https://vapi.ai/ logo
Join Discord
Powered by
Does VAPI cache OAuth token?
# support
p
So I use oauth2 for custom LLM and webhooks I set OAuth values in assistant. I return:
Copy code
return {
        "access_token": access_token,
        "token_type": "bearer",
        "expires_in": expires_in_seconds,
    }
I get requests to my 
/token
endpoint before every server message. Do you not cache the token? Or am I not returning somethig for it to be cached? https://cdn.discordapp.com/attachments/1366739411219251310/1366739411538284645/image.png?ex=68120ac4&is=6810b944&hm=a447e9cf25cb904c98950ca70b19c37311bfd29c7ee81793612d1565520c9cc0&
v
Hey! To help track down this issue, could you share: - The call ID This would really help us figure out what went wrong!
p
This happens on every call, on every assistant. I just want to know why the token I generate isn't cached because vapi doesn't cache it or if I'm missing anything
84d19ebb-4627-4a2f-8e53-2f4b0f6e286d
2c26c07e-0658-4aac-9009-641afee8cd35
v
looking into it.
Looking at your model request log, you're using OAuth correctly, and your token is actually being cached (with an expiration date of April 30, 2025). The issue is that your credential in this request doesn't have an id or orgId field. This is why you're seeing the errors about "ID and Org ID are required" when trying to update the authentication session. When you make a request with a custom LLM, you need to ensure the inline credential object includes: 1. The id field with the credential's UUID 1) The orgId field with your organization ID
If works for you, could you create a credential using dashboard instead of inline credentials? This way you will never run into this issue again. Let me know what do you think about this.
p
Sorry, where should I provide UUID and orgID? Credentials models doesn't seem to have those (screenshots) Also custom LLM just responds to VAPI requests, should I send these in my response? Added what chunks I respond with as well. TL;DR where do I add UUID and orgId? https://cdn.discordapp.com/attachments/1366739411219251310/1367148393755050014/image.png?ex=681387a9&is=68123629&hm=568999d7e23c35656c0d513ddc4c97a10c052687ff7c5ec2b2280cd1004dd987& https://cdn.discordapp.com/attachments/1366739411219251310/1367148394065297489/image.png?ex=681387a9&is=68123629&hm=bad17e4ef0502b38c88db08d046b462495153617ea68fff935b140e679228fa6& https://cdn.discordapp.com/attachments/1366739411219251310/1367148394514219058/image.png?ex=681387a9&is=68123629&hm=d5c42c2f404870eb3d995cf4f7ef82d449f80531d5938093553f6e73cd42a11b&
I need different credentials per Assistant, because my local environment and prod has different /token addresses, so I have local Asisstants and Prod assistants
I do have credentials in UI as as well, but asisstant credentials has priority
v
Hey, let me check with the team on this and clear out all confusions.
Hey, you just need to add the ID and org ID. The ID is supposed to be a UUID. Make sure that it's not similar to the existing credentials, and it will work. Do make a one- or two-calls and let me know how it goes for you. 
examples
id: d19a8c48-b3fd-430b-a472-f55621408df2 orgId: 6da17b03-ce91-460f-a854-478031f357b2
p
Hm, I did find 
CustomLLMCredential
and 
WebhookCredential
in https://api.vapi.ai/api They do have 
id
and 
orgId
parameters, which i'd expect be populated by VAPI when creating Credential, because I get 
400
when trying to update 
Assistant
> 
credentials
vapi.core.api_error.ApiError: status_code: 400, body: {'message': ['each value in credentials.property id should not exist'], 'error': 'Bad Request', 'statusCode': 400}
vapi.core.api_error.ApiError: status_code: 400, body: {'message': ['each value in credentials.property orgId should not exist'], 'error': 'Bad Request', 'statusCode': 400}
Probably because `CreateWebhookCredentialDTO`/`UpdateWebhookCredentialDTO` and `CreateCustomLLMCredentialDTO`/`UpdateCustomLLMCredentialDTO` doesn't have 
id
and 
orgId
parameters in them.
My update looks like this (I have unique UUIDs for 
llm_credentials_id
and 
wh_credentials_id
, orgId is taken from dashboard.:
Copy code
from vapi import Vapi

async def update_local_assistant_auth(assistant_id, llm_credentials_id, wh_credentials_id):

    credentials = {
        "credentials": [
            {
                "provider": "custom-llm",
                "apiKey": "",
                "id": llm_credentials_id,
                "orgId": ORG_ID,
                "authenticationPlan": {
                    "type": "oauth2",
                    "url": "***",
                    "clientId": CLIENT_ID,
                    "clientSecret": CLIENT_SECRET
                },
                "name": "local"
            },
            {
                "provider": "webhook",
                "id": wh_credentials_id,
                "orgId": ORG_ID,
                "authenticationPlan": {
                    "type": "oauth2",
                    "url": "****",
                    "clientId": CLIENT_ID,
                    "clientSecret": CLIENT_SECRET,
                },
                "name": "local"
            },
        ]
    }

    response = client.assistants.update(id=assistant_id, **credentials)
This works if 
id
and 
orgId
is removed
Docs also doesn't show 
id
and 
orgId
in 
Update Assistant
https://docs.vapi.ai/api-reference/assistants/update#request.body.credentials Once again I would expect 
id
and 
orgId
to be populated by VAPI when creating credential, because these only exist in main shcema for credentials, not in 
create
or 
update
otherwise create and/or update schemas probably needs id/orgId
@Shubham Bajaj Could you please let me know if its something I'm doing wrong or if Vapi team will need to make some changes? I'd like to know so I can maybe reduce server messages I receive until we find a way. Thanks!
v
You're correct, but there's an important distinction that needs clarification: 1\. **Credential Creation via API**: - When using the 
create
credential endpoint, VAPI generates the 
id
field automatically - The 
orgId
comes from the authenticated request context - These fields are managed by the backend 2\. **Inline Credentials in Assistants**: - When defining credentials directly in an assistant configuration, these aren't stored as separate database entities - They're used at runtime "as is" for each request - For OAuth token caching to work, these inline credentials need both 
id
and 
orgId
fields - Without these fields, the system can't persist tokens between calls The confusing part for you is validation errors when trying to include these fields in assistant updates because the API validation is designed to prevent users from setting system-managed fields. However, for inline credentials to work with token caching, these fields need to be present at runtime. This is effectively inconsistency in the system - let me check with the team. For your's use case with different credentials per assistant(for now only, i know about runtime credentials): Create separate credentials via the dashboard/API first, then reference them by ID in the assistant
The ticket has been carried over to the team, and you will receive an update by this week or next.
p
Thanks a lot, @Shubham Bajaj As I understand there's no credentials API to create multiple credentials to use them by ID later, cant find it at https://api.vapi.ai/api or https://docs.vapi.ai/api-reference/calls/list Ill, just reduce events I get for now. When it comes to creating credentials via dashboard, I can only create 1 of each for 
customLlm
and 
serverMessages
, so it still has same URL for server messages and custom LLM and I need different assistants for different environments. Anyway, I'll be waiting for updates, thanks again!
v
We have carefully considered your request and aligned our efforts accordingly. Your request will be included in the upcoming sprint cycle, and we'll ensure to keep you updated with any future developments.
PreviousNext
Powered by