
You've configured your agent, given it tools, set its triggers, and decided how it collaborates with others. Now make it real: control who can use it, give it the context it needs at runtime, embed it in your product, and ship it.
Everything in this article lives in the Settings panel of your agent.
Open the Access section to control who can see and use this agent. The Visibility dropdown has three options:
Everyone — any teammate in the project can use the agent, plus end users it's exposed to via the SDK.
Only me — only the agent's creator can see and use it. Useful for agents you're prototyping.
Specific people — pick individual teammates from the dropdown. Use this for sensitive agents (e.g. an internal billing agent only the finance team should run).
Note: Project admins always have access to all agents, regardless of this setting. That ensures someone can always recover or audit an agent if its creator leaves.
Only admins or the agent's creator can change the access settings. Other teammates see a read-only summary.
Most non-trivial agents need to know who they're talking to and need credentials to act on that user's behalf. The Agent Context & Auth section lets you configure this with a single endpoint your backend implements.
How it works: When a conversation starts, Gleap calls your endpoint with the user and conversation details. Your backend returns a JSON response containing context and (optionally) auth credentials. That data is then used for the rest of the conversation.
What you configure:
Endpoint URL — https://api.yourapp.com/gleap/agent-context or similar.
Headers — key/value pairs (e.g. Authorization: Bearer …) sent when Gleap calls your endpoint.
Enabled — toggle the integration on or off without losing the configuration.
Expected response: Your endpoint must return a JSON object with optional context and auth fields:
{
"context": {
"plan": "enterprise",
"tenantId": "abc-123"
},
"auth": {
"token": "eyJhbG...",
"expiresIn": 3600
}
}context is injected into the agent's prompt as additional information. The agent can read these values and reason over them. Use this to pass things like the user's plan, tenant ID, language, role, or anything else that should shape the agent's responses.
auth.token is never shown to the AI. It's stored server-side and made available to your Dynamic API tools as {{auth.token}} (in URLs and header values). This is how you safely let the agent call your APIs as the current user without putting the token in the prompt.
Use Agent Context & Auth whenever the agent needs to act on behalf of a logged-in user — looking up their data, mutating records they own, calling per-user APIs.
Click Implementation in the Settings panel header to open the SDK modal. It gives you ready-to-paste code in three flavors:
Managed UI — open the agent in Gleap's built-in chat UI:
Gleap.startAgent("agent-id", { /* context */ });Headless — single-turn API call, useful when you're rendering the chat yourself:
const { response } = await Gleap.sendAgentMessage(
"agent-id",
"Your message here",
{ /* context */ }
);Component — drop a native web component into your markup:
<gleap-agent-conversation agentId="agent-id" context='...' />The modal automatically detects every {{context.xxx}} placeholder you've used across the agent's API tools and pre-fills the example with those keys, so you know exactly what to pass.
Scroll to the bottom of the Settings panel for the Delete agent action. Deleting is permanent — the agent and its conversation history are removed. If you just want to take an agent out of service temporarily, use Unpublish instead.
That's the full lifecycle: build the agent, give it tools, define when it runs, connect it to other agents and humans, and ship it with the right access, context, and embed (this article).
If you ever need a refresher on what an agent is and how the pieces fit together, head back to Introduction to custom AI Agents..