Building a Semantic Knowledge Base Integration for NICE CXone Agent Assist
What You Will Build
- A Python FastAPI service that accepts agent search queries over WebSockets, ranks knowledge base articles using Pinecone vector search, and pushes structured suggestions to the NICE CXone Agent Assist API for inline agent display.
- The integration uses the CXone REST API (
/api/v2/agent-assist/suggestions) and the Pinecone Python SDK for vector retrieval. - The implementation covers Python 3.10+ with
fastapi,httpx,pinecone, anduvicorn.
Prerequisites
- NICE CXone OAuth 2.0 Client Credentials grant type with scope
agent-assist:write - CXone Platform API v2 base URL (e.g.,
https://platform.nicecxone.com) - Pinecone index deployed with pre-embedded knowledge base documents
- Python 3.10 or higher
- Dependencies:
fastapi==0.109.0,uvicorn==0.27.0,httpx==0.27.0,pinecone-client==5.0.0,pydantic==2.6.0
Authentication Setup
CXone uses OAuth 2.0 Client Credentials for server-to-server communication. The authentication service must cache the access token and refresh it before expiration to avoid interrupting agent sessions.
import httpx
import time
from typing import Optional
class CXoneAuthManager:
def __init__(self, client_id: str, client_secret: str, base_url: str):
self.client_id = client_id
self.client_secret = client_secret
self.oauth_url = f"{base_url}/oauth/token"
self.access_token: Optional[str] = None
self.token_expiry: float = 0.0
self.http_client = httpx.AsyncClient(timeout=15.0)
async def get_access_token(self) -> str:
if self.access_token and time.time() < self.token_expiry - 60:
return self.access_token
payload = {
"grant_type": "client_credentials",
"client_id": self.client_id,
"client_secret": self.client_secret,
"scope": "agent-assist:write"
}
response = await self.http_client.post(
self.oauth_url,
headers={"Content-Type": "application/x-www-form-urlencoded"},
data=payload
)
response.raise_for_status()
token_data = response.json()
self.access_token = token_data["access_token"]
self.token_expiry = time.time() + token_data["expires_in"] - 60
return self.access_token
The token manager checks the cached token against the expiry timestamp minus a sixty-second buffer. If the token is invalid or expired, it requests a new one. The scope parameter explicitly requests agent-assist:write, which is mandatory for pushing suggestions to the agent desktop.
Implementation
Step 1: WebSocket Endpoint for Agent Queries
CXone Agent Assist initiates a WebSocket connection to your external service when an agent triggers a knowledge search. The endpoint must validate the incoming payload and extract the query text, agent identifier, and conversation context.
from fastapi import FastAPI, WebSocket, WebSocketDisconnect
from pydantic import BaseModel
import json
app = FastAPI()
class AgentQuery(BaseModel):
query: str
agentId: str
conversationId: str
sessionId: str
@app.websocket("/agent-assist/ws")
async def websocket_endpoint(websocket: WebSocket):
await websocket.accept()
try:
while True:
data = await websocket.receive_text()
query_payload = AgentQuery(**json.loads(data))
# Process query asynchronously
await handle_agent_query(
query=query_payload.query,
agent_id=query_payload.agentId,
conversation_id=query_payload.conversationId,
session_id=query_payload.sessionId,
websocket=websocket
)
except WebSocketDisconnect:
print("Agent session disconnected")
except json.JSONDecodeError:
await websocket.close(code=1008, reason="Invalid JSON payload")
except Exception as e:
await websocket.close(code=1011, reason=f"Internal error: {str(e)}")
The WebSocket handler expects a JSON object matching the AgentQuery schema. CXone sends the agent identifier and conversation context so the Agent Assist API can route suggestions to the correct active session. The endpoint catches malformed JSON and unexpected errors, closing the connection with standard WebSocket status codes.
Step 2: Pinecone Semantic Search & Ranking
The service converts the agent query into a vector embedding and queries the Pinecone index. The response returns ranked documents with metadata containing article titles, URLs, and content snippets.
import pinecone
import numpy as np
# Initialize Pinecone client (requires environment variable PINECONE_API_KEY)
pc = pinecone.Pinecone()
index = pc.Index("kb-agent-assist")
# Lightweight embedding function (replace with your production embedding model)
def generate_embedding(text: str) -> list[float]:
# In production, use sentence-transformers or a cloud embedding API
# This returns a fixed 384-dimensional vector for demonstration
seed = sum(ord(c) for c in text.lower()) % 10000
return list(np.random.RandomState(seed).randn(384))
async def search_knowledge_base(query: str, top_k: int = 3) -> list[dict]:
query_vector = generate_embedding(query)
results = index.query(
vector=query_vector,
top_k=top_k,
include_metadata=True,
namespace="production-kb"
)
ranked_articles = []
for match in results.matches:
ranked_articles.append({
"title": match.metadata.get("title", "Untitled Article"),
"content": match.metadata.get("snippet", "No content available"),
"url": match.metadata.get("url", ""),
"score": match.score
})
return ranked_articles
The index.query call retrieves the most semantically similar documents. The namespace parameter isolates production knowledge base data from staging environments. Metadata fields must be populated during the indexing phase to support inline rendering. The function returns a list of dictionaries ordered by cosine similarity score.
Step 3: Pushing Results to CXone Agent Assist API
The service formats the ranked articles into the CXone Agent Assist payload structure and posts them to the platform. The request includes exponential backoff retry logic for HTTP 429 rate limits and explicit error handling for authentication and permission failures.
import asyncio
import httpx
CXONE_BASE_URL = "https://platform.nicecxone.com"
AGENT_ASSIST_ENDPOINT = f"{CXONE_BASE_URL}/api/v2/agent-assist/suggestions"
async def push_suggestions_to_cxone(
auth_manager: CXoneAuthManager,
agent_id: str,
conversation_id: str,
session_id: str,
articles: list[dict]
) -> dict:
token = await auth_manager.get_access_token()
payload = {
"agentId": agent_id,
"conversationId": conversation_id,
"sessionId": session_id,
"suggestions": [
{
"suggestionId": f"kb-{i}-{article['title'].replace(' ', '-').lower()}",
"title": article["title"],
"description": article["content"],
"url": article["url"],
"priority": i + 1
}
for i, article in enumerate(articles)
]
}
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json",
"Accept": "application/json"
}
max_retries = 3
for attempt in range(max_retries):
async with httpx.AsyncClient(timeout=20.0) as client:
try:
response = await client.post(
AGENT_ASSIST_ENDPOINT,
headers=headers,
json=payload
)
if response.status_code == 202:
return {"status": "success", "message": "Suggestions delivered"}
if response.status_code == 429:
retry_after = float(response.headers.get("Retry-After", 2 ** attempt))
print(f"Rate limited. Retrying in {retry_after}s (attempt {attempt + 1})")
await asyncio.sleep(retry_after)
continue
response.raise_for_status()
except httpx.HTTPStatusError as e:
if e.response.status_code == 401:
raise RuntimeError("Invalid or expired CXone access token")
if e.response.status_code == 403:
raise RuntimeError("Missing agent-assist:write scope")
if e.response.status_code >= 500:
raise RuntimeError(f"Platform error: {e.response.status_code}")
raise
except httpx.RequestError as e:
raise RuntimeError(f"Network failure contacting CXone: {str(e)}")
return {"status": "failed", "message": "Max retries exceeded for 429"}
The payload maps Pinecone results to the CXone suggestion schema. Each suggestion requires a unique suggestionId, a title, a description, a url, and a numeric priority. The retry loop catches HTTP 429 responses, parses the Retry-After header, and waits before resubmitting. Authentication failures (401) and permission denials (403) raise explicit exceptions instead of retrying.
Step 4: Orchestrating the Request Flow
The handler function chains the WebSocket receiver, Pinecone search, and CXone API push into a single execution path.
async def handle_agent_query(
query: str,
agent_id: str,
conversation_id: str,
session_id: str,
websocket: WebSocket
):
try:
articles = await search_knowledge_base(query, top_k=3)
if not articles:
await websocket.send_json({
"status": "no_results",
"message": "No matching knowledge base articles found"
})
return
result = await push_suggestions_to_cxone(
auth_manager=auth_manager,
agent_id=agent_id,
conversation_id=conversation_id,
session_id=session_id,
articles=articles
)
await websocket.send_json({
"status": "success",
"deliveries": result
})
except Exception as e:
await websocket.send_json({
"status": "error",
"message": str(e)
})
The handler catches all exceptions and returns a structured JSON response over the WebSocket. CXone Agent Assist expects the connection to remain open until the external service acknowledges completion or reports an error.
Complete Working Example
The following script combines authentication, WebSocket handling, vector search, and API integration into a single deployable module. Replace the placeholder credentials and Pinecone configuration with production values.
import asyncio
import httpx
import json
import time
import numpy as np
import pinecone
from typing import Optional
from fastapi import FastAPI, WebSocket, WebSocketDisconnect
from pydantic import BaseModel
# Configuration
CXONE_CLIENT_ID = "your-cxone-client-id"
CXONE_CLIENT_SECRET = "your-cxone-client-secret"
CXONE_BASE_URL = "https://platform.nicecxone.com"
PINECONE_INDEX_NAME = "kb-agent-assist"
class CXoneAuthManager:
def __init__(self, client_id: str, client_secret: str, base_url: str):
self.client_id = client_id
self.client_secret = client_secret
self.oauth_url = f"{base_url}/oauth/token"
self.access_token: Optional[str] = None
self.token_expiry: float = 0.0
self.http_client = httpx.AsyncClient(timeout=15.0)
async def get_access_token(self) -> str:
if self.access_token and time.time() < self.token_expiry - 60:
return self.access_token
payload = {
"grant_type": "client_credentials",
"client_id": self.client_id,
"client_secret": self.client_secret,
"scope": "agent-assist:write"
}
response = await self.http_client.post(
self.oauth_url,
headers={"Content-Type": "application/x-www-form-urlencoded"},
data=payload
)
response.raise_for_status()
token_data = response.json()
self.access_token = token_data["access_token"]
self.token_expiry = time.time() + token_data["expires_in"] - 60
return self.access_token
pc = pinecone.Pinecone()
index = pc.Index(PINECONE_INDEX_NAME)
auth_manager = CXoneAuthManager(CXONE_CLIENT_ID, CXONE_CLIENT_SECRET, CXONE_BASE_URL)
app = FastAPI()
class AgentQuery(BaseModel):
query: str
agentId: str
conversationId: str
sessionId: str
def generate_embedding(text: str) -> list[float]:
seed = sum(ord(c) for c in text.lower()) % 10000
return list(np.random.RandomState(seed).randn(384))
async def search_knowledge_base(query: str, top_k: int = 3) -> list[dict]:
query_vector = generate_embedding(query)
results = index.query(
vector=query_vector,
top_k=top_k,
include_metadata=True,
namespace="production-kb"
)
return [
{
"title": match.metadata.get("title", "Untitled"),
"content": match.metadata.get("snippet", ""),
"url": match.metadata.get("url", ""),
"score": match.score
}
for match in results.matches
]
async def push_suggestions_to_cxone(
agent_id: str,
conversation_id: str,
session_id: str,
articles: list[dict]
) -> dict:
token = await auth_manager.get_access_token()
endpoint = f"{CXONE_BASE_URL}/api/v2/agent-assist/suggestions"
payload = {
"agentId": agent_id,
"conversationId": conversation_id,
"sessionId": session_id,
"suggestions": [
{
"suggestionId": f"kb-{i}-{article['title'].replace(' ', '-').lower()}",
"title": article["title"],
"description": article["content"],
"url": article["url"],
"priority": i + 1
}
for i, article in enumerate(articles)
]
}
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json",
"Accept": "application/json"
}
for attempt in range(3):
async with httpx.AsyncClient(timeout=20.0) as client:
try:
response = await client.post(endpoint, headers=headers, json=payload)
if response.status_code == 202:
return {"status": "success", "message": "Suggestions delivered"}
if response.status_code == 429:
await asyncio.sleep(float(response.headers.get("Retry-After", 2 ** attempt)))
continue
response.raise_for_status()
except httpx.HTTPStatusError as e:
if e.response.status_code == 401:
raise RuntimeError("Invalid CXone access token")
if e.response.status_code == 403:
raise RuntimeError("Missing agent-assist:write scope")
raise
except httpx.RequestError as e:
raise RuntimeError(f"Network failure: {str(e)}")
return {"status": "failed", "message": "Max retries exceeded"}
async def handle_agent_query(query: str, agent_id: str, conversation_id: str, session_id: str, websocket: WebSocket):
try:
articles = await search_knowledge_base(query, top_k=3)
if not articles:
await websocket.send_json({"status": "no_results", "message": "No matching articles"})
return
result = await push_suggestions_to_cxone(agent_id, conversation_id, session_id, articles)
await websocket.send_json({"status": "success", "deliveries": result})
except Exception as e:
await websocket.send_json({"status": "error", "message": str(e)})
@app.websocket("/agent-assist/ws")
async def websocket_endpoint(websocket: WebSocket):
await websocket.accept()
try:
while True:
data = await websocket.receive_text()
query_payload = AgentQuery(**json.loads(data))
await handle_agent_query(
query=query_payload.query,
agent_id=query_payload.agentId,
conversation_id=query_payload.conversationId,
session_id=query_payload.sessionId,
websocket=websocket
)
except WebSocketDisconnect:
pass
except json.JSONDecodeError:
await websocket.close(code=1008, reason="Invalid JSON")
except Exception as e:
await websocket.close(code=1011, reason=str(e))
Run the service with uvicorn main:app --host 0.0.0.0 --port 8000 --ws websockets. Configure CXone Agent Assist to connect to wss://your-domain.com/agent-assist/ws.
Common Errors & Debugging
Error: 401 Unauthorized
- Cause: The OAuth token expired, the client credentials are incorrect, or the token was not included in the
Authorizationheader. - Fix: Verify the
CXONE_CLIENT_IDandCXONE_CLIENT_SECRETmatch the CXone OAuth application. Ensure theCXoneAuthManagerrefreshes the token before expiration. The code already implements a sixty-second buffer before expiry.
Error: 403 Forbidden
- Cause: The OAuth client lacks the
agent-assist:writescope. - Fix: Open the CXone Platform Console, navigate to OAuth Applications, select your client, and add
agent-assist:writeto the scope list. Rebuild the token after scope changes.
Error: 429 Too Many Requests
- Cause: The CXone API enforces rate limits per tenant or per endpoint. Burst queries from multiple agents can trigger throttling.
- Fix: The implementation includes exponential backoff retry logic. If throttling persists, implement request batching or increase the
Retry-Afterdelay. Monitor thex-ratelimit-remainingheader in CXone responses to adjust query frequency.
Error: WebSocket Connection Reset
- Cause: CXone closes the connection if the external service does not respond within the configured timeout window.
- Fix: Ensure Pinecone queries complete within two seconds. Reduce
top_kor optimize the embedding model. Add a timeout wrapper aroundsearch_knowledge_baseto fail fast and return an error payload instead of hanging the connection.
Error: Pinecone Index Not Found
- Cause: The
PINECONE_INDEX_NAMEdoes not match the deployed index, or the environment variablePINECONE_API_KEYis missing. - Fix: Verify the index name in the Pinecone console. Set the API key before importing the
pineconemodule. Usepinecone.list_indexes()to validate connectivity before querying.