A discrete capability your app exposes — a named operation that the assistant can invoke on behalf of a user. Defined in your app’s manifest with a name, description, endpoint, and parameters. Examples: create_task, send_email, search_documents.
A registered integration on Orceum. An app defines what it can do (via actions or MCP tools), how users authenticate, and how it communicates. Apps are NATIVE (HTTP webhook endpoints), MCP (Model Context Protocol server), or SKILL (code + knowledge bundle).
A unique identifier assigned to your app at registration (e.g. app_a1b2c3d4e5f6). Required for all API calls related to your app and included in the OAuth callback URL.
An AI-facing text field injected into the assistant’s context when considering whether to use your app. Distinct from description (which is user-facing). Write it to describe operational behavior, not marketing messaging.
The authentication model your app uses: NONE (no credentials), API_KEY (per-user API keys), or OAUTH (OAuth 2.0 authorization code flow). Determines the installation UX and what credentials are injected on action calls.
Orceum’s internal AI component that evaluates incoming webhook events and decides how to route them: IGNORE, NOTIFY_ONLY, NOTIFY_WITH_TEMPLATE, or DEFER_TO_DIGEST. Considers event priority, user preferences, and context.
A real-time notification pushed by your app into Orceum’s pipeline via POST /v1/apps/{app_id}/events. Events represent something that happened on the user’s behalf (e.g. task.completed, payment.failed). Not to be confused with action calls from Orceum to your app.
A unique identifier for a specific user’s installation of your app (e.g. inst_abc123). Included in every action call as the X-Orceum-Installation-Id header. Use it to identify and isolate users in your system.
An HTTP POST Orceum sends to your installation_webhook_url when a user installs (INSTALLED) or removes (UNINSTALLED) your app. Signed with your orc_* secret. Distinct from the events you push to Orceum.
The JSON definition of your app’s capabilities: its name, description, actions array, and config. For native apps, you define this manually. For MCP apps, Orceum auto-generates it from list_tools().
An open protocol for exposing tools to AI systems. MCP apps connect Orceum to external tool servers. Orceum discovers tools via list_tools() and executes them via call_tool(name, args).
An Orceum app type where actions are invoked via HTTP POST to your base_url + endpoint. You define the manifest, handle requests, and return JSON responses. Supports NONE, API_KEY, and OAUTH authentication.
The AI agent that powers Orceum conversations. It discovers and invokes apps, interprets results, and responds to users. The assistant reads your action descriptions to decide when to use your app and which actions to call.
The orceum_webhook_secret returned to you at app registration. Orceum uses it to sign lifecycle webhooks sent to your installation_webhook_url. Shown only once — store it in a secrets manager immediately.
An OAuth 2.0 security extension that prevents authorization code interception attacks. Enable with use_pkce: true in oauth_config. Recommended for all OAuth apps.
A webhook signing secret you generate and set in config.webhook_config.webhook_secret. Orceum uses it to verify signatures on events you push. Also used as your app’s identity token in the X-Orceum-Webhook-Secret header.
The HTTP header Orceum includes on every action call to your app. Contains the installation_id of the user who triggered the action. Use this to scope all operations to the correct user — never share data across installation IDs.