All posts
June 18, 20263 min read

A Guide to Machine Identities in Function Calling

An offboarded contractor leaves a CI job that calls a payment API using a hard‑coded key. The function runs nightly, and the key continues to grant access until someone notices the unexpected charges. In that scenario the function is acting as a machine identity – a non‑human principal that must be authenticated and authorized before it can invoke downstream services. Most teams treat such identities like static secrets: they embed API tokens in code, share them across pipelines, and trust tha

Free White Paper

Function Calling Security + Just-in-Time Access: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

An offboarded contractor leaves a CI job that calls a payment API using a hard‑coded key. The function runs nightly, and the key continues to grant access until someone notices the unexpected charges.

In that scenario the function is acting as a machine identity – a non‑human principal that must be authenticated and authorized before it can invoke downstream services.

Most teams treat such identities like static secrets: they embed API tokens in code, share them across pipelines, and trust that the service will honor the request without any visibility into who actually triggered it.

Why machine identity needs strict enforcement

Machine identities are subject to the same attack surface as human users. If a token is leaked, an attacker can automate calls at scale, exfiltrate data, or cause financial loss. Unlike a human, a machine cannot answer a challenge, rotate credentials on demand, or be revoked in real time without a control point that intercepts the request.

The missing enforcement layer

Current practice often provides three pieces:

  • Provisioning of a static credential to the function.
  • Authentication of the function via that credential.
  • Direct network traffic to the target service.

These steps establish identity but leave the request path untouched. The function reaches the target directly, so there is no audit trail, no inline masking of sensitive responses, and no opportunity for just‑in‑time approval of risky operations. The environment therefore lacks the guardrails required for a secure machine identity lifecycle.

Introducing hoop.dev as the data‑path gateway

hoop.dev fulfills the missing control point by sitting in the Layer 7 data path between the calling function and the downstream service. It acts as an identity‑aware proxy: it validates the machine’s OIDC or SAML token, injects the appropriate short‑lived credential, and enforces policy before any traffic leaves the gateway.

Continue reading? Get the full guide.

Function Calling Security + Just-in-Time Access: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

How hoop.dev enforces secure function calling

When a function initiates a call, hoop.dev performs several enforcement actions:

  • Authentication check: The gateway verifies the machine identity token against the configured IdP.
  • Just‑in‑time credential issuance: hoop.dev retrieves a short‑lived secret for the target service, ensuring that static keys never touch the function code.
  • Policy evaluation: Rules can require human approval for high‑risk operations, block disallowed commands, or require additional context before proceeding.
  • Inline data masking: Responses that contain sensitive fields are stripped or redacted before they reach the function.
  • Session recording: hoop.dev records each request and response pair, creating an audit log that can be replayed for investigations.

All of these outcomes exist because hoop.dev occupies the data path; without it, the function would communicate directly with the service and none of the above controls could be applied.

Getting started with hoop.dev for function calling

To adopt this model, follow the high‑level steps below and refer to the official documentation for implementation details:

  1. Deploy the hoop.dev gateway using the recommended Docker Compose or Kubernetes manifest.
  2. Register the function as a connection in hoop.dev, specifying the target endpoint and the credential source.
  3. Configure OIDC or SAML authentication so that each function presents a machine identity token.
  4. Define policies that dictate when approvals are required, which fields must be masked, and which commands are prohibited.
  5. Enable session recording to capture a complete audit trail.

The hoop.dev getting started guide walks you through deployment, while the learning resources provide deeper coverage of policy language and masking configuration.

Common pitfalls and best practices

Even with a gateway in place, teams can slip back into insecure patterns. One frequent mistake is to store the short‑lived credential that hoop.dev fetches in a shared environment variable, effectively turning a dynamic secret into a static one. Another risk is to apply overly permissive policies that approve every request by default; this defeats the purpose of just‑in‑time gating. To avoid these traps, keep the credential lifecycle confined to the gateway, and use policy rules that require explicit approval for any operation that writes or deletes data. Regularly review audit logs to ensure that the recorded sessions match expected behavior, and adjust masking rules when new sensitive fields appear in responses.

FAQ

Do I need to change my existing function code?

No. hoop.dev works as a transparent proxy, so the function continues to use its standard client libraries. The gateway intercepts traffic at the protocol level.

Can I enforce different policies per function?

Yes. Policies are attached to each registered connection, allowing granular control over approvals, masking, and command blocking.

How long are the audit records retained?

Retention is configurable in the gateway settings. The records are stored outside the function’s runtime, ensuring they remain available even if the function is compromised.

What happens if a token cannot be validated?

hoop.dev rejects the request outright and logs the failure, preventing any downstream call from occurring.

Explore the open‑source repository on GitHub to see the code, contribute, or file an issue: hoop.dev on GitHub.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot