How to Create a GPT

GPT Actions: Connect APIs to Your Custom GPT

Make your GPT do things: fetch data, trigger workflows, or query your app — safely.

What are Actions?

Actions let your GPT call external APIs you define using an OpenAPI schema. Users stay in ChatGPT; your API does the heavy lifting.

You’ll need

  • An HTTPS API endpoint
  • An OpenAPI 3.x spec (YAML/JSON)
  • Domain verification (TXT or file)
  • A public Privacy Policy URL

Good for

  • Live pricing, inventory, weather, news
  • Internal tools via a thin API wrapper
  • Triggering workflows (e.g., create ticket)

Step-by-step

  1. 1) Write a minimal OpenAPI spec

    openapi: 3.1.0
info: { title: Example Weather Action, version: '1.0.0' }
servers: [ { url: https://api.example.com } ]
paths:
  /weather:
    get:
      operationId: getWeather
      parameters:
        - in: query
          name: city
          schema: { type: string }
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  tempC: { type: number }
                  summary: { type: string }

    Keep responses small and explicit. Provide types and examples.

  2. 2) Host the spec & verify your domain

    Upload openapi.yaml to your domain or serve it from your API docs. Complete the domain verification step in the GPT builder.

  3. 3) Add the Action in the GPT builder

    In Configure → Actions, paste your spec URL, set auth (API key/OAuth), and write friendly function descriptions.

  4. 4) Privacy checklist

    • Public privacy URL (use /privacy.html)
    • Don’t send PII in requests unless necessary
    • Document data retention on your side
    • Provide user-facing disclaimers when returning sensitive info

  5. 5) Test with real prompts

    Create a “golden prompts” list: happy path, missing-parameter, and error response. Ensure the GPT handles failures gracefully.

Troubleshooting

  • 401/403: Check auth headers and scopes.
  • CORS: Not applicable — calls originate server-to-server.
  • Schema not loading: Validate OpenAPI version and URL accessibility.
  • Action ignored: Improve the tool description and add a decision rule in Instructions.

Copy/paste: Action-aware instruction block

Purpose: Fetch live data via the configured Action when the user asks for [DATA TYPE].
Decision: If user asks for [DATA TYPE], call the Action first; otherwise answer normally.
Validation: If the Action errors, summarize and offer alternatives.
Privacy: Do not send user PII in Action requests.

FAQ

Do I need an API server?

Yes — Actions call your HTTPS endpoints defined in OpenAPI.

Where do I put the OpenAPI file?

Anywhere publicly reachable (your domain or API docs). Keep a stable URL.

What about authentication?

Use API keys, OAuth, or no auth for public endpoints. Never hardcode secrets in the spec.

Can I rate-limit misuse?

Yes — implement server-side throttling and input validation on your API.