Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Environment:Microsoft Agent framework API Credentials

From Leeroopedia
Revision as of 18:45, 16 February 2026 by Admin (talk | contribs) (Auto-imported from environments/Microsoft_Agent_framework_API_Credentials.md)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Sources
Domains Infrastructure, AI_Agents, Security
Last Updated 2026-02-11 16:45 GMT

Overview

API keys, endpoints, and authentication credentials required to connect the Agent Framework to LLM providers (OpenAI, Azure OpenAI, Anthropic, AWS Bedrock) and observability services.

Description

The Microsoft Agent Framework connects to multiple LLM providers through configurable chat clients. Each provider requires specific API keys or authentication tokens. Credentials can be supplied via environment variables or `.env` files using pydantic-settings integration. The framework supports both direct API key authentication and Azure Active Directory (Entra ID) token-based authentication.

Usage

Use this environment whenever configuring an LLM chat client. At minimum, one provider's credentials must be set. The specific variables depend on which provider you are using (OpenAI, Azure OpenAI, Anthropic, or AWS Bedrock). Observability variables are optional but recommended for production deployments.

System Requirements

Category Requirement Notes
Network Outbound HTTPS (443) Must reach provider API endpoints
Authentication API key or Azure AD token Provider-specific
File System `.env` file (optional) Alternative to environment variables

Dependencies

Python Packages

  • `pydantic-settings` >= 2, < 3 (loads credentials from environment)
  • `azure-identity` >= 1, < 2 (Azure AD authentication)
  • `openai` >= 1.99.0 (OpenAI/Azure OpenAI clients)

Credentials

The following environment variables must be set depending on the provider:

OpenAI

  • `OPENAI_API_KEY`: OpenAI API key for authentication
  • `OPENAI_CHAT_MODEL_ID`: Model identifier (e.g., `gpt-4o-mini`)

Azure OpenAI

  • `AZURE_OPENAI_ENDPOINT`: Azure OpenAI service endpoint URL
  • `AZURE_OPENAI_API_KEY`: Azure OpenAI API key (or use Azure AD)
  • `AZURE_OPENAI_CHAT_DEPLOYMENT_NAME`: Deployment name for chat model
  • `AZURE_OPENAI_DEPLOYMENT_NAME`: Alternative deployment name (defaults to `gpt-4o-mini`)

Anthropic

  • `ANTHROPIC_API_KEY`: Anthropic API key
  • `ANTHROPIC_CHAT_MODEL_ID`: Model identifier

AWS Bedrock

  • `AWS_ACCESS_KEY_ID`: AWS access key
  • `AWS_SECRET_ACCESS_KEY`: AWS secret key
  • `AWS_DEFAULT_REGION`: AWS region for Bedrock service

AG-UI Security

  • `AG_UI_API_KEY`: API key for AG-UI endpoint authentication (production required)

Observability (Optional)

  • `ENABLE_INSTRUMENTATION`: Enable OpenTelemetry (`"true"` to enable)
  • `ENABLE_SENSITIVE_DATA`: Include sensitive data in telemetry traces
  • `ENABLE_CONSOLE_EXPORTERS`: Enable console telemetry export
  • `OTEL_EXPORTER_OTLP_ENDPOINT`: OpenTelemetry collector endpoint
  • `OTEL_SERVICE_NAME`: Service name for telemetry identification

Testing

  • `RUN_INTEGRATION_TESTS`: Set to `"true"` to enable integration tests

Quick Install

# Create a .env file in the python/ directory
cat > .env << 'EOF'
# OpenAI
OPENAI_API_KEY="sk-..."
OPENAI_CHAT_MODEL_ID="gpt-4o-mini"

# Azure OpenAI (alternative)
# AZURE_OPENAI_ENDPOINT="https://your-resource.openai.azure.com/"
# AZURE_OPENAI_API_KEY="..."
# AZURE_OPENAI_CHAT_DEPLOYMENT_NAME="gpt-4o-mini"
EOF

# IMPORTANT: Add *.env to .gitignore
echo "*.env" >> .gitignore

Code Evidence

Credential loading via pydantic-settings from `python/DEV_SETUP.md:97-98`: 

AF Python leverages pydantic settings to load keys, secrets, and endpoints
from the environment.

File-based credential loading from `python/DEV_SETUP.md:114-120`: 

from agent_framework.openai import OpenAIChatClient

client = OpenAIChatClient(env_file_path="openai.env")

AG-UI security warning from `python/packages/ag-ui/getting_started/server.py:69-75`: 

# If no API key is configured, log a warning but allow the request
# This maintains backward compatibility but warns about the security risk
logger.warning(
    "AG_UI_API_KEY environment variable not set. "
    "The endpoint is accessible without authentication. "
)

Anthropic API key usage from `python/packages/anthropic/agent_framework_anthropic/_chat_client.py:328`: 

api_key: str  # ANTHROPIC_API_KEY environment variable

Common Errors

Error Message Cause Solution
`AuthenticationError: Incorrect API key` Invalid or expired API key Verify key at provider dashboard; regenerate if expired
`AG_UI_API_KEY environment variable not set` Missing AG-UI API key Set `AG_UI_API_KEY` env var for production security
`azure.identity.CredentialUnavailableError` Azure AD token unavailable Run `az login` or configure service principal
`openai.APIConnectionError` Cannot reach API endpoint Check network connectivity and endpoint URL

Compatibility Notes

  • Azure AD vs API Key: Azure OpenAI supports both API key and Azure AD token authentication. Azure AD is recommended for production.
  • env_file_path: Most chat client constructors accept `env_file_path` parameter to load credentials from a specific `.env` file instead of environment variables.
  • VSCode: The Python extension automatically loads environment variables from `.env` files in the workspace root.
  • Production: Never commit `.env` files. Use platform-specific secret management (Azure Key Vault, AWS Secrets Manager).

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Environment:Microsoft_Agent_framework_API_Credentials&oldid=27773"