AI integration with token authentication

Beate · April 16, 2026, 3:31pm

Title: AI Feature - authentication via token

we use a business AI (based on OpenAI), which does not permit authentication via API key only, but via token authentication / OAuth
we cannot use the AI feature at all without proper authentication
there is no option to configure token requests
i would like to configure my business AI to work with zammad to stay in the narrow regulatory corridor we are permitted

I guess the default authentication method with business AI (by german Telekom) is token based, but most may permit API key also. Unfortunaltely - or fortunately - , our AI provider is not open to lower security standards at all.

At the moment, we are only 4 people using zammad as a pilot group, but with working AI integration, other teams might decide to migrate from their outdated ORTS to zammad as well.

our Zammad environment:

Average concurrent agent count: 4 at the moment (possibly more than 100)
Average tickets a day: 20 (multiply…)
What roles/people are involved: all kind of technicians, service staff, users

Anything else which you think is useful to understand your use case:
no one should be forced to lower their cybersecurity standards just to implement AI. It should be the other way round. Thank you.

Thank you and have fun.

tobi_bueck · May 8, 2026, 9:56am

security-first approach is the right mindset, especially in regulated environments.

Quick clarification on Telekom Business AI:

I looked into T-Systems’ “AI Foundation Services” (their standard enterprise AI offering), and interestingly, it uses API key authentication (Bearer token), not OAuth2. The API is OpenAI-compatible:

-H “Authorization: Bearer $API_KEY”

What specific Telekom AI service are you using? The AI Foundation Service might be different from what your organization has deployed internally.

If you truly need OAuth2/Token-based auth, here are your options:

LiteLLM Proxy (recommended) Deploy a lightweight gateway that accepts API key auth from Zammad and forwards requests with proper OAuth2 tokens to your AI provider. Keeps Zammad config simple while satisfying your security requirements.
Ollama / Self-hosted models Since you’re already in the Telekom Cloud ecosystem, you could run Llama, Mistral, or other open models directly on your T-Cloud infrastructure:

Full data sovereignty (no external API calls)
No authentication complexity
Zammad 7 supports Ollama via OpenAI-compatible endpointMore info: Provider — Zammad Admin Documentation documentation

Hope this helps you find a path that keeps both your security team and your agents happy!

MrGeneration · May 8, 2026, 10:04am

Feature requests do not belong on Zammads Github but this community forum, just like where you and your modal answered in.

tobi_bueck · May 8, 2026, 10:06am

Ohh Okay, I Changed It!

Beate · May 8, 2026, 10:59am

Thanks Tobi, Telekom BusinessGPT is really OAuth-only - which they tell you only after having it bought.
I will have a look at LiteLLM Proxy, since the problem with authentication is unfortunaley not only with zammad but other tools as well.

But it would be nice to have it natively anyway.

Beate · May 12, 2026, 11:09am

I solved the problem for now by having installed a small python daemon acting as proxy.
I hope this is only a temporary solution, though, and OAuth support will be a native zammad feature soon.
Please consider it.