External API secrets and Assistant function call

Hello All.
I’m playing around with an assistant and I have created a couple of functions for the assistant to use. The functions call an api with a private key. How do I pass the secret safely so the assistant can make the external api call?


The AI model of API does not need to know secrets, nor can it directly access external APIs on the internet.

What it does is emit tool_call “action required” status when one of your own code’s function specifications have been invoked. You must fulfill that request with a return value.

You thus would write the code that makes the external calls to APIs in your own backend that neither the user nor the AI sees.

Thank you. I think I understand better the abstraction now. Thank you.