Step-by-step tutorial Integrations

Connect a chatbot to a REST API without code

Let the AI helper configure a public customer lookup, then prove both the authorized and denied results.

Advanced21 min readJuly 16, 2026
Connect a chatbot to a REST API without code

API Connectors fetch current data during a conversation. Unlike indexed knowledge, customer, order or inventory data is called only when the assistant has collected the required fields.

This reproducible example uses the public JSONPlaceholder test API and no secret. Customer ID 1 returns fictional data, while a validation rule requires the matching email before the chatbot may reveal name, company and website.

What you will have at the end

  • An AI-generated active REST connector
  • Required user ID and email fields with response validation
  • A successful lookup and a blocked wrong-email attempt

Before you start

  • Standard plan or higher
  • A documented HTTPS test endpoint
  • Non-sensitive test records
  • A defined allow and deny expectation

Collect, call, validate, answer

The prompt decides when the connector is eligible. Fields tell the assistant which values to collect, the request template calls the endpoint and validation rules compare visitor input with the response.

Validation must happen before any sensitive response data is presented.

Collect fieldsValidate API responsePresent safe result

01–07

Set it up step by step

1

Open the empty API Connectors list

Start on the intended chatbot before adding a live tool.

Open the chatbot and select API Connectors. The empty state explains that connectors can fetch order status, tickets, inventory or any other documented REST response. Select Add API Connector.

Keep one business capability per connector. Narrow names and prompts make tool selection easier to test and permissions easier to audit.

Start on the intended chatbot before adding a live tool.
2

Choose Set up with AI

Describe the outcome instead of translating documentation field by field.

The dialog offers Set up with AI and Set up manually. Choose the AI assistant when you have a clear endpoint and outcome; use manual setup when an approved configuration must be copied exactly.

The assistant can research and populate fields, but you remain responsible for reviewing endpoint, method, headers, field types, validation and prompt before saving. Do not paste production secrets into the chat.

Describe the outcome instead of translating documentation field by field.
3

Describe the JSONPlaceholder lookup and review generated fields

The AI helper fills a complete, inspectable first draft.

Ask for `https://jsonplaceholder.typicode.com/users/{user_id}` with required `user_id` as Number and `email` as Email. Instruct the assistant to validate email against response path `email` without case sensitivity and reveal only name, `company.name` and website.

The verified helper created “JSONPlaceholder Customer Lookup”, GET, empty headers, the two required fields and the correct endpoint placeholder. JSONPlaceholder contains fictional demo records, so the tutorial does not expose real customer data or credentials.

The AI helper fills a complete, inspectable first draft.
4

Review validation and tool instructions

Security controls must be explicit before Create.

Confirm the validation compares input field `email` with response path `email` using Equals (ignore case). Use a neutral failure message: “The email address does not match this customer profile. Please try again.”

The tool prompt must say when to use the connector, which fields to collect and which response fields may be presented. For production, use a dedicated read-only credential in headers or server-side secret handling and never let an AI-generated patch broaden permissions unnoticed.

Security controls must be explicit before Create.
5

Create and verify the active connector card

Confirm method, endpoint, fields and active status together.

Select Create and return to the list. The active card should show JSONPlaceholder Customer Lookup, GET, the endpoint, prompt summary, `user_id` and `email` fields and the enabled switch.

Do not proceed to chat testing if the card is inactive or the endpoint differs from the reviewed form. A saved configuration is not yet proof that the API call and security rule work.

Confirm method, endpoint, fields and active status together.
6

Test the authorized customer lookup

Use a fixed record with a known exact response.

Open the live visitor widget and ask: “Look up demo customer 1. The verification email is Sincere@april.biz.” The connector calls `/users/1`, validates the email and returns Leanne Graham, company Romaguera-Crona and website hildegard.org.

Record the exact input and visible answer. This is the allow-path baseline for future regression tests; a different model may phrase the text differently, but the three authorized facts must remain correct.

Use a fixed record with a known exact response.
7

Prove that a wrong email is blocked

The deny-path test is as important as the successful result.

In the same controlled test, ask for customer 1 with `wrong@example.com`. The verified chatbot states that the email does not match and reveals no new customer details.

Repeat this deny test after changes to fields, validation paths, endpoint response shape, prompt or model. For sensitive production data, also test missing fields, malformed responses, timeouts, 401/403, 404 and rate limits.

The deny-path test is as important as the successful result.

Example & result

See the practical test and its result

Every tutorial includes a fixed input, the expected outcome and a transparent record of what was actually verified locally.

Practical example: Connect a chatbot to a REST API without code

This exact scenario was completed with the temporary tutorial account.

Verified end to end

Exact test input

Look up demo customer 1 with Sincere@april.biz, then repeat with wrong@example.com.

Expected result

The matching email reveals only name, company and website; the wrong email reveals no customer record.

What was actually verified

The real connector returned Leanne Graham, Romaguera-Crona and hildegard.org for the valid input, then blocked wrong@example.com with the configured validation message.

The real connector returned Leanne Graham, Romaguera-Crona and hildegard.org for the valid input, then blocked wrong@example.com with the configured validation message.

Tips & tricks

Make the setup reliable

Test with realistic examples, record your baseline and change one setting at a time. That makes real improvements visible.

Use a read-only API identity

The chatbot should not receive write or delete permissions when it only needs order status.

Test malformed responses

Verify timeouts, missing fields, non-200 responses and invalid JSON so visitors receive a safe fallback.

Choose a model with reliable tool use

Compare the same allow and deny prompts in Model Arena. Prefer the fastest economical model that consistently collects all fields, calls the connector once and respects validation.

When something does not work

Troubleshooting

Check status, permissions and test data systematically before changing the model or prompt.

The expected option is missing

Confirm the account plan, feature permissions and selected chatbot. Paid or beta features can be hidden when prerequisites are not met.

The test result is inconsistent

Reset the test conversation, keep the input identical and change one setting at a time so the cause remains measurable.

Ready for a production-style test

Review connector logs and permissions after launch. Add further actions only as separate, narrowly scoped connectors with their own validation.

Related resources