Agent ID Guard outbound authorization - Identity as a Service

Control outbound access from AI agents to external services and prevent unauthorized API calls.

Overview

Outbound authorization is a core capability of Agent ID Guard. When an AI agent calls an external service, such as a large language model (LLM), a third-party SaaS application, or an internal enterprise system, Agent ID Guard verifies the outbound authorization to ensure that the agent can access only the services and resources required for its intended tasks. Without outbound authorization controls, an agent may call sensitive APIs beyond its scope or leak credentials, which creates data security and compliance risks.

Select an outbound authorization type

Select the outbound authorization type based on the type of external service that the AI agent accesses:

Outbound type	Scenario	Credential	Configuration reference
LLM outbound authorization	An agent calls an external LLM service to perform inference tasks.	API Key	LLM API key outbound authorization
Third-party service outbound authorization	An agent integrates with external third-party services, including SaaS applications and API services. Examples: Call DingTalk APIs to send notifications and messages Call an Amap MCP (Model Context Protocol) server to retrieve geolocation information	API Key OAuth Access Token	Third-party service node outbound authorization
Enterprise service outbound authorization	An agent connects to existing internal enterprise systems. Examples: An HR agent accesses the human resources system to query employee profiles and payroll data An operations agent accesses the monitoring system to retrieve service health status and alert information	OAuth Access Token	Enterprise service node outbound authorization