Skip to Content
Get StartedAbout Arcade

About Arcade

Arcade is the actions runtime for enterprise AI agents. An isn’t an agent if it can’t take actions — and the moment an agent acts, three problems hit at once. Arcade solves all three at runtime, so teams ship production agents without rebuilding plumbing every time:

  • Enforce — Authorization: Deploy agents your security team approves. Your existing IdP, DLP, SIEM, and compliance policies, plus per-action authorization, are enforced at runtime.
  • Execute — Agent-: Agents that work across every business system, with 7,500+ agent-optimized tools across 81 servers, built for reliable execution at scale — not thin API wrappers.
  • Govern — Lifecycle Governance: Scale agents across the org from a central control plane: shared registry, version control, visibility filtering, and OpenTelemetry audit logs.

Configure once and use any model, framework, and client. Deploy the first the same way you deploy the hundredth.

The rest of this page focuses on the first pillar — authorization — which is where most agentic applications hit their first wall.

Why agent authorization matters

Applications that use models to perform tasks (agentic applications) commonly require access to sensitive data and services. Authentication complexities often hinder AI from performing tasks that require -specific information, like what emails were recently received or what’s coming up on a calendar.

To retrieve this information, agentic applications need to be able to authenticate and authorize access to external services like Gmail or Google Calendar.

Authenticating to retrieve information, however, is not the only challenge. Agentic applications also need to authenticate to act on behalf of - like sending an email or updating a calendar.

Without auth, AI are severely limited in what they can do.

How Arcade solves this

Arcade provides an authorization system that handles OAuth 2.0, , and user tokens needed by AI to access external services through . This means AI agents can now act on behalf of securely and privately.

Arcade architecture overview

With Arcade, developers can now create that can act as the end of their application to perform tasks like:

  • Creating a new Zoom meeting
  • Sending or reading email
  • Answering questions about files in Google Drive.

Auth permissions and scopes

Each tool in Arcade’s servers has a set of required permissions - or, more commonly referred to in OAuth 2.0, scopes. For example, the Gmail.SendEmail requires the https://www.googleapis.com/auth/gmail.send scope.

A scope is what the user has authorized someone else (in this case, the AI agent) to do on their behalf. In any OAuth 2.0-compatible service, each kind of action requires a different set of permissions. This gives the user fine-grained control over what data third-party services can access and what actions they can take in their .

When an agent calls a tool, if the user has not granted the required permissions, will automatically prompt the user to authorize the and coordinate the OAuth 2.0 flow with the service provider.

How to implement OAuth 2.0-authorized tool calling

To learn how Arcade authorizes actions () through OAuth 2.0 and how to implement auth flow, check out Authorized Tool Calling.

Tools that don’t require authorization

Some , like GoogleSearch.Search, allow AI to retrieve information or perform actions without needing -specific authorization.

Python
from arcadepy import Arcade
 
client = Arcade(api_key="arcade_api_key") # or set the ARCADE_API_KEY env var
 
# Use the GoogleSearch.Searchtool to perform a web search
 
response = await client.tools.execute(
tool_name="GoogleSearch.Search",
input={"query": "Latest AI advancements"},
)
print(response.output.value)
Last updated on
Docs HomeGet an API key