Search

Getting Started with AI in FME: AI Service Authentication

Desiree Marsden
Desiree Marsden
  • Updated

Introduction 

AI services are quickly becoming a powerful tool in modern data workflows, and FME makes it easier to integrate them into your workflows in a no-code environment. However, before you can leverage any AI capabilities, you must first authenticate with an AI service.

Once authenticated, FME's flexible architecture lets you switch between AI services without vendor lock-in. This means you can experiment with different providers, compare results across multiple services, and even experiment with cascading model configurations, adapting your workflows as new capabilities become available without major overhauls. 

Because authentication is fundamental and varies across providers, this article serves as the launching point for our Getting Started with AI in FME series. This article will lay this critical foundation before progressing to more advanced techniques, such as insight extraction and image classification, in subsequent tutorials.

By completing this tutorial, you will:

  • Understand the fundamental authentication requirements
  • Learn how to successfully connect an FME workspace to an AI provider
  • Be ready to proceed with subsequent FME AI tutorials

Supported AI Services in FME

FME is a flexible platform that supports integration with many AI service providers, including but not limited to:

  • Amazon Bedrock
  • Anthropic (Claude)
  • Azure OpenAI
  • Google Gemini
  • Ollama
  • OpenAI (ChatGPT)
  • And many more

A common starting point for comparing models and services is leaderboards like those available on HuggingFace; however, the best model or service for your workflow today may not be the best one tomorrow. The AI landscape evolves rapidly, with new models emerging and existing ones being updated frequently.

Authentication Basics

AI services that are not locally hosted (Ollama being a notable locally hosted model) typically follow one of two main authentication patterns, though some providers may have additional requirements or verification steps:

  1. API Token/Key Authentication
  2. OAuth Authentication Flow

An API key or token is a string of characters that identifies you to the service and is the simplest method of authentication, albeit not the most secure. It can be thought of like a password, so storing it securely is essential.

OAuth (Open Authorization) is a secure authorization framework that allows a third-party application, such as FME, to obtain limited access to a user's account resources from a service, such as Google. It offers more secure authentication and more flexible authorization than an "all-powerful" string of characters, such as token/key authentication.

The concepts of authentication and authorization often get confused; however, they are distinct processes. They either verify user identity or manage access to resources. Review this article for more details.

Requirements 

  • FME 2025.0+ (Build 25208)—OpenAIConnector
  • FME 2024.0+ (Build 24187)—GoogleGeminiConnector
  • Billing Account/Payment Plans
  • Google (Gmail) Account
  • Admin/ IT Permissions to:
    • Generate API keys in OpenAI
    • Create Projects in Google Cloud Console

Step-by-Step Instructions 

This article is a practical guide to API key authentication using OpenAI's (ChatGPT) models and OAuth authentication with Google's Gemini models. You'll connect with those services using existing FME Hub transformers:

Both transformers make calls to their respective REST API endpoints and unpack the responses in neatly packaged custom “connector” transformers.

While these two transformers serve as examples, the general approach of authenticating with tokens or keys and OAuth applies to other similar connector transformers available on the Hub. If your AI service or workflow requires a more bespoke solution, you can create connections and authentication flows using other transformers, such as the HTTPCaller and PythonCaller

Great resources on how to get started are:

Please note that OpenAI and Google Cloud Platform are subject to change at any time, so the instructions and screenshots in this article may differ slightly, but the concepts remain the same.

Part 1: Token/Key Authentication

The OpenAIConnector can access OpenAI models. The transformer requires three things to be configured:

  1. Some input
  2. An API key
  3. A user prompt

Generating a key doesn't always guarantee that you can make requests. Several platforms, including OpenAI, require payment or subscription before successful API calls can be made.

The OpenAI platform used to generate API keys is different from the ChatGPT interface. ChatGPT is designed for interacting with GPT models directly, while the OpenAI platform is for managing API keys, billing, and API access.

1. Create an Account or Log in to OpenAI

Go to OpenAI and click Log in or Sign up in the top right corner to navigate to the API Platform.

 

 

Use your OpenAI credentials or sign in with a connected provider (E.g., Google, Microsoft).

Depending on your account, a Start Building/Get Started button might be available. This option will walk you through an alternative way to create a working API key. That process may include creating an organization, inviting other team members, creating a project, and setting up billing/payments.

2. Navigate to the API Keys Page

Logging in will redirect you to the API Dashboard or another landing page. If the API/API keys section is not visible on the screen. Navigate to your user profile first, then to the API section in the left sidebar.

3. Create New API Key

Create a new API key on the API Keys page by clicking either the “Create new secret key” or “Generate key” button. Then, when prompted, assign the project and, optionally, the key name.

Once generated, the key will be displayed only once. Copy and store it securely, such as in a password manager, FME Flow Deployment Parameter, or encrypted environment variable.

After closing this window, the key’s string of characters will no longer be viewable, and if not recorded or lost, a new key needs to be created.

Generating API keys doesn't guarantee successful API calls with AI Connector Transformers. Access may also require being added to an enterprise plan by your administrator or having a valid billing/payment plan set up with the AI service.

4. Open FME Workbench and Add the Creator

Open FME 2025.0+ and start typing Creator on the canvas to add the transformer. 

5. Add an OpenAIConnector

Start typing on the canvas to bring up the OpenAIConnector transformer, then add it to the canvas, and import if prompted.

Double-click on the transformer to open the OpenAIConnector parameters and configure them as follows:

  • API Key: <newly generated API Key>
  • User Prompt: Tell me a joke!

Then click OK.

6. Run the Workspace

Run the workspace.

View the API response in the Visual Preview under the Response attribute.

Part 2: OAuth Authentication

For the GoogleGeminiConnector transformer, Google’s Vertex AI API service is authenticated using the OAuth 2.0 protocol. This is done by configuring FME’s Google AI OAuth Web Connection Service. 

In FME, Web Connections abstract the complex details of OAuth, handling most of the information exchange and validation protocols. 

FME’s Google AI OAuth connects to Google via APIs with a valid Client ID and Client Secret from Google Cloud Console, which are generated after registering and configuring an application (in this case, a Web Application) with the Google Cloud Console

On Google’s side, registering an application for this Web Connection entails:

  1. Creating a Project to hold all the application details
  2. Enabling the Project to access API resources from a user account
  3. Setting up an OAuth consent screen, which pops up in FME when using a Web Connection.
  4. Configuring an OAuth Client, which generates the Client ID and Secret

This article will walk through the steps to run the GoogleGeminiConnector by registering and configuring a Web application in the Google Cloud Console, obtaining the Client ID and Client Secret, and then configuring the Google AI OAuth Web Connection. 

For a deeper understanding of configuring Web Connections in FME, review this article:

Alternatively, Google offers free AI API keys via Google AI Studio, which can be called in FME using the HTTPCaller

Create an OAuth Application in Google Console

1. Log in and Create a Project 

Log in to Google Cloud Console using a Gmail account, then click on either the Create Project or Select a Project button near the top of the Home or landing page.

That will either redirect to the project details page or redirect to a Select a Project dialog, where clicking New Project will redirect to the same page.

2. Fill in Project Details

Details like Project name and Location help manage multiple projects in the Google Cloud Console, so fill in the Project name and Location that suit your needs.  For example:

  • Project name: My FME Project
  • Location: No Organization

Clicking Create will default all settings to the newly created project, which can be confirmed (or changed) by selecting the top left button near the Google Cloud icon. 

3. Navigate to the Enable API & Services Page

The Enable APIs & services page can be accessed in several ways, but one is to navigate to the left bar under the APIs & Services product tab. 

Then click the button to Enable APIs and Services

This will redirect to a page to grant API access for the Project (Web Application).

4. Grant the Project/Application Access to the Necessary APIs

Now, within the Enable APIs and services page, search for and enable:

  • Vertex API
  • Gemini API

5. Navigate to the OAuth Consent Screen

Navigate to the OAuth consent screen, which may be accessed in several ways, but one way is from the APIs & Services page

This will redirect to an Overview page to Get Started with registering our Web Application (FME) with Google.

6. Configure Project (Application) Screen 

The website will walk through the process of configuring the Project (the FME Web Application), which may include the following:

  1. App Information
    • App name
    • User support email
  2. Audience
    • Either as Internal or External
  3. Contact information
    • Which may be displayed on FME
  4. Finish
    • To consent to Google’s policies

The details here depend on how you want the consent screen to appear in FME, such as the App name or how Google manages the Application (e.g., Audience). Fill in these fields as you see fit. 

7. Configure OAuth Client

After configuring the Consent Screen, navigate to the Create OAuth client page to configure the Web Application’s OAuth details. Ensure the following details are filled in:

  1. Application type and Name
    • Web Application
    • Any name to identify the Web Application within Google Cloud Console
  2. Authorized JavaScript origins
    • https://localhost
  3. Authorized redirect URIs
    • https://localhost

These are crucial details to ensure the Project/Application within Google Cloud Console matches the details set up within FME Google AI Auth Web Connection.

8. Save the Client ID and Secret

After creating the OAuth client, the newly created client details should appear. First, copy and save the Client ID, then click OK.

Then, from the Client page, click on the newly created client

Then, under Additional Information, the Client secret should be visible. Copy and save the Client Secret.

The Client secret will only be visible for a limited time after closing this page, and a new Client secret will have to be created if this one is lost.

Configure the Web Service and Connection in FME

1. Open FME Workbench and Navigate to FME Options

Open up FME Workbench 2024.0+, then navigate to FME Options.

2. Access the Google AI OAuth (safe.google-ai) Web Service

Then, under Web Connections, click Manage Services.  To open FME’s Web Services Dialog.

From there, scroll down to search for Google AI OAuth (safe.google-ai) web service. This may appear as an already available service or as a downloadable service, indicated by its left icon.

Download or simply click on the Web Service.

3. Edit the Web Service Credentials

Now we want to edit the OAuth application details directly in the downloaded web service. Click on the Google AI OAuth (safe.google-ai) in the Manage Web Services dialog to configure it. Add the following details: 

  • Client Information
    • Client ID: <your client id>
    • Client Secret: <your client secret>

Then click Apply and Close. 

4. Add a Creator and GoogleGeminiConnector

To substitute for real data, start typing Creator to add the transformer to the canvas. 

Select OK when prompted, then start typing GoogleGeminiConnector on the canvas to add the FME Hub transformer, installing it if prompted.

5. Open the Web Connection Dialog

Double-click on the GoogleGeminiConnector transformer to open the parameters, then click the Google AI OAuth Web Connection parameter to add a Web Connection. This should open up the Google AI OAuth (safe.google-ai) Connection dialog. 

6. Sign In to Web Service

Click Sign in with Google to open the Sign-in screen. Enter Gmail account credentials, then log in. 

7. Add Parameters to Test 

After successfully logging in, the GoogleGeminiConnect only needs two other parameters to run:

  1. Project ID
  2. Prompt

The Project ID can be viewed in various ways in the Google Cloud Console, including by clicking the Project to open the general project details.

The prompt can be anything to test. Enter the following as an example: 

  • Project ID: <your project ID>
  • Prompt: Please give me a fun fact about gyms.

8. Run Workspace

Finally, click OK, then start typing Creator to add input for the connector transformer.

The result for this example will appear in the Visual Preview under the attribute Response.

Other AI with FME Articles

Now that you know how to authenticate and connect to AI services successfully, you can move on to the following articles:

Troubleshooting 

  • An Error occurred while accessing the URL 'https://api.openai...
    • The billing or enterprise permissions might need to be set. Reach out to your IT for help if needed.
  • A 404 Quota Exceeded response when sending a simple test prompt
    • Billing/payment needs to be set up within OpenAI
    • A valid billing account needs to be connected to the project within the Google Cloud Console
  • An error occurred while accessing the URL 'https://api.openai.com/v1/responses'
    • The account may not be properly configured/connected to an enterprise account, or an enterprise project, so the API keys generated are not
  • Error 403: access_denied error or Permission 'aiplatform.endpoints.predict' denied on resource

  • The Audience needs to be configured within Google Cloud Console by navigating to Apps & services> OAuth Consent screen>Audience, then either:
    • Publishing the app (the app will no longer be in testing)
    • Consent to particular users by their email

  • If you encounter a 403 PERMISSION_DENIED error for aiplatform.endpoints.predict, ensure the principal has the Vertex AI User role assigned, which provides the necessary permissions to call Vertex AI model endpoints. Example error message:

    • {
  "error": {
    "code": 403,
    "message": "Permission 'aiplatform.endpoints.predict' denied on resource '//aiplatform.googleapis.com/projects/<PROJECT>/locations/us-west1/publishers/google/models/gemini-2.0-flash-exp' (or it may not exist).",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "IAM_PERMISSION_DENIED",
        "domain": "aiplatform.googleapis.com",
        "metadata": {
          "resource": "projects/<PROJECT>/locations/us-west1/publishers/google/models/gemini-2.0-flash-exp",
          "permission": "aiplatform.endpoints.predict"
        }
      }
    ]
  }

     

  • 404 Publisher Model… was not found, or your project does not have access to it for the Gemini Connector

    • The Gemini model used in the Vertex AI API may be deprecated or unavailable to your Google Cloud project. Try substituting the existing ID for another model ID within the Model prompt. The connector's Model parameter is editable text, so either delete the existing text or use the Open Text Editor... option from the arrow.

Additional Resources

Was this article helpful?

We're sorry to hear that.

Please tell us why.

As of January 14th, 2026, comments on knowledge base articles have been closed. To make sure questions don’t get missed and to enable more community support, we’ve moved discussions to the FME Community. If you have a question or a comment about this article, please create a new post or create a support ticket.