AI Agents and APIs: Understand Complexities Today to Authenticate Tomorrow

If you’re part of a dev team building enterprise applications, you might be developing an AI agent right now.  

You’re not alone. In Cloudera’s latest survey, “The Future of Enterprise AI Agents,” 96% of respondents reported plans to expand their use of AI agents in the next 12 months, with half aiming to do so organization-wide. 

Deploying these nifty multi-layered AI applications means building or buying multiple APIs to power them. It also means figuring out how to implement authentication and the proper security mechanisms for those services. If done incorrectly, you risk creating vulnerabilities that attackers could exploit. 

The growth of AI agents puts the need for robust API authentication practices front and center, so today we’re highlighting two AI agent scenarios and how you could deal with their typical authentication challenges. 

More AI Agents Mean Greater Potential for API Vulnerabilities 

Most AI agents need APIs to function and connect to systems, applications, data sources and other AI agents. As the number of AI agents grows, so does the number of APIs. Flaws in your API design, implementation, or configuration inevitably lead to security issues. 

Salt Labs’ most recent State of API Security report says that among the most frequently reported security challenges in production APIs are API authentication weaknesses (29%), which include:  

• Improper token handling: No expirations for tokens or mechanisms for revoking tokens. Other weaknesses in this category are storing tokens improperly or generating predictable tokens. 

• Predictable API keys: Keys are either too short or not random enough, making them easily guessable. 

• No authentication: Either authentication is missing, or the APIs won’t enforce authentication. 

APIs with authentication weaknesses are vulnerable to threats like credential stuffing and brute-force attacks. Protecting APIs from vulnerabilities and potential threats requires strong and effective authentication and a comprehensive security strategy. 

AI agents must handle authentication at two distinct levels: The AI agent itself and the APIs it uses. You must implement authentication so that the right users, services and applications can access and use the AI agent. Most agents also access external services, typically via APIs, which require proper credentials and authentication. 

While AI agents have these two levels of authentication, the focus here is on authenticating APIs. And, as APIs multiply, the attack surface becomes wider. 

Authenticating AI Agent APIs 

AI agents often make API calls on behalf of humans and machines. Implementing authentication can be challenging as the AI agent has to: 

• Make API calls machine-to-machine (M2M) and/or for human users 

• Maintain persistent access to systems without human intervention 

• Operate with the minimum permissions necessary to complete tasks 

• Store and manage credentials securely (APIs and human users) 

The following two sections provide use cases for dev teams building complex systems powered by AI agents. How would you handle authentication and security for the APIs the agents need to function and complete various tasks? 

Scenario #1: Travel AI Agent 

Your team is building an AI agent that helps customers plan and book trips — business, vacation, luxury, adventure and so on. The agent autonomously decides which APIs to call and in what sequence, accessing real-time data on flights, hotels, local transportation and weather. It automatically makes recommendations based on each customer’s unique preferences and its own contextual knowledge. 

This agent uses the following real-time APIs: 

• Weather data (read-only): Weather forecasts and current conditions for locations worldwide 

• Flight: Flight information, availability and booking 

• Hotel: Hotel information, availability and booking 

• Transportation: Local transportation information, availability and booking (e.g., taxi, bus, rideshare) 

In this scenario, the agent makes numerous third-party API calls on behalf of humans and itself (M2M). User interactions are often long-running. So, how would you implement authentication and the accompanying security measures? 

Your authentication choices depend on the protocols each API supports. Ideally, you look for third-party APIs that provide the real-time data your AI agent needs and support your preferred authentication methods. Let’s start with the read-only weather API. It supports authentication through: 

• An API key: You could use an API key for authentication and implement rate limiting to prevent resource exhaustion. However, API keys have significant security concerns, and this AI agent will likely have incredibly high call volumes. 

• OAuth 2.0: Specifically, the OAuth 2.0 Client Credentials Flow. This protocol requires systems to authenticate and authorize the application instead of a user, so it’s ideal for M2M applications. It also provides short-lived access tokens and fine-grained access control for better security. 

The flight, hotel and transportation APIs support authentication by API key and OAuth 2.0 flows. They also support: 

• Mutual TLS (mTLS): You could implement this authentication protocol for all API calls (human and machine). mTLS enables two-way authentication and encrypted communications. You can strengthen security by rotating credentials frequently and setting up tokens to expire automatically. 

Your choice of authentication and its proper implementation are critical to ensuring that the APIs your AI agent uses aren’t vulnerable to attacks.  

A key consideration in your decision should be whether your method allows you to apply zero-trust principles to the AI application and APIs. For example, mTLS forces both parties to verify who they are, but API keys don’t have that two-way verification. Security measures like rate limiting and automatic token expiration also matter, as they make it harder for external attackers to exploit the APIs. 

You also need to manage user sessions securely. For example, refresh tokens allow the agent to obtain a new access token before the current one expires, which prevents the need for re-authentication and mitigates session timeouts. Short-lived access tokens (OAuth 2.0, JWTs) shrink the window for attackers to reuse compromised tokens, reducing the risk of session replay attacks. 

On to the next scenario. 

Scenario #2: Automated Grocery Store Inventory Management 

Your team landed a project that involves adding custom AI agents to a national grocery store chain’s system. Store leadership wants the AI agents to automatically predict demand increases for specific products based on real-time weather events, for example, sudden spikes in ice cream purchases during a major heatwave. 

The agents autonomously decide on actions like tracking inventory levels as the heatwave progresses, replenishing orders for high-demand products and shipping orders to warehouses in the impacted areas. 

These are the APIs that assist ‌AI agents with the above: 

• Weather data (read-only, external): Provides weather forecasts for the areas where the grocery stores are located 

• Inventory: Monitors product inventory levels 

• Demand prediction: Analyzes real-time and historical grocery store data along with weather data to predict product demand 

• Supplier order: Manages replenishment orders and ships products to the designated warehouses 

All calls are M2M, which requires strong authentication protocols and security mechanisms. The weather API is from a third party, while the other APIs are internal, built in-house. You could implement the OAuth 2.0 Client Credentials Flow or mTLS for these APIs, like in the travel AI agent scenario. The inventory, demand prediction and supplier order APIs also support: 

• JSON Web Tokens (JWTs): For stronger security, you can configure JWTs to expire automatically, and the protocol requires cryptographic verification for validation. 

For your internal APIs, you should implement access control protocols for stronger security and follow the principle of least privilege (PoLP). Applying PoLP means users can only access what they need to perform their assigned tasks. Options for access control include: 

• Role-Based Access Control (RBAC): Prevents unauthorized access to your APIs, and most RBAC methods include logging to track user activities. RBAC is a common approach to access control, but often lacks the granularity required for complex systems. 

• Relationship-Based Access Control (ReBAC): ReBAC provides more fine-grained control over user permissions than RBAC. With this model, you can define relationships between users, roles and resources, ensuring access is appropriately restricted. 

By securely limiting access to resources based on user-resource relationships, AI agents have access only to the resources they need to perform their tasks. This granular access control reduces the risk of unauthorized access and security incidents, such as malware installations and data breaches. 

You’ve considered access control, but what about credentials? You’ll need to store credentials securely, perhaps with a secrets manager, like AWS Secrets Manager or Azure Key Vault. You should also have a fallback mechanism in case an AI agent’s credentials are revoked or expire before it completes its tasks.  

In this scenario, you’ve seen a complex system where multiple AI agents work together, making autonomous decisions involving M2M API calls. It’s up to devs to decide on and implement the critical components that result in strong authentication and security measures. But there are tools out there to help with the process.  

The Role of API Gateways in Authentication and Security 

The two scenarios both involve multiple APIs, numerous API calls and the potential for frequent long-running interactions. Effectively adding authentication and all the appropriate security measures is challenging, not to mention monitoring and managing all the APIs afterwards. So how do you make sure you’re handling these processes well? 

Short answer: Use a modern API gateway. 

Traditional API gateways served monolithic architectures, acting as intermediaries between clients and backend services. Typically, they managed access, traffic and authentication. However, the shift to microservices meant that API gateways had to evolve to handle multiple independent services and provide more functionality, security, scalability and performance. 

Modern API gateways leverage advanced technologies and provide more capabilities. You should look for one that offers: 

• Authentication and authorization: Gives you multiple authentication options (e.g., API keys, OAuth 2.0, TLS, mTLS, JWTs) and manages user permissions to access data or take certain actions 

• Rate limiting: Lets you set limits based on criteria like timeframe (e.g., requests per minute), user or API key and specific endpoints 

• Load balancing: Distributes traffic among backend services to maximize the scalability and availability of services 

• Real-time monitoring: Allows you to monitor key metrics, such as error rates, API response times and API request volumes 

• Identity and access management (IAM): Supporting IAM policies to provide the most commonly needed permissions for access 

• Integrations: Integration options typically depend on the roles the gateway plays in your architecture, most commonly for ingress, routing, authentication and/or observability  

The right API gateway saves you time and authentication headaches. It allows you to add security mechanisms that protect your APIs from external manipulation or attacks. 

Complex AI Applications Require Robust and Flexible Authentication 

This article covers two API authentication scenarios involving AI agents. However, there are myriad scenarios to explore, many with far higher stakes.  

Finance and healthcare companies, for example, must adhere to strict regulations regarding data handling. A single API vulnerability in an AI agent can cause a massive data breach that costs millions to remediate and millions more in regulatory fines and penalties.  

No matter what sector you’re in, it’s critical to understand how these complex AI applications work and their relationships with APIs. With greater insight, you can implement robust, flexible authentication processes that ensure AI agent, API and data integrity.