Loading tutorials…
Loading tutorials…
ChatGPT Actions let your Custom GPTs call external APIs — pull data from your CRM, post to social, query analytics. The leverage move for marketers who automate AI.
Who this is forMarketers building Custom GPTs who want them to read/write external data. Intermediate technical — requires understanding of APIs and JSON. Especially valuable for automation specialists.
What you'll need
Step 1
Action use cases: read data (pull CRM contacts), write data (post to social), trigger events (send email via API). Pick ONE per Action.
Read: GPT queries an API and displays the result. Example: "Show me last 10 leads from HubSpot."
Write: GPT calls an API to create/update data. Example: "Add this contact to HubSpot."
Trigger: GPT calls an API that initiates a downstream process. Example: "Send the welcome email to john@example.com."
Combination: read → process → write. Example: "Look up the contact, generate a personalized message, send it."
One Action per purpose. Multi-purpose Actions are debugging nightmares.
Step 2
Actions require an OpenAPI 3.x spec describing the API. Many APIs publish theirs; otherwise you write one.
OpenAPI spec is a YAML or JSON file describing API endpoints, parameters, responses, auth.
Many APIs publish theirs. HubSpot, Stripe, Shopify, Notion all have public OpenAPI specs. Search "[API name] OpenAPI spec."
If the API does not publish one: you write it. Use Swagger Editor (online) to build the YAML.
Minimum spec: API base URL, one or more endpoint paths, HTTP method (GET/POST/etc.), parameters, response schema, auth method.
Keep the spec focused on ONLY the endpoints your Action will use. Bigger specs slow GPT responses.
Step 3
In Custom GPT Configure → Actions → + Add Action. Paste the OpenAPI spec. Test the schema.
Open your Custom GPT → Configure tab.
Scroll to "Actions" → click "+ Add Action."
Paste your OpenAPI spec (YAML or JSON) into the Schema field. ChatGPT validates it.
If validation fails: ChatGPT shows specific errors. Common issues: missing servers field, wrong parameter type, missing response schema.
Once schema is valid, ChatGPT auto-generates a list of "Available actions" — each endpoint becomes a callable function.
Step 4
Pick the auth type: None (open APIs), API Key, OAuth. Each has different setup.
In the Action setup, "Authentication" dropdown.
None: open APIs (rare for production use).
API Key: most common for service APIs. Paste your key. Set location: header (most common, e.g., "Authorization" or "X-API-Key"), query parameter, or basic auth.
OAuth: for user-context APIs (Google Drive, GitHub, etc.). Configure client ID, client secret, auth URL, token URL, scopes. More complex but enables per-user auth.
Save. ChatGPT stores the credentials encrypted; users of the GPT do not see them.
Step 5
Tell the GPT WHEN to call the Action. Without instructions, the GPT may default to text-only responses instead of using the API.
Open the GPT's Instructions field.
Add explicit guidance: "When the user asks for [specific request], call the [action_name] action with these parameters: [list]. Use the response to generate a natural-language answer."
Example: "When the user asks 'How many leads do we have this week,' call the get_leads action with date_range = 'this_week.' Format the response as a brief summary."
Without explicit triggers in Instructions, the GPT may guess or default to text-only responses.
Step 6
Run real prompts. Verify the GPT calls the right API, with the right params, and uses the response correctly.
Save the GPT. Open a new chat with it.
Run a prompt that should trigger the Action. Example: "Pull my last 5 HubSpot contacts."
GPT should respond with: a brief acknowledgment, then call the action (you see "Calling action: get_contacts..." in the chat), then format the response.
If the action call fails: ChatGPT shows the error inline. Common: 401 unauthorized (bad API key), 404 (wrong endpoint), 422 (wrong parameters).
Fix the OpenAPI spec or auth config. Re-test.
Run 10+ test prompts before considering the Action production-ready.
Step 7
For write/trigger Actions, the GPT can take real-world actions. Add Instructions that confirm before destructive operations.
Write Actions (creating/updating data) can do damage if invoked wrongly.
Add to Instructions: "Before calling any action that creates, updates, or deletes data, summarize the intended action and ask the user to confirm with 'yes' before proceeding."
Example: "User says: 'Delete contact john@example.com.' GPT response: 'I am about to delete the contact for john@example.com from HubSpot. Confirm with yes to proceed.'"
This pattern prevents accidental destructive operations.
For read-only Actions, this safety check is unnecessary.
Common mistakes
Storing API keys in OpenAPI spec
What goes wrong: If you paste an API key into the OpenAPI spec (example endpoints often show this), the key is visible to anyone who can see the spec. Big security risk.
How to avoid: API keys go in the Authentication config in the Action setup, NOT in the OpenAPI spec. Spec describes the API; auth is separate.
Using HTTP endpoints
What goes wrong: OpenAI rejects HTTP-only Actions. Your API must serve HTTPS. If you use a custom or internal API on HTTP, the Action setup fails outright.
How to avoid: Set up HTTPS on your API (Let's Encrypt is free) OR use Cloudflare to add HTTPS in front of an HTTP origin.
No safety guardrails on destructive operations
What goes wrong: User says 'delete all contacts.' GPT immediately calls the delete API. Data is gone. No confirmation, no rollback.
How to avoid: For any Action that creates/updates/deletes data, add to Instructions: confirm before proceeding. Specifically require user to type "yes" before destructive operations.
Too-broad OpenAPI spec
What goes wrong: You paste the full HubSpot OpenAPI spec (50+ endpoints) into one Action. GPT gets confused about which to call. Responses slow down. Many endpoints are never used.
How to avoid: Trim the spec to ONLY the 2-5 endpoints your Action actually needs. Smaller spec = faster, more accurate GPT.
Not testing edge cases
What goes wrong: Action works with happy-path prompts. Then a user types something slightly different and the GPT calls the API with malformed params, returning 422 errors.
How to avoid: Test 10+ prompts including edge cases (vague requests, missing parameters, unusual phrasings). Iterate Instructions to handle them gracefully.
Recap
Done — what's next
How to build a Custom GPT for marketing workflows
Read the next tutorial
Hand it off
Actions turn Custom GPTs into real automation. A specialist who has integrated 20+ APIs has the patterns: spec design, auth flows, safety guardrails. From $14-16/hr — most Actions integration projects land at $400-1,000 for 3-5 working Actions.
See specialist rates
Plugins (deprecated 2024) were ChatGPT's old way to extend functionality. Actions replaced them — same concept (call external APIs) but better integration with Custom GPTs and tighter security model.
Yes, on Team or Enterprise plans. Team/Enterprise do NOT train on your data. Set API keys to scoped, read-only where possible. Avoid using master/admin API keys for Actions.
1-5 seconds per call typically. Slow APIs (>10 seconds) cause GPT timeouts. If your API is slow, build a faster proxy/cache layer before exposing it via Action.
Yes — up to 10 Actions per GPT. Each is a separate OpenAPI spec + auth. Useful for GPTs that read from one system and write to another (e.g., read HubSpot, write to Stripe).
A read-only Action against a public API with API key auth. Example: query a weather API or a public stock-price API. No OAuth, no destructive operations, no auth scope complexity. Build one Action to learn the flow, then graduate to business APIs.
ChatGPT for Marketing
Custom GPTs are the leverage move for marketers who do the same prompts repeatedly. Build once, reuse forever, share with the team. This is the build workflow.
ChatGPT for Marketing
ChatGPT Code Interpreter (Advanced Data Analysis) can analyze 50-row spreadsheets or 50,000-row exports. Plus browsing makes it a competitive research engine. This is the workflow.
ChatGPT for Marketing
ChatGPT Team and Enterprise unlock shared GPTs, no-train data privacy, and admin controls. Setup is more nuanced than the marketing pages suggest. This is the practical walkthrough.
Claude for Marketing
Claude Projects are how you stop re-explaining your brand voice every conversation. Set up once, every chat in the project starts with full context. The leverage move for serious Claude users.