is a simple authentication scheme built into the HTTP protocol. The credentials are sent with every request, which can be a security concern if the connection is not secured using HTTPS. Basic authentication is generally considered less secure than other modern authentication methods and should be used with caution, especially in production environments.