A connection represents a dependency on an external application or service. It contains all the necessary information for agents, tools, knowledge bases, or virtual models to securely authenticate and interact with that external system.Documentation Index
Fetch the complete documentation index at: https://developer.watson-orchestrate.ibm.com/llms.txt
Use this file to discover all available pages before exploring further.
Types of connections
watsonx Orchestrate supports several types of authentication methods:- Basic, Bearer, and API Key: These methods pass the configured credentials directly to the consuming tool or service.
- OAuth: Orchestrate supports multiple OAuth flows, as defined in the OpenAPI specification. When using OAuth:
- Orchestrate authenticates the user interactively.
- It generates an
access_tokenon behalf of the user. - This token is securely passed to the downstream tool during execution.
OAuth-based connections currently only work when the user interacts with the agent through the watsonx Orchestrate UI (not embedded web chat).
- Pass arbitrary authentication configurations to Python tools.
- Securely provide environment variables to MCP toolkits.
- Configure connections to LLM providers through the AI Gateway.
Legendβ
Supported
β Not supported
π§ Partially supported (native agents only)
Support by tool type
| Authentication Kind | Python | OpenAPI | Agentic workflows [1] | Local MCP Toolkits | Remote MCP Toolkits | Langflow |
|---|---|---|---|---|---|---|
| Basic Auth | β | β | β | β | β | β |
| Bearer Token | β | β | β | β | β | β |
| API Key | β | β | β | β | β | β |
| OAuth (Client Credentials) [2] | β | β | β | β | β | β |
| OAuth (Auth Code) [2] | β | β | β | β | β | β |
| OAuth (Implicit) [2] | π§ | π§ | β | β | β | β |
| OAuth (Password) [2] | β | β | β | β | β | β |
| OAuth (SSO/IDP Flow) [3] | β | β | β | β | β | β |
| Key-Value | β | β | β | β | β | β |
[1] Tools built using Agentic workflows do not require connection support as connections within Agentic workflows are configured via their
downstream component tools.
[2] OAuth connections are currently only supported by agents in the watsonx Orchestrate integrated web chat ui.
[3] SSO/ IDP connections are only supported by agents in web chat embedded into a customerβs website.
[2] OAuth connections are currently only supported by agents in the watsonx Orchestrate integrated web chat ui.
[3] SSO/ IDP connections are only supported by agents in web chat embedded into a customerβs website.
Support for knowledge
| Authentication Kind | Milvus | Elastic Search | Custom Search |
|---|---|---|---|
| Basic Auth | β | β | β |
| Bearer Token | β | β | β |
| API Key | β | β | β |
| OAuth (Client Credentials) [2] | β | β | β |
| OAuth (Auth Code) [2] | β | β | β |
| OAuth (Implicit) [2] | β | β | β |
| OAuth (Password) [2] | β | β | β |
| OAuth (SSO/IDP Flow) [3] | β | β | β |
| Key-Value | β | β | β |
Support for member vs team
| Authentication Kind | member (per user) | team (shared) |
|---|---|---|
| Basic Auth | β | β |
| Bearer Token | β | β |
| API Key | β | β |
| OAuth (Client Credentials) | β | β |
| OAuth (Auth Code) | β | β |
| OAuth (Implicit) | π§ | π§ |
| OAuth (Password) | β | β |
| OAuth (SSO/IDP Flow) | β | β |
| Key-Value | β | β |
Support for AI Gateway
The AI Gateway supports onlykey-value connections.