# Supported targets for Amazon Bedrock AgentCore gateways Supported gateway targets Targets define the tools that your gateway will host. Amazon Bedrock AgentCore Gateway supports multiple target types that are detailed in the following topics. You can attach different credential providers to different targets, which lets you securely control access to targets. By adding targets, your gateway becomes a single MCP URL that enables access to all of the relevant tools for an agent. The following topics explain the target types that are supported for AgentCore Gateway and how they integrate into your gateway. You should review these pages to make sure that a resource that you want to add as a target for your gateway is compatible. The final topic discusses how target names are constructed for a gateway so you can understand how to incorporate them. **Topics** + [ # AWS Lambda function targets ](gateway-add-target-lambda.md) + [ # Amazon API Gateway REST API stages as targets ](gateway-target-api-gateway.md) + [ # OpenAPI schema targets ](gateway-schema-openapi.md) + [ # Smithy model targets ](gateway-building-smithy-targets.md) + [ # MCP servers targets ](gateway-target-MCPservers.md) + [ # Built-in templates from integration providers as targets ](gateway-target-integrations.md) + [ # Understand how AgentCore Gateway tools are named ](gateway-tool-naming.md) # AWS Lambda function targets Lambda functions Lambda targets allow you to connect your gateway to AWS Lambda functions that implement your tools. This is useful when you want to execute custom code in response to tool invocations. You create a Lambda function using the AWS Lambda service. In order to create the function, you should do the following: + Create a tool schema that defines the tools that your Lambda function can call. + Understand the Lambda input format. You can then follow the steps in the [AWS Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/) for **Building with** the language of your choice. After you create the function, you configure permissions for the gateway to be able to access it. Review the key considerations and limitations to help you decide whether a Lambda target is applicable to your use case. If it is, you can create the tool schema and the Lambda function and then set up permissions for the gateway to be able to access the target. Select a topic to learn more: **Topics** + [ ## Key considerations and limitations ](#gateway-building-lambda-limitations) + [ ## Lambda function tool schema ](#gateway-lambda-tool-schema) + [ ## Lambda function input format ](#gateway-building-lambda-input) ## Key considerations and limitations When working with Lambda targets, be aware of the following limitations and considerations: + Tool name prefixes will need to be manually stripped off from the toolname in your AWS Lambda function. For more information, see [Understand how AgentCore Gateway tools are named](gateway-tool-naming.md). + If you are using an existing AWS Lambda function and import it as a tool into the gateway, you will need to change the function code to account for a schema change for event and context objects + The Lambda function must return a valid JSON response that can be parsed by the gateway + Lambda function timeouts should be configured appropriately to handle the expected processing time of your tools + Consider implementing error handling in your LLambda function to provide meaningful error messages to the client ## Lambda function tool schema This section explains the structure of the tool schema that defines a tool that your Lambda function can return. After you define your tool schema, you can do one of the following: + Upload it to an Amazon S3 bucket and refer to the S3 location when you add the target to your gateway. + Paste the definition inline when you add the target to your gateway. Select a topic to learn more about the details of the tool schema or to see examples: **Topics** + [ ### Tool definition ](#gateway-lambda-tool-definition) + [ ### Top level schema definition for input and output schemas ](#gateway-lambda-top-level-schema-definition) + [ ### Property schema definition ](#gateway-lambda-property-schema-definition) + [ ### Example Lambda tool definitions ](#gateway-lambda-example) ### Tool definition When you add a Lambda function as a gateway target, you provide a [ToolDefinition](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ToolDefinition.html) when providing the target configuration. The structure of the tool definition is as follows: ``` { "name": "string", "description": "string", "inputSchema": { "type": "object", "description" "string", "properties": { "string": SchemaDefinition }, "required": ["string"] }, "outputSchema": { "type": "object", "description" "string", "properties": { "string": SchemaDefinition }, "required": ["string"] } } ``` The tool definition contains the following fields: + **name** (required) – The name of the tool. + **description** (required) – A description of the tool and its purpose and usage. + **inputSchema** (required) – A JSON object that defines the structure of the input that the tool accepts. + **outputSchema** (optional) – A JSON object that defines the structure of the output that the tool produces. The `inputSchema` and `outputSchema` fields both map to an object-type [SchemaDefinition](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SchemaDefinition.html) , described in the following section. ### Top level schema definition for input and output schemas The `inputSchema` and `outputSchema` fields at the top level of the tool definition both map to an object-type [SchemaDefinition](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SchemaDefinition.html) that contains the following fields: ``` { "type": "object", "description": "string", "properties": { "string": SchemaDefinition }, "required": ["string"] } ``` + **type** (required) – Must be `object`. + **description** (optional) – A description of the schema and its purpose and usage. + **properties** (optional) – A JSON object that defines the properties or arguments of the tool. Each key is a name of a property and maps to a [SchemaDefinition](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SchemaDefinition.html) object that defines the property. + **required** (optional) – An array that enumerates the properties that are reqired in the `properties` object. If you include a `properties` field to define arguments for the tool, you provide a schema definition for each argument. The different types of schema definitions are outlined in the next section. ### Property schema definition Each property in the top level `SchemaDefinition` maps to a [SchemaDefinition](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SchemaDefinition.html) object that has slightly different requirements from the top level schema definition. The available fields depend on the `type` for the property. To see the shape of the `SchemaDefinition` for a type, select from the following tabs: **Example** 1. The `SchemaDefinition` for a string property has the following structure: ``` { "type": "string", "description": "string" } ``` 1. The `SchemaDefinition` for a number property has the following structure: ``` { "type": "number", "description": "string" } ``` 1. The `SchemaDefinition` for a integer property has the following structure: ``` { "type": "integer", "description": "string" } ``` 1. The `SchemaDefinition` for a boolean property has the following structure: ``` { "type": "boolean", "description": "string" } ``` 1. The `SchemaDefinition` for an array property has the following structure: ``` { "type": "array", "description": "string", "items": SchemaDefinition } ``` The value of the `items` field is a `SchemaDefinition` that defines the structure of each item in the array. 1. The `SchemaDefinition` for an object property has the following structure and matches the top level property schema definition. ``` { "type": "object", "description": "string", "properties": { "string": SchemaDefinition }, "required": ["string"] } ``` If you include another object-type property, you will recursively add another `SchemaDefinition`. ### Example Lambda tool definitions Select a tab to see example tool definitions that you can include in your Lambda function. **Example** 1. The following `get_weather` tool requires a `location` string argument and can be used to return the weather for that location: ``` { "name": "get_weather", "description": "Get weather for a location", "inputSchema": { "type": "object", "properties": { "location": { "type": "string", "description": "the location e.g. seattle, wa" } }, "required": [ "location" ] } } ``` 1. The following `get_time` tool requires a `timezone` string argument and can be used to return the time for that timezone: ``` { "name": "get_time", "description": "Get time for a timezone", "inputSchema": { "type": "object", "properties": { "timezone": { "type": "string" } }, "required": [ "timezone" ] } } ``` ## Lambda function input format When an Amazon Bedrock AgentCore gateway invokes a Lambda function, it passes an `event` object and a `context` object to the function. The Lambda event handler that you write can access values in these objects. **Event object** A map of `properties` from the `inputSchema` to their values, as returned by the tool. For example, if your input schema contains the properties `keywords` and `category` , the event object could be the following: ``` { "keywords": "wireless headphones", "category": "electronics" } ``` **Context object** Contains the following metadata: + bedrockAgentCoreMessageVersion – The version of the message. + bedrockAgentCoreAwsRequestId – The ID of the request made to the Amazon Bedrock AgentCore service. + bedrockAgentCoreMcpMessageId – The ID of the message sent to the MCP server. + bedrockAgentCoreGatewayId – The ID of the gateway that was invoked. + bedrockAgentCoreTargetId – The ID of the gateway target that was invoked. + bedrockAgentCoreToolName– The name of the tool that was called. The tool name is in the format `${target_name}` *\$1* `${tool_name}`. The format of the context object is as follows: ``` { "bedrockAgentCoreMessageVersion": "1.0", "bedrockAgentCoreAwsRequestId": "string", "bedrockAgentCoreMcpMessageId": "string", "bedrockAgentCoreGatewayId": "string", "bedrockAgentCoreTargetId": "string", "bedrockAgentCoreToolName": "string" } ``` The Lambda function that you write can access the properties of the event and context object. You can use the following boilerplate code to get started: ``` # Access context properties in your Lambda function def lambda_handler(event, context): # Since the visible tool name includes the target name as a prefix, we can use this delimiter to strip the prefix delimiter = "___" # Get the tool name from the context originalToolName = context.client_context.custom['bedrockAgentCoreToolName'] toolName = originalToolName[originalToolName.index(delimiter) + len(delimiter):] # Get other context properties message_version = context.client_context.custom['bedrockAgentCoreMessageVersion'] aws_request_id = context.client_context.custom['bedrockAgentCoreAwsRequestId'] mcp_message_id = context.client_context.custom['bedrockAgentCoreMcpMessageId'] gateway_id = context.client_context.custom['bedrockAgentCoreGatewayId'] target_id = context.client_context.custom['bedrockAgentCoreTargetId'] # Process the request based on the tool name if tool_name == 'searchProducts': # Handle searchProducts tool pass elif tool_name == 'getProductDetails': # Handle getProductDetails tool pass else: # Handle unknown tool pass ``` # Amazon API Gateway REST API stages as targets API Gateway stages An API Gateway REST API target connects your gateway to a [stage](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-stages.html) of your REST API. The gateway translates incoming MCP requests into HTTP requests to your REST API and handles response formatting. When you add or update an API Gateway target, AgentCore Gateway calls API Gateway’s [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) API on your behalf. You can specify tool filters and tool overrides in your target configuration. Tool filters let you make specific resource path and HTTP method combinations available as tools on your gateway. These filters create an allow list that exposes only the operations you specify as tools. You can also configure your API Gateway REST API stage as a gateway target from the API Gateway console. To learn more, see [Add a stage to an AgentCore gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/mcp-server.html) in the Amazon API Gateway documentation. **Topics** + [ ## Key considerations and limitations ](#gateway-target-api-gateway-limitations) + [ ## API Gateway Tool Configuration ](#gateway-target-api-gateway-configuration) + [ ## API Gateway export ](#gateway-target-api-gateway-export) + [ ## Supported outbound authorization methods for an API Gateway API ](#gateway-target-api-gateway-outbound) ## Key considerations and limitations When using an API Gateway REST API stage as a target, keep in mind the following requirements and limitations: + Your API must be in the same account as your AgentCore Gateway. + Your API must be in the same Region as your AgentCore Gateway. + Your API must be an API Gateway REST API. We do not support API Gateway [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html) or [WebSocket APIs.](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html) + Your API must be configured with a public [endpoint type](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.htm) . Private endpoints are not supported. To create a Gateway Target that can access resources in your VPC, you should use a public endpoint and an [API Gateway private integration](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html). + If your REST API has a method that uses `AWS_IAM` authorization and requires an [API key](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) , AgentCore Gateway won’t support this method. It will be excluded from processing. + If your API uses a proxy resources, such as `/pets/{proxy+}` , AgentCore Gateway won’t support this method. + To set up your API Gateway Target, AgentCore Gateway calls API Gateway’s [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) API on your behalf to get an OpenAPI 3.0 formatted export of your REST API Definition. For more details on this and how it might affect your Target configuration, see [API Gateway Export.](#gateway-target-api-gateway-export) ## API Gateway Tool Configuration When you add an API Gateway REST API as a gateway target you need to provide an API Gateway tool configuration. The API Gateway tool configuration defines which operations from your REST API are exposed as tools. It requires a list of tool filters to select operations to expose, and optionally accepts tool overrides to customize tool metadata like tool names and descriptions. ### Tool Filters Tool filters allow you to select REST API operations using path and method combinations. Each filter supports two path matching strategies: + **Explicit paths** – Matches a single specific path, such as `/pets/{petId}` + **Wildcard paths** – Matches all paths starting with the specified prefix, such as /pets/\$1 Each filter specifies both a path and a list of HTTP methods. The filter resolves to matching combinations that exist in your API. Multiple filters can overlap and duplicates are automatically de-duplicated. ### Tool Overrides By default, the MCP tool name is taken from the `operationId` for each path and method combination that matches your filters. If there isn’t an `operationId` for a filter match, you’ll need a corresponding tool override that provides a name. If both the `operationId` and the override name are missing, target creation and updates will fail validation. For more information on tool names in AgentCore Gateway, see [Understand how AgentCore Gateway tools are named](gateway-tool-naming.md). Tool overrides are optional. They allow you to customize the tool name or description for specific operations after filtering. Each override must specify an explicit path and a single HTTP method. Wildcards are not supported. The override must match an operation that exists in your API and must correspond to one of the operations resolved by your filters. You cannot override operations that weren’t selected. If you are experiencing errors with imports from operations with out an `operationId` you can use a tool override instead. ### Example API Gateway tool configurations The following example API Gateway tool configurations show how to use filters and overrides. All examples use an API with the following paths and methods: ``` /pets/{petId} - GET /pets/{petId} - POST /pets/{petId} - OPTIONS /pets - GET /pets - OPTIONS / - GET ``` **Wild card path and list of methods** Tool Configuration: ``` { "filterPath": "/pets/*", "methods": ["GET", "POST"] } ``` **Result** + `GET /pets/{petId}` + `POST /pets/{petId}` **Explicit path and list of methods** Tool Configuration: ``` { "filterPath": "/pets/{petId}", "methods": ["GET", "POST"] } ``` **Result** + `GET /pets/{petId}` + `POST /pets/{petId}` **Explicit path and list of explicit method (most specific)** Tool Configuration: ``` { [ { "filterPath": "/pets/{petId}", "methods": ["POST"] }, { "filterPath": "/pets/{petId}", "methods": ["GET"] } ] } ``` **Result** + `GET /pets/{petId}` + `POST /pets/{petId}` **Mix and match an explicit and wildcard path:** Tool Configuration: ``` { [ { "filterPath": "/pets/{petId}", "methods": ["GET"] }, { "filterPath": "/*", "methods": ["GET"] } ] } ``` **Result** + `GET /pets/{petId}` + `GET /pets/` **Tool filter and tool override** You can provide a tool filter and add an override. The override specifies a resource path in the REST API, such as /pets, and an HTTP method to expose for the specified path. The override must explicitly match an existing path in the REST API. Tool Configuration ``` { "toolFilters": [ { "filterPath": "/pets/*", "methods": ["GET", "POST"] }, { "filterPath": "/", "methods": ["GET"] } ], "toolOverrides": [ { "path": "/pets/{petId}", "method": "GET", "name": "GetPetById", "description": "Retrieve a specific pet by its ID" } ] } ``` **Result** + `GET /pets/{petId}` – matched by the first `toolFilter` , but the name and description will be overridden based on the entry in `toolOverrides` + `POST /pets/{petId}` – matched by the first `toolFilter` but will use the `operationId` and `description` from the exported OpenAPI spec for tool name and description + `GET /` – matched by the second, explicit tool filter that names a path and a single method ## API Gateway export To set up your API Gateway target, AgentCore Gateway calls the [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) operation for API Gateway on your behalf to get an OpenAPI 3.0 formatted export of your API definition. This helps the gateway properly translate incoming MCP requests into HTTP requests and handle the response. The following are considerations for when AgentCore Gateway calls the GetExport operation: + The GetExport request is made with using a [Forward Access Session](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_forward_access_sessions.html) and uses the caller’s credentials. + The caller creating the target must have permissions to call [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) on the API in API Gateway. + The `GetExport` request will be logged in CloudTrail. + The exported API is subject to the same [considerations and limitations](gateway-schema-openapi.md#gateway-schema-openapi-considerations) as the OpenAPI target type. + The maximum size of an OpenAPI spec exported from API Gateway is 50 MB. ### Updating operationId on your REST API **Important** The exported OpenAPI specification must include `operationId` fields for all operations that you want to expose as tools. The `operationId` is used as the tool name in the MCP interface. You can update your REST API to ensure that the OpenAPI definition returned by [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) has `operationId` set. This is an alternative to providing a tool override. The following explains two ways to set the `operationId`. #### Set the operationID by updating your OpenAPI definition Export the OpenAPI definition from your deployed API stage by calling [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) , updating the operations that are missing `operationId` , and reimporting your API. 1. Export the OpenAPI definition from your deployed API stage by calling [GetExport](https://docs.aws.amazon.com/apigateway/latest/api/API_GetExport.html) . You can do this with the CLI: ``` aws apigateway get-export \ --rest-api-id rest-api-id \ --stage-name api-stage \ --export-type oas30 \ --parameters 'extensions=apigateway' \ '/path/to/api_oas30_template.json' ``` 1. Edit the OpenAPI definition manually to add the `operationId` to operations that are missing the property. 1. Import your updated OpenAPI definition with [PutRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_PutRestApi.html) . You can do this with the AWS CLI: ``` aws apigateway put-rest-api \ --rest-api-id rest-api-id \ --mode merge \ --body 'fileb:///path/to/api_oas30_template.json' ``` 1. Redeploy your API to your stage with the AWS CLI: ``` aws apigateway create-deployment \ --rest-api-id rest-api-id \ --stage-name api-stage \ --description 'deployment-description' ``` #### Set the `operationId` by updating your REST API’s method You can configure your API Gateway [Method](https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html) to add an `operationName` using the [UpdateMethod](https://docs.aws.amazon.com/apigateway/latest/api/API_UpdateMethod.html) command. When your API is exported, the `operationName` turns into the `operationId`. 1. Call [UpdateMethod](https://docs.aws.amazon.com/apigateway/latest/api/API_UpdateMethod.html) with the AWS CLI: ``` aws apigateway update-method \ --rest-api-id rest-api-id \ --resource-id resource-id \ --http-method http-method \ --patch-operations '[ { "op": "replace", "path": "/operationName", "value": operation-id } ]' ``` 1. Redeploy your API to your stage with the AWS CLI: ``` aws apigateway create-deployment \ --rest-api-id rest-api-id \ --stage-name api-stage \ --description 'deployment-description' ``` ## Supported outbound authorization methods for an API Gateway API You can configure your AgentCore Gateway target to make calls to your API with outbound authentication. **AgentCore Gateway supports the following types of outbound authorization for API Gateway Targets:** + **IAM-based outbound authorization** – Use the [gateway service role](gateway-prerequisites-permissions.md#gateway-service-role-permissions) to authenticate access to the gateway target with [Signature Version 4 (SigV4 or SigV4a)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) . Requires your API Gateway API to have IAM authorization enabled. + **API key** – call your API with an API key managed by AgentCore Gateway. This is not the same as [API keys](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in API Gateway. + **No authorization (not recommended)** – Some target types provide you the option to bypass outbound authorization. To learn more, see [Set up outbound authorization for your gateway](gateway-outbound-auth.md). ### IAM outbound authorization API Gateway allows you to secure your REST API with IAM. When IAM authorization is enabled, clients must use [Signature Version 4 (SigV4 or SigV4a)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) to sign their requests with AWS credentials. **To set up IAM outbound authorization** 1. Create an IAM role with the correct trust permissions according to [AgentCore Gateway service role permissions](gateway-prerequisites-permissions.md#gateway-service-role-permissions). 1. Add a policy to your role to allow the action `execute-api:Invoke` along with a resource that corresponds to the REST API Id and Stage you used to set up your target, such as the following policy: ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "execute-api:Invoke" ], "Resource": "arn:aws:execute-api:aws-region:account-id:rest-api-id/api-stage/*/*", "Effect": "Allow" } ] } ``` #### API Gateway resource policies API Gateway resource policies are JSON policy documents that you attach to an API Gateway REST API to control whether a specified principal can invoke the API. In order for AgentCore Gateway to call your REST API with a resource policy you must do the following: + Set the method authorization type to `AWS_IAM` for any REST API method you make available as a tool. + Configure your resource policy to allow the `bedrock-agentcore.amazonaws.com` principal to call your service. You can add additional principals to the policy. The following is an example of an API resource policy that grants AgentCore Gateway access to your REST API. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "bedrock-agentcore.amazonaws.com" }, "Action": "execute-api:Invoke", "Resource": "arn:aws:execute-api:us-west-2:111122223333:abcd123/*/*/*", "Condition": { "ArnEquals": { "aws:SourceArn": "arn:aws:bedrock-agentcore:us-west-2:111122223333:gateway/my-gateway-d4jrgkaske" } } } ] } ``` ### API key outbound authorization To set up outbound authorization with an API key, you use the AgentCore Identity service to create a credential provider and with an API key that you have configured for through API Gateway. **To set up API key outbound authorization** 1. Create an API Key in API Gateway according to [Set up API keys for REST APIs in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-setup-api-keys.html). 1. Follow the steps to [Set up outbound authorization with an API key](gateway-outbound-auth.md) , providing the API key that you created through API Gateway. # OpenAPI schema targets OpenAPI schemas OpenAPI (formerly known as Swagger) is a widely used standard for describing RESTful APIs. Gateway supports OpenAPI 3.0 specifications for defining API targets. OpenAPI targets connect your gateway to REST APIs defined using OpenAPI specifications. The Gateway translates incoming MCP requests into HTTP requests to these APIs and handles the response formatting. Review the key considerations and limitations, including feature support, to help you decide whether an OpenAPI target is applicable to your use case. If it is, you can create a schema that follows the specifications and then set up permissions for the gateway to be able to access the target. Select a topic to learn more: **Topics** + [ ## Key considerations and limitations ](#gateway-schema-openapi-considerations) + [ ## OpenAPI schema specification ](#gateway-openapi-schema) ## Key considerations and limitations **Important** The OpenAPI specification must include `operationId` fields for all operations that you want to expose as tools. The operationId is used as the tool name in the MCP interface. When using OpenAPI targets, keep in mind the following requirements and limitations: + OpenAPI versions 3.0 and 3.1 are supported (Swagger 2.0 is not supported) + The OpenAPI file must be free of semantic errors + The server attribute needs to have a valid URL of the actual endpoint + Only application/json content type is fully supported + Complex schema features like oneOf, anyOf, and allOf are not supported + Path parameter serializers and parameter serializers for query, header, and cookie parameters are not supported + Each LLM will have ToolSpec constraints. If OpenAPI has APIs/properties/object names not compliant to ToolSpec of the respective downstream LLMs, the data plane will fail. Common errors are property name exceeding the allowed length or the name containing unsupported character. For best results with OpenAPI targets: + Always include operationId in all operations + Use simple parameter structures instead of complex serialization + Implement authentication and authorization outside of the specification + Only use supported media types for maximum compatibility ### Security best practices for URL parameters **Warning** When defining server URLs in your OpenAPI specifications, avoid using overly permissive URL parameter patterns that could expose your gateway to security risks. URL parameters in OpenAPI server definitions allow dynamic endpoint configuration. However, certain patterns can introduce security vulnerabilities if not properly constrained. Specifically, avoid using fully dynamic domain patterns such as: + `https://{yourDomain}/` - Allows arbitrary domain substitution + `https://{subdomain}.{env}.{domain}.com` - Multiple unconstrained placeholders + `https://{host}/api/` - Unrestricted host parameter These patterns can potentially be exploited to: + Redirect requests to unintended or malicious endpoints + Access internal network resources (Server-Side Request Forgery) + Exfiltrate credentials or sensitive data **Recommended practices:** + Use fully qualified, static URLs whenever possible: `https://api.example.com/v1` + Limit parameters to subdomains within your controlled domain and implement validation in your application + Avoid using parameters that allow arbitrary domain or host substitution + Implement additional validation in your API to verify that runtime parameter values match expected patterns AgentCore Gateway automatically validates region parameters and blocks requests to private IP ranges. Example of a secure server URL configuration: ``` { "servers": [ { "url": "https://api.example.com/v1" } ] } ``` If dynamic parameters are necessary, use fully qualified domains with minimal placeholders and enum restrictions: ``` { "servers": [ { "url": "https://{tenant}.api.example.com/v1", "variables": { "tenant": { "default": "default-tenant", "description": "Customer tenant identifier", "enum": ["tenant1", "tenant2", "tenant3"] } } } ] } ``` This approach restricts URL parameters to specific subdomains within your controlled domain while maintaining flexibility for multi-tenant deployments. Using enum restrictions prevents arbitrary values and helps protect against SSRF attacks by limiting parameters to predefined, safe values. Additionally, always validate tenant values in your application logic. In considering using OpenAPI schema targets with AgentCore Gateway, review the following feature support table. ### OpenAPI feature support The following table outlines the OpenAPI features that are supported and unsupported by Gateway: | Supported Features | Unsupported Features | | --- | --- | | **Schema Definitions** Basic data types (string, number, integer, boolean, array, object) Required field validation Nested object structures Array definitions with item specifications | **Schema Composition** oneOf specifications anyOf specifications allOf specifications | | **HTTP Methods** Standard HTTP methods (GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS) | **Security Schemes** Security schemes at the OpenAPI specification level (authentication must be configured using the Gateway’s outbound authorization configuration) | | **Media Types** application/json application/xml multipart/form-data application/x-www-form-urlencoded | **Media Types** Custom media types beyond the supported list Binary media types | | **Path Parameters** Simple path parameter definitions (Example: /users/ \$1 userId\$1) | **Parameter Serialization** Complex path parameter serializers (Example: `/users { ;id\*} { ?metadata}`) Query parameter arrays with complex serialization Header parameter serializers Cookie parameter serializers | | **Query Parameters** Basic query parameter definitions Simple string, number, and boolean types | **Callbacks and Webhooks** Callback operations Webhook definitions | | **Request/Response Bodies** JSON request and response bodies XML request and response bodies Standard HTTP status codes (200, 201, 400, 404, 500, etc.) | **Links** Links between operations | ## OpenAPI schema specification The OpenAPI specification defines the REST API that your Gateway will expose. Refer to the following resources when setting up your OpenAPI specification: + For information about the format of the OpenAPI specification, see [OpenAPI Specification](https://swagger.io/specification/). + For information about supported and unsupported features when using an OpenAPI specification with AgentCore Gateway, see the table in [OpenAPI feature support](#gateway-schema-openapi-features) . Adhere to these requirements to prevent errors during target creation and invocation. After you define your OpenAPI schema, you can do one of the following: + Upload it to an Amazon S3 bucket and refer to the S3 location when you add the target to your gateway. + Paste the definition inline when you add the target to your gateway. Expand a section to see examples of supported and unsupported OpenAPI specifications: ### Supported OpenAPI specification Example 1 Following shows an example of a supported OpenAPI specification Example of a supported OpenAPI specification: ``` { "openapi": "3.0.0", "info": { "title": "Weather API", "version": "1.0.0", "description": "API for retrieving weather information" }, "servers": [ { "url": "https://api.example.com/v1" } ], "paths": { "/weather": { "get": { "summary": "Get current weather", "description": "Returns current weather information for a location", "operationId": "getCurrentWeather", "parameters": [ { "name": "location", "in": "query", "description": "City name or coordinates", "required": true, "schema": { "type": "string" } }, { "name": "units", "in": "query", "description": "Units of measurement (metric or imperial)", "required": false, "schema": { "type": "string", "enum": ["metric", "imperial"], "default": "metric" } } ], "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "type": "object", "properties": { "location": { "type": "string" }, "temperature": { "type": "number" }, "conditions": { "type": "string" }, "humidity": { "type": "number" } } } } } }, "400": { "description": "Invalid request" }, "404": { "description": "Location not found" } } } } } } ``` ### Supported OpenAPI Specification Example 2 Following shows another example of a supported OpenAPI specification. ``` { "openapi": "3.0.0", "info": { "title": "Search API", "version": "1.0.0", "description": "API for searching content" }, "servers": [ { "url": "https://api.example.com/v1" } ], "paths": { "/search": { "get": { "summary": "Search for content", "operationId": "searchContent", "parameters": [ { "name": "query", "in": "query", "description": "Search query", "required": true, "schema": { "type": "string" } }, { "name": "limit", "in": "query", "description": "Maximum number of results", "required": false, "schema": { "type": "integer", "default": 10 } } ], "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "type": "object", "properties": { "results": { "type": "array", "items": { "type": "object", "properties": { "title": { "type": "string" }, "url": { "type": "string" }, "snippet": { "type": "string" } } } }, "total": { "type": "integer" } } } } } }, "400": { "description": "Bad request" } } } } } } ``` ### Unsupported OpenAPI schema The following shows an example of an unsupported schema with oneOf: ``` { "oneOf": [ {"$ref": "#/components/schemas/Pencil"}, {"$ref": "#/components/schemas/Pen"} ] } ``` # Smithy model targets Smithy models Smithy is a language for defining services and software development kits (SDKs). Smithy models provide a more structured approach to defining APIs compared to OpenAPI, and are particularly useful for connecting to AWS services, such as AgentCore Gateway. Smithy model targets connect your AgentCore gateway to services that are defined using Smithy API models. When you invoke a Smithy model gateway target, the gateway translates incoming MCP requests into API calls that are sent to these services. The gateway also handles the response formatting. Review the key considerations and limitations, including feature support, to help you decide whether a Smithy target is applicable to your use case. If it is, you can create a schema that follows the specifications and then set up permissions for the gateway to be able to access the target. Select a topic to learn more: **Topics** + [ ## Key considerations and limitations ](#gateway-building-smithy-considerations) + [ ## Smithy model specification ](#gateway-smithy-models) ## Key considerations and limitations When using Smithy models with AgentCore Gateway, be aware of the following limitations: + Maximum model size: 10MB + Only JSON protocol bindings are fully supported + Only RestJson protocol is supported In considering using Smithy models with AgentCore Gateway, review the following feature support table. ### Security best practices for endpoint configuration **Warning** When defining endpoint rules and server URLs in your Smithy models, avoid using overly permissive URL parameter patterns that could expose your gateway to security risks. Smithy models support dynamic endpoint configuration through endpoint rules and URL parameters. However, certain patterns can introduce security vulnerabilities if not properly constrained. Specifically, avoid using fully dynamic patterns such as: + Unrestricted host or domain parameters in endpoint URLs: `https://{host}/api/v1` or `https://{domain}.example.com` + Multiple unconstrained placeholders in server URLs: `https://{subdomain}.{env}.{domain}.com` + Endpoint rules that allow arbitrary URL construction without validation These patterns can potentially be exploited to: + Redirect requests to unintended or malicious endpoints + Access internal network resources or instance metadata services (Server-Side Request Forgery) + Exfiltrate IAM credentials or sensitive data **Recommended practices:** + Use static, fully qualified endpoint URLs whenever possible + For AWS services, rely on standard endpoint resolution with validated region parameters. Gateway enforces AWS region validation for AWS services + If custom endpoint rules are required, constrain parameters to specific, validated values + Avoid exposing raw host or domain parameters in your Smithy model’s endpoint configuration For AWS service integrations, AgentCore Gateway automatically validates region parameters and blocks requests to private IP ranges. ### Smithy feature support for AgentCore Gateway The following table outlines the Smithy features that are supported and unsupported by Gateway: | Supported Features | Unsupported Features | | --- | --- | | **Service Definitions** Service structure definitions based on Smithy specifications Operation definitions with input/output shapes Resource definitions Trait shapes **Protocol Support** RestJson protocol Standard HTTP request/response patterns **Data Types** Primitive types (string, integer, boolean, float, double) Complex types (structures, lists, maps) Timestamp handling Blob data types **HTTP Bindings** Basic HTTP method bindings Simple path parameter bindings Query parameter bindings Header bindings for simple cases **Endpoint Rules** Endpoint rule sets Runtime endpoint determination based on conditions | **Protocol Support** RestXml protocol JsonRpc protocol AwsQuery protocol Ec2Query protocol Custom protocols **Authentication** Multiple egress authentication types for specific APIs Complex authentication schemes requiring runtime decisions **Operations** Streaming operations Operations requiring custom protocol implementations | ## Smithy model specification AgentCore Gateway provides built-in Smithy models for common AWS services. To see Smithy models for AWS services, see the [AWS API Models repository](https://github.com/aws/api-models-aws). **Note** AgentCore Gateway doesn’t support custom Smithy models for non-AWS services. After you define your Smithy model, you can do one of the following: + Upload it to an Amazon S3 bucket and refer to the S3 location when you add the target to your gateway. + Paste the definition inline when you add the target to your gateway. Expand a section to see examples of supported and unsupported Smithy model specifications: ### Example: Valid Smithy model for weather service The following example shows a valid Smithy model specification for a weather service: ``` { "smithy": "2.0", "metadata": { "suppressions": [] }, "shapes": { "example.weather#WeatherService": { "type": "service", "version": "1.0.0", "operations": [ { "target": "example.weather#GetCurrentWeather" } ], "traits": { "aws.protocols#restJson1": {}, "smithy.api#documentation": "Weather service for retrieving weather information" } }, "example.weather#GetCurrentWeather": { "type": "operation", "input": { "target": "example.weather#GetCurrentWeatherInput" }, "output": { "target": "example.weather#GetCurrentWeatherOutput" }, "errors": [ { "target": "smithy.framework#ValidationException" } ], "traits": { "smithy.api#http": { "method": "GET", "uri": "/weather" }, "smithy.api#documentation": "Get current weather for a location" } }, "example.weather#GetCurrentWeatherInput": { "type": "structure", "members": { "location": { "target": "smithy.api#String", "traits": { "smithy.api#required": {}, "smithy.api#httpQuery": "location", "smithy.api#documentation": "City name or coordinates" } }, "units": { "target": "example.weather#Units", "traits": { "smithy.api#httpQuery": "units", "smithy.api#default": "metric", "smithy.api#documentation": "Units of measurement (metric or imperial)" } } } }, "example.weather#GetCurrentWeatherOutput": { "type": "structure", "members": { "location": { "target": "smithy.api#String", "traits": { "smithy.api#documentation": "Location name" } }, "temperature": { "target": "smithy.api#Float", "traits": { "smithy.api#documentation": "Current temperature" } }, "conditions": { "target": "smithy.api#String", "traits": { "smithy.api#documentation": "Weather conditions description" } }, "humidity": { "target": "smithy.api#Float", "traits": { "smithy.api#documentation": "Humidity percentage" } } } }, "example.weather#Units": { "type": "enum", "members": { "metric": { "target": "smithy.api#Unit", "traits": { "smithy.api#enumValue": "metric" } }, "imperial": { "target": "smithy.api#Unit", "traits": { "smithy.api#enumValue": "imperial" } } } } } } ``` ### Example: Invalid Smithy model specification The following example shows an invalid endpoint rules configuration using Smithy: ``` @endpointRuleSet({ "rules": [ { "conditions": [{"fn": "booleanEquals", "argv": [{"ref": "UseFIPS"}, true]}], "endpoint": {"url": "https://weather-fips.{Region}.example.com"} }, { "endpoint": {"url": "https://weather.{Region}.example.com"} } ] }) ``` # MCP servers targets MCP servers targets MCP servers provide local tools, data access, or custom functions for your interactions with models and agents in Bedrock AgentCore. In Bedrock AgentCore, you can define a preconfigured MCP server as a target when creating a gateway. MCP servers host tools that agents can discover and invoke. In Bedrock AgentCore, you use a gateway to associate targets with tools and connect them to your agent runtime. You connect with external MCP servers through the `SynchronizeGatewayTargets` API that performs protocol handshakes and indexes available tools. For more information about installing and using MCP servers, see [Amazon Bedrock AgentCore MCP Server: Vibe coding with your coding assistant](mcp-getting-started.md). **Topics** + [ ## Key considerations and limitations ](#gateway-target-MCPservers-considerations) + [ ## Connecting to an OAuth-protected MCP server using Authorization Code flow ](#gateway-target-MCPservers-auth-code-grant-flow) + [ ## Configuring permissions ](#gateway-target-MCPservers-permissions) ## Key considerations and limitations Tool discovery is managed through the synchronization operation provided by the `SynchronizeGatewayTargets` API as follows. **Implicit Synchronization** Implicit synchronization is the automatic tool discovery and indexing that occurs during `CreateGatewayTarget` and `UpdateGatewayTarget` operations. Gateway immediately calls the MCP server’s tools/list capability to fetch available tools and make tools available in the unified catalog without requiring separate user action. **Explicit Synchronization** Manual tool catalog refresh triggered by calling the `SynchronizeGatewayTargets` API. Invoke this when the MCP server has changed its tool definitions. The API performs the discovery process on-demand, allowing users to control when Gateway updates its view of available tools. Synchronization is a critical mechanism for maintaining accurate tool catalogs when integrating MCP servers. Implicit synchronization occurs automatically during target creation and updates, where Gateway immediately discovers and indexes tools from the MCP server to ensure tools are available for semantic search and unified listing. Explicit synchronization is performed on-demand through the `SynchronizeGatewayTargets` API, allowing discovery of the MCP tool catalog when MCP servers independently modify their capabilities. **When to call SynchronizeGatewayTargets** Use this API whenever your MCP server’s tools change - whether adding new tools, modifying existing tool schemas, or removing deprecated tools. Since Gateway pre-computes vector embeddings for semantic search and maintains normalized tool catalogs, synchronization ensures users can discover and invoke the latest available tools across all target types. **How to call the API** Make a PUT request to /gateways/ \$1 gatewayIdentifier\$1/synchronize with the target ID in the request body. The API returns a 202 response immediately and processes synchronization asynchronously. Monitor the target status through GetGatewayTarget to track synchronization progress, as the operation can take several minutes for large tool sets. **Authorization strategy** The following types of the authorization strategy are supported. + No authorization – The gateway invokes the MCP server without preconfigured authorization. This approach is not recommended. + OAuth – The gateway supports both two-legged OAuth (Client Credentials grant type) and three-legged OAuth (Authorization Code grant type). You configure the authorization provider in Amazon Bedrock AgentCore Identity in the same account and Region for the gateway to make calls to the MCP server. + IAM ( [AWS Signature Version 4 (Sig V4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) ) – The gateway signs requests to the MCP server using SigV4 with the gateway service role credentials. You configure an `IamCredentialProvider` with a required service name for SigV4 signing and an optional Region (defaults to the gateway Region). **Important** IAM (SigV4) outbound authorization requires that the MCP server is hosted behind an AWS service that natively supports IAM authentication. The gateway signs outbound requests with SigV4 but does not modify the authentication configuration on the target. The target service must be able to verify SigV4 signatures. The following AWS services natively support IAM authentication and are compatible with IAM outbound authorization for MCP server targets: \$1 Amazon Bedrock AgentCore Gateway \$1 Amazon Bedrock AgentCore Runtime (see [Deploy MCP servers in AgentCore Runtime](runtime-mcp.md) ) \$1 Amazon API Gateway \$1 Lambda Function URLs Services that do not natively verify SigV4 signatures, such as Application Load Balancer or direct Amazon EC2 endpoints, are not compatible with IAM outbound authorization. If your MCP server is hosted behind one of these services, use OAuth or API key authorization instead. **Configuration considerations for MCP server targets** The following must be configured. 1. The MCP server must have tool capabilities. 1. Supported MCP protocol versions are - **2025-06-18** , **2025-03-26** , and **2025-11-25**. 1. For the provided URL/endpoint of the server, the URL should be encoded. The Gateway will use the same URL to invoke the server. 1. JSON Schema reference keywords such as `$ref` , `$defs` , `$anchor` , `$dynamicRef` , and `$dynamicAnchor` are not supported in the tool definitions returned by the MCP server’s `tools/list` response. If your MCP server returns tool schemas containing these keywords, the target creation or synchronization will fail. Ensure your MCP server returns fully resolved, self-contained JSON schemas without reference keywords. ## Connecting to an OAuth-protected MCP server using Authorization Code flow To support the Authorization Code grant type (three-legged OAuth) with MCP server targets, Amazon Bedrock AgentCore Gateway provides two methods for target creation. **Implicit sync during MCP server target creation** With this method, the admin user completes the authorization code flow during `CreateGatewayTarget` , `UpdateGatewayTarget` , or `SynchronizeGatewayTargets` operations using the authorization URL returned in the response. This allows Amazon Bedrock AgentCore Gateway to discover and cache the MCP server’s tools upfront. **Note** You cannot delete, update, or synchronize a target that is in a pending authorization state ( `CREATE_PENDING_AUTH` , `UPDATE_PENDING_AUTH` , or `SYNCHRONIZE_PENDING_AUTH` ). Wait for the authorization to complete or fail before performing further operations on the target. **Provide schema upfront during MCP server target creation** With this method, admin users provide the tool schema directly during `CreateGatewayTarget` or `UpdateGatewayTarget` operations using the `mcpToolSchema` field, rather than Amazon Bedrock AgentCore Gateway fetching them dynamically from the MCP server. Amazon Bedrock AgentCore Gateway parses the provided schema and caches the tool definitions. **Note** You cannot synchronize a target that has a static tool schema ( `mcpToolSchema` ) configured. Remove the static schema through an `UpdateGatewayTarget` call to enable dynamic tool synchronization. **URL Session Binding** [OAuth 2.0 authorization URL session binding](oauth2-authorization-url-session-binding.md) verifies that the user who initiated the OAuth authorization request is the same user who granted consent. After the user completes consent, the browser redirects back to a return URL configured on the target with a unique session URI. The application is then responsible for calling the [CompleteResourceTokenAuth](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html) API, presenting both the user’s identity and the session URI. Amazon Bedrock AgentCore Identity validates that the user who started the flow is the same user who completed it before exchanging the authorization code for an access token. This prevents a scenario where a user accidentally shares the authorization URL and someone else completes the consent, which would grant access tokens to the wrong party. The authorization URL and session URI are only valid for 10 minutes, further limiting the window for misuse. Session binding applies during target creation (implicit sync) and during tool invocation. **Note** When performing target operations (Create, Update, or Synchronize) and authorization through the AWS Management Console, the [CompleteResourceTokenAuth](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html) call is made on behalf of the resource owner, requiring no further action after authorization. ## Configuring permissions The IAM role which you use to create, update or synchronize MCP servers targets should have the permissions shown in the following example. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock-agentcore:CreateGateway", "bedrock-agentcore:GetGateway", "bedrock-agentcore:CreateGatewayTarget", "bedrock-agentcore:GetGatewayTarget", "bedrock-agentcore:SynchronizeGatewayTargets", "bedrock-agentcore:UpdateGatewayTarget" ], "Resource": "arn:aws:bedrock-agentcore:*:*:*gateway*" }, { "Effect": "Allow", "Action": [ "bedrock-agentcore:CreateWorkloadIdentity", "bedrock-agentcore:GetWorkloadAccessToken", "bedrock-agentcore:GetWorkloadAccessTokenForUserId", "bedrock-agentcore:GetResourceOauth2Token", "bedrock-agentcore:CompleteResourceTokenAuth", "secretsmanager:GetSecretValue" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:EnableKeyRotation", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey*", "kms:ReEncrypt*", "kms:CreateAlias", "kms:DisableKey", "kms:*" ], "Resource": "arn:aws:kms:*:123456789012:key/*" } ] } ``` # Built-in templates from integration providers as targets Integration provider templates Amazon Bedrock AgentCore lets you add open source templates from the following integration providers as targets in your gateway: + Amazon + Asana + BambooHR + Brave + Confluence + Jira + Microsoft + PagerDuty + Salesforce + ServiceNow + Slack + Smartsheet + Tavily + Zendesk + Zoom **Topics** + [ ## Key considerations and limitations ](#gateway-target-integrations-considerations) + [ ## Supported APIs by template ](#gateway-target-integrations-supported-apis) ## Key considerations and limitations When using templates from integration providers as targets, keep in mind the following requirements and limitations: + You can only add an integration provider template as a target through the AWS Management Console and not through the API. + Amazon Bedrock AgentCore doesn’t host any servers natively, so you must set up server hosting yourself. After you add the template, you can invoke the server URL that you set up using the authorization that you configure. + Amazon Bedrock AgentCore supports a subset of APIs that the provider supports for interacting with these templates. For a list of APIs supported by AgentCore, see [Supported APIs by template](#gateway-target-integrations-supported-apis). ## Supported APIs by template This section lists the APIs that are supported for each template from an integration provider. To learn more about a specific API and schemas, do the following: + Search for the provider’s API documentation. + Send a `tools/list` call to the target after setting it up. The following sections show, for each template, the [outbound authentication](gateway-outbound-auth.md) types supported, the server URL, and the supported APIs and their paths. **Note** If an API path has a replaceable `{variable}` , pass the variable in the `params` field of the JSON RPC request. Select a topic to learn about which APIs are supported for each template: **Topics** + [ ### Agents for Amazon Bedrock Runtime ](#gateway-target-integrations-supported-apis-bedrock-agent-runtime) + [ ### Amazon Bedrock Runtime ](#gateway-target-integrations-supported-apis-bedrock-runtime) + [ ### Amazon CloudWatch ](#gateway-target-integrations-supported-apis-cloudwatch) + [ ### Amazon DynamoDB ](#gateway-target-integrations-supported-apis-amazon-dynamodb) + [ ### Asana ](#gateway-target-integrations-supported-apis-asana) + [ ### BambooHR ](#gateway-target-integrations-supported-apis-bamboohr) + [ ### Brave Search ](#gateway-target-integrations-supported-apis-brave-search) + [ ### The Confluence Cloud REST API v2 ](#gateway-target-integrations-supported-apis-confluence) + [ ### The Jira Cloud platform ](#gateway-target-integrations-supported-apis-jira) + [ ### Microsoft Exchange ](#gateway-target-integrations-supported-apis-microsoft-exchange) + [ ### Microsoft OneDrive ](#gateway-target-integrations-supported-apis-onedrive) + [ ### Microsoft SharePoint ](#gateway-target-integrations-supported-apis-sharepoint) + [ ### Microsoft Teams ](#gateway-target-integrations-supported-apis-microsoft-teams) + [ ### PagerDuty Advance ](#gateway-target-integrations-supported-apis-pagerduty) + [ ### Salesforce Lightning Platform ](#gateway-target-integrations-supported-apis-salesforce) + [ ### ServiceNow ](#gateway-target-integrations-supported-apis-servicenow) + [ ### Slack Web ](#gateway-target-integrations-supported-apis-slack) + [ ### Smartsheet ](#gateway-target-integrations-supported-apis-smartsheet) + [ ### Tavily Search ](#gateway-target-integrations-supported-apis-tavily) + [ ### Zendesk Suite ](#gateway-target-integrations-supported-apis-zendesk) + [ ### Zoom ](#gateway-target-integrations-supported-apis-zoom) ### Agents for Amazon Bedrock Runtime The following list provides key information for this template + Server URL – https://bedrock-agent-runtime. `{region}` .amazonaws.com Replace `{region}` with an actual value. Look up supported Regions at [Agents for Amazon Bedrock runtime APIs](https://docs.aws.amazon.com/general/latest/gr/bedrock.html#bra-rt). + Outbound authentication types accepted: + IAM credentials of gateway service role To learn more about the Amazon Bedrock Agents Runtime API, see the [Agents for Amazon Bedrock API reference](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_Operations_Agents_for_Amazon_Bedrock_Runtime.html) The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | CreateSession | / | Creates a session to temporarily store conversations for generative AI applications. | | POST | DeleteAgentMemory | / | Deletes a memory from an agent. | | POST | DeleteSession | / | Deletes a session for temporarily storing conversations for generative AI applications. | | POST | EndSession | / | Ends a session for temporarily storing conversations for generative AI applications. | | POST | GenerateQuery | / | Generates a query to submit to an Amazon Bedrock knowledge base. | | POST | GetAgentMemory | / | Gets a memory from an agent. | | POST | GetSession | / | Gets a session for temporarily storing conversations for generative AI applications. | | POST | InvokeAgent | / | Invokes an Amazon Bedrock agent. | | POST | InvokeInlineAgent | / | Invokes an agent that you define inline. | | POST | ListSessions | / | Lists sessions for temporarily storing conversations for generative AI applications. | | POST | ListTagsForResource | / | Lists tags for an Agents for Amazon Bedrock Runtime resource. | | POST | OptimizePrompt | / | Optimizes a prompt for a specific task. | | POST | Rerank | / | Reranks the relevance of cited sources based on a query. | | POST | Retrieve | / | Retrieves results from querying a knowledge base. | | POST | RetrieveAndGenerate | / | Generate a natural language response based on results retrieved from querying a knowledge base. | | POST | TagResource | / | Tag an Agents for Amazon Bedrock resource. | | POST | UntagResource | / | Untag an Agents for Amazon Bedrock resource. | | POST | UpdateSession | / | Update a session for temporarily storing conversations for generative AI applications. | ### Amazon Bedrock Runtime The following list provides key information for this template + Server URL – https://bedrock-runtime. `{region}` .amazonaws.com Replace `{region}` with an actual value. look up supported Regions at [Amazon Bedrock runtime APIs](https://docs.aws.amazon.com/general/latest/gr/bedrock.html#br-rt) ). + Outbound authentication types accepted: + IAM credentials of gateway service role The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | Converse | / | Invoke an Amazon Bedrock model to generate a response in a conversational interface. | | POST | ApplyGuardrail | / | Apply a guardrail to content. | | POST | InvokeModel | / | Invoke an Amazon Bedrock model to generate a response for a prompt. | ### Amazon CloudWatch The following list provides key information for this template + Server URL – https://monitoring. `{region}` .amazonaws.com Replace `{region}` with an actual value. Look up supported Regions at [Amazon CloudWatch endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/cw_region.html). + Outbound authentication types accepted: + IAM credentials of gateway service role The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | DescribeAlarmHistory | / | Retrieve the history for an alarm you’ve set up. | | POST | DescribeAlarms | / | Retrieve information about specific alarms. | | POST | DescribeAlarmsForMetric | / | Retrieve information about alarms for a metric. | | POST | DescribeAnomalyDetectors | / | Retrieve anomaly detection models that you’ve created in your account. | | POST | DescribeInsightRules | / | Retrieve a list of Contributor Insights rules in your account. | | POST | DisableAlarmActions | / | Disable actions for the specified alarms. | | POST | DisableInsightRules | / | Disable the specified Contributor Insights rules. | | POST | GetDashboard | / | Display the details of the dashboard that you specify. | | POST | GetInsightRuleReport | / | Get the time series data collected by a Contributor Insights rule. | | POST | GetMetricData | / | Get metric values. | | POST | GetMetricStatistics | / | Get statistics for a specified metric. | | POST | GetMetricStream | / | Get information about a metric stream. | | POST | GetMetricWidgetImage | / | Get a snapshot graph of a metric as a bitmap image. | | POST | ListDashboards | / | Return a list of dashboards. | | POST | ListManagedInsightRules | / | Return a list of managed Contributor Insights rules. | | POST | ListMetricStreams | / | Return a list of metric streams. | | POST | ListMetrics | / | Retrieve a list of metrics. | | POST | ListTagsForResource | / | List tags for a CloudWatch resource. | ### Amazon DynamoDB The following list provides key information for this template + Server URL – https://dynamodb. `{region}` .amazonaws.com Replace `{region}` with an actual value. Look up supported Regions at [Amazon DynamoDB endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/ddb.html). + Outbound authentication types accepted: + IAM credentials of gateway service role The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | BatchExecuteStatement | / | Perform batch read or writes on data using PartiQL. | | POST | BatchGetItem | / | Returns the attributes of items from one or more tables. | | POST | BatchWriteItem | / | Puts or deletes items in one or more tables. | | POST | CreateBackup | / | Create a backup for a table. | | POST | CreateTable | / | Create a table. | | POST | DeleteItem | / | Delete an item from a table. | | POST | DeleteTable | / | Delete a table and all its items. | | POST | DescribeBackup | / | Get information about a backup. | | POST | DescribeContinuousBackups | / | Check the status of continuous backups and point in time recovery on a specified table. | | POST | DescribeEndpoints | / | Return regional endpoint information. | | POST | DescribeLimits | / | Return your current provisioned-capacity quotas for your account in an AWS Region and for a table you create in it. | | POST | DescribeTable | / | Get information about a table. | | POST | DescribeTimeToLive | / | Get information about the time to live (TTL) status on a specified table. | | POST | ExecuteStatement | / | Perform a read or singleton write on data using PartiQL. | | POST | ExecuteTransaction | / | Perform transactional reads or writes on data using PartiQL. | | POST | GetItem | / | Get a set of attributes for an item in your data. | | POST | GetResourcePolicy | / | Get a resource-based IAM policy attached to a resource, such as a table or stream. | | POST | ListBackups | / | List backups for a table. | | POST | ListGlobalTables | / | List all global tables that have a replica in the specified Region. | | POST | ListTables | / | List table names associated with an account and endpoint. | | POST | ListTagsOfResource | / | List the tags for a DynamoDB resource. | | POST | PutItem | / | Create or update an item in a table. | | POST | PutResourcePolicy | / | Attach a resource-based IAM policy to a resource, such as a table or stream. | | POST | Query | / | Return the results for a database query. | | POST | Scan | / | Return items and item attributes by accessing every item in a table or secondary index. | | POST | TagResource | / | Add a tag to a DynamoDB resource. | | POST | TransactGetItems | / | Retrieve items from one or more tables in the same account and Region. | | POST | TransactWriteItems | / | Carry out the specified action on items in one or more tables in the same account and Region. | | POST | UntagResource | / | Remove a tag from a DynamoDB resource. | | POST | UpdateItem | / | Modify an item’s attributes or add the item to the table if it doesn’t exist. | | POST | UpdateTable | / | Modify provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a table. | ### Asana The following list provides key information for this template + Server URL – https://app.asana.com/api/1.0 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | createTask | /tasks | Create new task in workspace | | PUT | updateTask | /tasks/ `{task_gid}` | Update existing task details | ### BambooHR The following list provides key information for this template + Server URL – https://api.bamboohr.com/api/gateway.php/ `{companyDomain}` + Outbound authentication types accepted: + OAuth2 The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | getCompanyInformation | /v1/company\$1information | View company details | | GET | getCompanyEINs | /v1/company\$1eins | View company tax IDs | | GET | getEmployee | /v1/employees/ `{employeeId}` | Retrieve employee information | | POST | updateEmployee | /v1/employees/ `{employeeId}` | Update employee information | | POST | addEmployee | /v1/employees | Add new employee with basic info | | GET | getEmployeesDirectory | /v1/employees/directory | View employee directory | | GET | getTimeOffTypes | /v1/meta/time\$1off/types | View types of time off | | GET | getTimeOffPolicies | /v1/meta/time\$1off/policies | View time off policy list | | GET | getTimeOffRequests | /v1/time\$1off/requests | View time off requests | | PUT | addTimeOffRequest | /v1/employees/ `{employeeId}` /time\$1off/request | Submit time off request | | PUT | changeRequestStatus | /v1/time\$1off/requests/ `{requestId}` /status | Update time off request status | | PUT | adjustTimeOffBalance | /v1/employees/ `{employeeId}` /time\$1off/balance\$1adjustment | Adjust employee time off balance | | PUT | assignTimeOffPolicies | /v1\$11/employees/ `{employeeId}` /time\$1off/policies | Assign employee time off policies | | GET | listTimeOffPolicies | /v1/employees/ `{employeeId}` /time\$1off/policies | View time off policies | | GET | estimateFutureTimeOffBalances | /v1/employees/ `{employeeId}` /time\$1off/calculator | Calculate future time off estimates | | GET | getWhosOutList | /v1/time\$1off/whos\$1out | See who’s on leave | | GET | listEmployeeFiles | /v1/employees/ `{employeeId}` /files/view | View employee documents | | POST | uploadEmployeeFile | /v1/employees/ `{employeeId}` /files | Upload Employee File | | GET | getEmployeeTableRow | /v1/employees/ `{employeeId}` /tables/ `{table}` | Get employee table data | ### Brave Search The following list provides key information for this template + Server URL – https://api.search.brave.com/res/v1 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | BraveWebSearch | /web/search | Performs a web search query | ### The Confluence Cloud REST API v2 The following list provides key information for this template + Server URL – https:// `{sub-domain}` .atlassian.net + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | getPages | /wiki/api/v2/pages | Get pages | | POST | createPage | /wiki/api/v2/pages | Create page | | PUT | updatePage | /wiki/api/v2/pages/ `{id}` | Update page | | GET | getPageById | /wiki/api/v2/pages/ `{id}` | Get page by id | | GET | searchByCQL | /wiki/rest/api/search | Search content | | GET | getSpaces | /wiki/api/v2/spaces | Get spaces | ### The Jira Cloud platform The following list provides key information for this template + Server URL – https://api.atlassian.com/ex/jira/ `{customerInstanceId}` + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | moveIssuesToBacklog | /rest/agile/1.0/backlog/issue | Move issues to backlog | | GET | GetAllBoards | /rest/agile/1.0/board | Get boards | | GET | getBoard | /rest/agile/1.0/board/ \$1 boardId\$1 | Get board | | GET | getAllSprints | /rest/agile/1.0/board/ \$1 boardId\$1/sprint | Get all sprints | | POST | createSprint | /rest/agile/1.0/sprint | Create sprint | | DELETE | deleteSprint | /rest/agile/1.0/sprint/ \$1 sprintId\$1 | Delete sprint | | GET | getSprint | /rest/agile/1.0/sprint/ \$1 sprintId\$1 | Get sprint | | PUT | updateSprint | /rest/agile/1.0/sprint/ \$1 sprintId\$1 | Update sprint | | POST | moveIssuesToSprintAndRank | /rest/agile/1.0/sprint/ \$1 sprintId\$1/issue | Move issues to sprint and rank | | GET | getAttachmentContent | /rest/api/3/attachment/content/ `{id}` | Get attachment content | | POST | createIssue | /rest/api/3/issue | Create an issue | | PUT | editIssue | /rest/api/3/issue/ \$1 issueIdOrKey\$1 | Edit issue | | GET | getIssue | /rest/api/3/issue/ \$1 issueIdOrKey\$1 | Get issue | | DELETE | deleteIssue | /rest/api/3/issue/ \$1 issueIdOrKey\$1 | Delete issue | | POST | addAttachment | /rest/api/3/issue/ \$1 issueIdOrKey\$1/attachments | Add attachment | | GET | getComments | /rest/api/3/issue/ \$1 issueIdOrKey\$1/comment | Get comments | | POST | addComment | /rest/api/3/issue/ \$1 issueIdOrKey\$1/comment | Add comment | | DELETE | deleteComment | /rest/api/3/issue/ \$1 issueIdOrKey\$1/comment/ `{id}` | Delete comment | | PUT | updateComment | /rest/api/3/issue/ \$1 issueIdOrKey\$1/comment/ `{id}` | Update comment | | GET | getTransitions | /rest/api/3/issue/ \$1 issueIdOrKey\$1/transitions | Get transitions | | POST | DoTransition | /rest/api/3/issue/ \$1 issueIdOrKey\$1/transitions | Transition issue | | GET | getIssueTypesForProject | /rest/api/3/issuetype/project | Get issue types for project | | GET | getAllLabels | /rest/api/3/label | Get all labels | | GET | getPriorities | /rest/api/3/priority | Get priorities | | POST | createProject | /rest/api/3/project | Create project | | GET | listProjects | /rest/api/3/project | Get all projects | | GET | searchProjects | /rest/api/3/project/search | Get projects paginated | | DELETE | deleteProject | /rest/api/3/project/ \$1 projectIdOrKey\$1 | Delete project | | GET | getProject | /rest/api/3/project/ \$1 projectIdOrKey\$1 | Get project | | PUT | updateProject | /rest/api/3/project/ \$1 projectIdOrKey\$1 | Update project | | GET | searchStatuses | /rest/api/3/statuses/search | Search statuses paginated | | GET | SearchIssues | /rest/api/3/search/jql | Search for issues using JQL enhanced search (GET) | | GET | getAllUsers | /rest/api/3/users | Get all users default | | GET | findUsers | /rest/api/3/user/search | Find users | ### Microsoft Exchange The following list provides key information for this template + Server URL – https://graph.microsoft.com/v1.0 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | sendUserEmail | /users/ `{userId}` /microsoft.graph.sendMail | Send Email | | GET | listUserMails | /users/ `{userId}` /messages | Get messages from users | | GET | ListFolderMessage | /users/ `{userId}` /mailFolders/ `{mailFolderId}` /messages | Get messages from users | | GET | getEmailById | /users/ `{userId}` /messages/ `{messageId}` | Get messages from users | | PATCH | updateEmail | /users/ `{userId}` /messages/ `{messageId}` | Update the navigation property messages in users | | DELETE | deleteEmail | /users/ `{userId}` /messages/ `{messageId}` | Delete navigation property messages for users | | POST | moveEmailToFolder | /users/ `{userId}` /messages/ `{messageId}` /move | Move Email to Folder | | POST | forwardUserEmail | /users/ `{userId}` /messages/ `{messageId}` /forward | Forward User Email | | POST | replyToEmail | /users/ `{userId}` /messages/ `{messageId}` /reply | Reply to a message | | GET | listEmailAttachment | /users/ `{userId}` /messages/ `{messageId}` /attachments | Get attachments from users | | GET | getAttachmentById | /users/ `{userId}` /messages/ `{messageId}` /attachments/ `{attachmentId}` | Get attachments from users | | GET | listCalendarEvents | /users/ `{userId}` /calendar/events | Get events from users | | POST | createCalendarEvent | /users/ `{userId}` /calendar/events | Create new navigation property to events for users | | PATCH | updateCalendarEvent | /users/ `{userId}` /calendar/events/ `{eventId}` | Update the calender events in users | | POST | findMeetingTimes | /users/ `{userId}` /findMeetingTimes | Suggest meeting times and locations | | GET | listMailFolders | /users/ `{userId}` /mailFolders | Get mailFolders from users | | GET | listContacts | /users/ `{userId}` /contacts | Get contacts from users | | GET | listUsers | /users | List users | | GET | getUser | /users/ `{userId}` | Get a user | | GET | getMailboxSettings | /users/ `{userId}` /mailboxSettings | Get current mailbox settings of the user. | | GET | listPlaces | /places/microsoft.graph.room | List places | ### Microsoft OneDrive The following list provides key information for this template + Server URL – https://graph.microsoft.com/v1.0 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | getUser | /users/ `{userId}` | Get a user | | GET | getDrive | /users/ `{userId}` /drive | Get drive from users | | GET | listItem | /users/ `{userId}` /drive/root/children | Get items from users | | POST | createItem | /users/ `{userId}` /drive/root/children | Create new navigation property to items for users | | GET | getItem | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` | Get items from users | | PATCH | updateItem | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` | Update file or folder metadata | | DELETE | deleteItem | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` | Delete navigation property items for users | | GET | listChildren | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /children | Get children from users | | POST | copyItem | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /copy | Copy item within a drive | | POST | addPermisions | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /invite | Add permission | | PUT | uploadFile | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` :/ `{fileName}` :/content | Upload new file | | POST | addSheet | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/add | Add worksheet | | GET | readSheet | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` | Get worksheets from drives | | PATCH | updateSheet | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` | Update worksheet | | DELETE | deleteSheet | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` | Delete worksheet | | GET | readCell | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /cell(row= `{row}` ,column= `{column}` ) | Read cell within a sheet | | PATCH | writeCell | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /cell(row= `{row}` ,column= `{column}` ) | Write cell within a sheet | | GET | readRange | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ') | Read range | | PATCH | writeRange | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ') | Write range | | POST | deleteRange | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ')/delete | Delete Range within a sheet | | GET | listSheets | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets | Get worksheets from drives | | GET | readUsedRange | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /usedRange | Read used range of a sheet | | POST | clearRange | /users/ `{userId}` /drives/ `{driveId}` /items/ `{driveItemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ')/clear | Clear range within a sheet | ### Microsoft SharePoint The following list provides key information for this template + Server URL – https://graph.microsoft.com/v1.0 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | listSites | /sites | Search for sites | | GET | getSite | /sites/ `{siteId}` | Get a site resource | | GET | listLists | /sites/ `{siteId}` /lists | Get lists in a site | | GET | getList | /sites/ `{siteId}` /lists/ `{listId}` | List operations on a list | | GET | listItem | /sites/ `{siteId}` /lists/ `{listId}` /items | Enumerate items in a list | | POST | createItem | /sites/ `{siteId}` /lists/ `{listId}` /items | Create a new item in a list | | GET | getItem | /sites/ `{siteId}` /lists/ `{listId}` /items/ `{listItemId}` | Get listItem | | PATCH | updateItem | /sites/ `{siteId}` /lists/ `{listId}` /items/ `{listItemId}` | Update the navigation property items in sites | | DELETE | deleteItem | /sites/ `{siteId}` /lists/ `{listId}` /items/ `{listItemId}` | Delete an item from a list | | POST | addSheet | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/add | Add worksheet | | GET | readSheet | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` | Read a sheet | | DELETE | deleteSheet | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` | Delete a new sheet | | PATCH | updateSheet | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` | Update worksheet | | GET | listSheets | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets | List worksheet collection | | PUT | uploadFile | /sites/ `{siteId}` /drive/items/ `{parentId}` :/ `{fileName}` :/content | Create or upload a file | | GET | readCell | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /cell(row= `{row}` ,column= `{column}` ) | Read cell | | PATCH | writeCell | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /cell(row= `{row}` ,column= `{column}` ) | Write cell | | GET | readRange | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ') | Read range | | PATCH | writeRange | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ') | Write range | | POST | deleteRange | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ')/delete | Delete range | | POST | clearRange | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /range(address=' `{address}` ')/clear | Clear range | | GET | getUsedRange | /sites/ `{siteId}` /drive/items/ `{itemId}` /workbook/worksheets/ `{worksheetIdOrName}` /usedRange | Get used range | ### Microsoft Teams The following list provides key information for this template + Server URL – https://graph.microsoft.com/v1.0 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | listChats | /chats | List chats | | POST | CreateChat | /chats | Create a new chat object | | GET | GetIndividualChat | /chats/ `{chatId}` | Get chat | | GET | ListAllChatMessages | /chats/ `{chatId}` /messages | List messages in a chat | | POST | SendChatMessage | /chats/ `{chatId}` /messages | Send a message in a chat | | GET | listTeams | /teams | List teams | | GET | GetTeam | /teams/ `{teamId}` | Get team | | GET | ListAllChannels | /teams/ `{teamId}` /channels | List channels | | POST | CreateChannel | /teams/ `{teamId}` /channels | Create channel | | GET | GetChannel | /teams/ `{teamId}` /channels/ `{channelId}` | Get channel | | POST | InviteChannelMember | /teams/ `{teamId}` /channels/ `{channelId}` /members | Add conversationMember | | GET | ListAllChannelMessages | /teams/ `{teamId}` /channels/ `{channelId}` /messages | List channel messages | | POST | SendChannelMessage | /teams/ `{teamId}` /channels/ `{channelId}` /messages | Send a message in a channel | | POST | ReplyToChannelMessage | /teams/ `{teamId}` /channels/ `{channelId}` /messages/ `{chatMessageId}` /replies | Reply to a message in a channel | | GET | ListAllTeamMembers | /teams/ `{teamId}` /members | List members of team | | POST | InviteUserToTeam | /teams/ `{teamId}` /members | Add member to team | | GET | listUsers | /users | List users | | GET | getUser | /users/ `{userId}` | Get a user | | POST | CreateOnlineTeamsMeeting | /users/ `{userId}` /onlineMeetings | Create an online meeting. | | GET | GetOnlineTeamsMeeting | /users/ `{userId}` /onlineMeetings/ `{meetingId}` | Get an online meeting. | | GET | ListAllRecordings | /users/ `{userId}` /onlineMeetings/ `{meetingId}` /recordings | List all recordings. | | GET | ListAllTranscripts | /users/ `{userId}` /onlineMeetings/ `{meetingId}` /transcripts | List all transcripts. | ### PagerDuty Advance The following list provides key information for this template + Server URL – https://api.pagerduty.com + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | listIncidents | /incidents | View incidents in my account | | POST | createIncident | /incidents | Create new incident | | GET | getIncident | /incidents/ `{id}` | View incident details | | PUT | updateIncident | /incidents/ `{id}` | Update an incident | | GET | listUsers | /users | View user list | ### Salesforce Lightning Platform The following list provides key information for this template + Server URL – https:// `{domainName}` .develop.my.salesforce.com/services/data/v60.0 + Outbound authentication types accepted: + OAUTH2 The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | getAccountList | /sobjects/Account | View all accounts | | POST | createAccount | /sobjects/Account | Create new account | | GET | getAccount | /sobjects/Account/ `{id}` | Get account details | | DELETE | deleteAccount | /sobjects/Account/ `{id}` | Remove account | | PATCH | updateAccount | /sobjects/Account/ `{id}` | Edit account details | | POST | createAccountTeamMember | /sobjects/AccountTeamMember | Add account team member | | GET | getAccountTeamMember | /sobjects/AccountTeamMember/ `{id}` | View account team member | | DELETE | deleteAccountTeamMember | /sobjects/AccountTeamMember/ `{id}` | Remove account team member | | GET | getCaseList | /sobjects/Case | View all cases | | POST | createCase | /sobjects/Case | Create new case | | GET | getCase | /sobjects/Case/ `{id}` | View case details | | DELETE | deleteCase | /sobjects/Case/ `{id}` | Remove case | | PATCH | updateCase | /sobjects/Case/ `{id}` | Edit case | | GET | getCampaignList | /sobjects/Campaign | View all campaigns | | POST | createCampaign | /sobjects/Campaign | Create new campaign | | GET | getCampaign | /sobjects/Campaign/ `{id}` | Get campaign details | | DELETE | deleteCampaign | /sobjects/Campaign/ `{id}` | Remove campaign | | PATCH | updateCampaign | /sobjects/Campaign/ `{id}` | Edit campaign | | POST | createCampaignMember | /sobjects/CampaignMember | Add campaign member | | GET | getCampaignMember | /sobjects/CampaignMember/ `{id}` | Get campaign member details | | DELETE | deleteCampaignMember | /sobjects/CampaignMember/ `{id}` | Remove campaign member | | GET | getContactList | /sobjects/Contact | View all contacts | | POST | createContact | /sobjects/Contact | Create new contact | | GET | getContact | /sobjects/Contact/ `{id}` | Get contact information | | DELETE | deleteContact | /sobjects/Contact/ `{id}` | Remove contact | | PATCH | updateContact | /sobjects/Contact/ `{id}` | Edit contact | | POST | createFeedItem | /sobjects/FeedItem | Create new feed item | | GET | getFeedItem | /sobjects/FeedItem/ `{id}` | View feed item | | DELETE | deleteFeedItem | /sobjects/FeedItem/ `{id}` | Remove feed item | | PATCH | updateFeedItem | /sobjects/FeedItem/ `{id}` | Edit feed item | | GET | getLeadList | /sobjects/Lead | View all leads | | POST | createLead | /sobjects/Lead | Create new lead | | GET | getLead | /sobjects/Lead/ `{id}` | Get lead details | | DELETE | deleteLead | /sobjects/Lead/ `{id}` | Remove lead | | PATCH | updateLead | /sobjects/Lead/ `{id}` | Edit lead details | | GET | getOpportunityList | /sobjects/Opportunity | View list of opportunities | | POST | createOpportunity | /sobjects/Opportunity | Create new opportunity | | GET | getOpportunity | /sobjects/Opportunity/ `{id}` | View opportunity details | | DELETE | deleteOpportunity | /sobjects/Opportunity/ `{id}` | Remove opportunity | | PATCH | updateOpportunity | /sobjects/Opportunity/ `{id}` | Edit opportunity | | GET | getUser | /sobjects/User | View user details | | GET | describeSObject | /sobjects/ `{sObject}` /describe | Get object metadata and field details | | GET | queryAccounts | /query | Executes a SOQL query to retrieve account data from Salesforce | ### ServiceNow The following list provides key information for this template + Server URL – https:// `{instance}` .service-now.com + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | retrieveAttachmentsMetadata | /api/now/attachment | Get all attachments info | | POST | uploadBinaryAttachment | /api/now/attachment/file | Upload binary file | | GET | retrieveAttachmentMetadata | /api/now/attachment/ `{sys_id}` | Get attachment info | | DELETE | deleteAttachment | /api/now/attachment/ `{sys_id}` | Remove attachment | | GET | retrieveAttachmentContent | /api/now/attachment/ `{sys_id}` /file | Get attachment content | | GET | listIncidents | /api/now/table/incident | View all incidents | | POST | createIncident | /api/now/table/incident | Create new incident | | GET | getIncident | /api/now/table/incident/ `{sys_id}` | View incident details | | PATCH | updateIncident | /api/now/table/incident/ `{sys_id}` | Edit incident | | DELETE | deleteIncident | /api/now/table/incident/ `{sys_id}` | Remove incident | | GET | listProblem | /api/now/table/problem | View all problems | | POST | createProblem | /api/now/table/problem | Create new problem | | GET | getProblem | /api/now/table/problem/ `{sys_id}` | View problem details | | DELETE | deleteProblem | /api/now/table/problem/ `{sys_id}` | Remove problem | | PATCH | updateProblem | /api/now/table/problem/ `{sys_id}` | Edit problem | | POST | createKnowledgeBaseArticle | /api/now/table/kb\$1knowledge | Create KB article | | DELETE | deleteKnowledgeBaseArticle | /api/now/table/kb\$1knowledge/ `{sys_id}` | Remove KB article | | PATCH | updateKnowledgeBaseArticle | /api/now/table/kb\$1knowledge/ `{sys_id}` | Edit KB article | | GET | listChoices | /api/now/table/sys\$1choice | View all system choices | | GET | listUsers | /api/now/table/sys\$1user | View all users | | GET | listChangeRequest | /api/sn\$1chg\$1rest/change | View all change requests | | POST | createChangeRequest | /api/sn\$1chg\$1rest/change | Create new change request | | GET | getChangeRequest | /api/sn\$1chg\$1rest/change/ `{sys_id}` | View change request details | | DELETE | deleteChangeRequest | /api/sn\$1chg\$1rest/change/ `{sys_id}` | Remove change request | | PATCH | updateChangeRequest | /api/sn\$1chg\$1rest/change/ `{sys_id}` | Edit change request | ### Slack Web The following list provides key information for this template + Server URL – https://slack.com/api + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | chatPostEphemeral | /chat.postEphemeral | Send temporary message | | POST | chatPostMessage | /chat.postMessage | Send new message | | POST | conversationsCreate | /conversations.create | Start new channel | | GET | conversationsHistory | /conversations.history | View message history | | POST | conversationsInvite | /conversations.invite | Add users to channel | | POST | conversationsJoin | /conversations.join | Enter existing conversation | | POST | conversationsKick | /conversations.kick | Remove user from chat | | POST | conversationsLeave | /conversations.leave | Exit conversation | | GET | conversationsList | /conversations.list | View all channels | | GET | conversationsMembers | /conversations.members | View chat participants | | POST | conversationsOpen | /conversations.open | Start or resume direct message | | GET | conversationsReplies | /conversations.replies | View message thread | | POST | conversationsSetTopic | /conversations.setTopic | Set chat topic | | GET | filesList | /files.list | List for a team, in a channel, or from a user with applied filters. | | GET | filesInfo | /files.info | View file details | | GET | searchAll | /search.all | Search messages and files | | POST | userGroupsCreate | /usergroups.create | Create new user group | | GET | userGroupsList | /usergroups.list | View all user groups | | POST | userGroupsUsersUpdate | /usergroups.users.update | Edit user group | | GET | usersList | /users.list | View team members | | POST | remindersAdd | /reminders.add | Set new reminder | | POST | usersProfileSet | /users.profile.set | Update user profile | | GET | GetUploadURLExternal | /files.getUploadURLExternal | Get an upload URL for a file to be uploaded externally to Slack. | | POST | completeUploadExternal | /files.completeUploadExternal | Finalize file upload to Slack. Should be used after Upload File. | ### Smartsheet The following list provides key information for this template + Server URL – https://api.smartsheet.com/2.0 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | listSearch | /search | Search all sheets | | GET | getSheet | /sheets/ `{sheetId}` | View sheet details | | GET | listReports | /reports | View all reports | | GET | getReport | /reports/ `{reportId}` | View report information | ### Tavily Search The following list provides key information for this template + Server URL – https://api.tavily.com + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | POST | TavilySearchPost | /search | ExecuteasearchqueryusingTavilySearch | | POST | TavilySearchExtract | /extract | ExtractwebpagecontentfromURLsusingTavilyExtract | ### Zendesk Suite The following list provides key information for this template + Server URL – https:// `{customerInstanceId}` .zendesk.com + Outbound authentication types accepted: + OAUTH2 The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | listSearchResults | /api/v2/search | List Search Results | | GET | listTickets | /api/v2/tickets | List Tickets | | POST | createTicket | /api/v2/tickets | Create Ticket | | GET | showTicket | /api/v2/tickets/ `{ticket_id}` | Show Ticket | | PUT | updateTicket | /api/v2/tickets/ `{ticket_id}` | Update Ticket | | GET | ListTicketEmailCCs | /api/v2/tickets/ `{ticket_id}` /email\$1ccs | List Email CCs for a Ticket | | GET | ListTicketFollowers | /api/v2/tickets/ `{ticket_id}` /followers | List Followers for a Ticket | | GET | ListTicketIncidents | /api/v2/tickets/ `{ticket_id}` /incidents | List Ticket Incidents | | GET | TicketRelatedInformation | /api/v2/tickets/ `{ticket_id}` /related | Ticket Related Information | ### Zoom The following list provides key information for this template + Server URL – https://api.zoom.us/v2 + Outbound authentication types accepted: + API key The following table shows the APIs that you can call if you add this target type to your gateway: | REST API type | Operation name | REST API path | Description | | --- | --- | --- | --- | | GET | recordingsList | /users/ `{userId}` /recordings | List all recordings | | GET | meeting | /meetings/ `{meetingId}` | Get a meeting | | GET | meetings | /users/ `{userId}` /meetings | List meetings | | POST | meetingCreate | /users/ `{userId}` /meetings | Create a meeting | | GET | recordingGet | /meetings/ `{meetingId}` /recordings | Get meeting recordings | # Understand how AgentCore Gateway tools are named Understand gateway tool naming The name of a tool in your gateway is dependent on the name of the target through which the tool can be accessed. Tool names are constructed in the following pattern: ``` ${target_name}___${tool_name} ``` For example, if your target’s name is `LambdaUsingSDK` and you have a tool named `get_order_tool` that is accessible at that target, the tool name that is visible through the Model Context Protocol (MCP) is `LambdaUsingSDK___get_order_tool`. You should ensure that your application code accounts for the discrepancy between the tool name visible through the MCP and the tool name itself. For an example of a Lambda handler function that strips the target name prefix from the tool name before passing it to a handler function, see [Lambda function input format](gateway-add-target-lambda.md#gateway-building-lambda-input).