System Designer
Back to GenAI Systems

Function Calling & AI Tools

Enable AI to interact with external systems. Learn function calling, tool integration, and security patterns.

30 min readIntermediate
Not Started
Loading...

🔧 What is Function Calling?

Function Calling allows LLMs to execute external functions and APIs. Instead of just generating text, AI can take actions: search databases, send emails, calculate values, and interact with any system you provide.

Game Changer: Function calling transforms LLMs from text generators into intelligent agents that can interact with the real world through your APIs and systems.

❌ Without Function Calling

  • • "I can't check your account balance"
  • • "I don't have access to current weather"
  • • "I can't send that email for you"
  • • Static, text-only responses

✅ With Function Calling

  • • "Your balance is $2,847.32"
  • • "It's 72°F and sunny in San Francisco"
  • • "Email sent to john@company.com ✓"
  • • Dynamic, action-taking AI

🏗️ Function Calling Approaches

OpenAI Functions

Models: gpt-4, gpt-3.5-turbo

Format: JSON Schema

Parallel Calls: Yes

Strengths:
  • Reliable
  • Well-documented
  • Parallel calls
Limitations:
  • OpenAI only
  • JSON Schema complexity

🛠️ Common AI Tools

Weather API

Get current weather for a location

Use case: Virtual assistants, travel apps

Function Schema

{
  "name": "get_weather",
  "description": "Get current weather information for a location",
  "parameters": {
    "type": "object",
    "properties": {
      "location": {
        "type": "string",
        "description": "City name or coordinates"
      },
      "units": {
        "type": "string",
        "enum": [
          "celsius",
          "fahrenheit"
        ],
        "description": "Temperature units"
      }
    },
    "required": [
      "location"
    ]
  }
}

Implementation

async function get_weather(location, units = 'celsius') {
  const response = await fetch(
    `https://api.weather.com/current?location=${location}&units=${units}`
  );
  return response.json();
}

💻 Implementation Examples

// Basic function calling with OpenAI
const tools = [
  {
    type: "function",
    function: {
      name: "get_weather",
      description: "Get current weather for a location",
      parameters: {
        type: "object",
        properties: {
          location: { type: "string", description: "City name" }
        },
        required: ["location"]
      }
    }
  }
];

const response = await openai.chat.completions.create({
  model: "gpt-4",
  messages: [{ role: "user", content: "What's the weather in Paris?" }],
  tools: tools,
  tool_choice: "auto"
});

// Check if AI wants to call a function
const toolCall = response.choices[0].message.tool_calls?.[0];
if (toolCall?.function.name === "get_weather") {
  const args = JSON.parse(toolCall.function.arguments);
  const weather = await get_weather(args.location);
  
  // Send result back to AI
  const finalResponse = await openai.chat.completions.create({
    model: "gpt-4",
    messages: [
      { role: "user", content: "What's the weather in Paris?" },
      response.choices[0].message,
      {
        role: "tool",
        tool_call_id: toolCall.id,
        content: JSON.stringify(weather)
      }
    ]
  });
}

🔒 Security Considerations

Critical Risks

  • Privilege Escalation: AI calling admin functions
  • Data Exfiltration: Accessing sensitive information
  • Resource Abuse: Expensive API calls
  • Injection Attacks: Malicious function arguments

Security Controls

  • Permission System: Role-based function access
  • Input Validation: Sanitize all function arguments
  • Rate Limiting: Prevent abuse and high costs
  • Audit Logging: Track all function calls

⚠️ Critical: Never give AI access to destructive functions (delete, modify permissions, financial transactions) without explicit human approval workflows.

🏗️ Architecture Patterns

Simple Function Calling

Components:

User InputLLMFunction RegistryFunction Execution

Pros:

  • Easy to implement
  • Low latency
  • Direct

Cons:

  • No security
  • No rate limiting
  • Hard to scale

When to use: Prototypes, internal tools

Enterprise Function Calling

Components:

API GatewayAuth ServiceFunction RouterRate LimiterAudit LoggerFunction Sandbox

Pros:

  • Secure
  • Scalable
  • Auditable
  • Rate limited

Cons:

  • Complex
  • Higher latency
  • More infrastructure

When to use: Production systems, customer-facing apps

✅ Best Practices

Function Design

  • Single Purpose: One function, one responsibility
  • Clear Names: Descriptive function and parameter names
  • Good Descriptions: Help AI understand when to call
  • Input Validation: Validate all parameters

Error Handling

  • Graceful Failures: Return helpful error messages
  • Timeout Protection: Set reasonable timeouts
  • Retry Logic: Handle transient failures
  • Fallback Responses: When functions fail

Testing

  • Unit Tests: Test each function individually
  • Integration Tests: Test AI calling functions
  • Security Tests: Test permission boundaries
  • Load Tests: Test under realistic usage

Monitoring

  • Usage Metrics: Track function call frequency
  • Performance: Monitor function execution time
  • Errors: Alert on high error rates
  • Costs: Track expensive function usage

🎯 Key Takeaways

Function calling = AI actions: Transform AI from text generator to intelligent agent

Security is critical: Validate inputs, control permissions, audit everything

Start simple: Begin with safe, read-only functions before adding writes

Design for reliability: Handle errors gracefully and provide fallbacks

Monitor and measure: Track usage, performance, and costs closely

📝 Function Calling & AI Tools Check

1 of 8Current: 0/8

What is the primary benefit of function calling in LLMs?