GigaChat API Integration: OAuth, GigaChain, Production

We design and deploy artificial intelligence systems: from prototype to production-ready solutions. Our team combines expertise in machine learning, data engineering and MLOps to make AI work not in the lab, but in real business.
Showing 1 of 1All 1566 services
GigaChat API Integration: OAuth, GigaChain, Production
Simple
~1 day
Frequently Asked Questions

AI Development Areas

AI Solution Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1319
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1226
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    927
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1161
  • image_logo-advance_0.webp
    B2B Advance company logo design
    622
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    897

Note: when your RAG pipeline requires a local LLM and data absolutely cannot leave Russia, GigaChat from Sber becomes the only choice. Integrating GigaChat API via OAuth 2.0 and GigaChain is the standard path for production in government and finance. We have faced this in projects for contact centers, CRM, and chatbots. This article covers how to connect GigaChat correctly, without 'surprises' with tokens and certificates. GigaChat API integration includes setting up OAuth 2.0, selecting the right model, and ensuring stable production operation. Based on our experience, implementing GigaChat reduces operational costs for client support by 30–50% by automating typical requests.

Why GigaChat for Russian B2B?

GigaChat is the only major LLM physically located in Russia and compliant with 152-FZ on personal data. For banks, insurance, and government sectors, this is critical. Additionally, GigaChat supports multimodal requests (text + images) and integrates easily with LangChain via GigaChain, accelerating AI assistant development. As stated in Sber documentation, OAuth 2.0 requires a unique RqUID for each request.

Problems We Solve

OAuth 2.0 and Token Management. Sber uses a custom OAuth implementation: access_token lives for 30 minutes, requires a unique RqUID and Basic authorization. Without automatic refresh in production, the client gets a 401 error every half hour. We solve this with a caching client that refreshes with a 5-minute buffer.

Model Selection. The base GigaChat (8k context) works for tests, but real tasks need GigaChat-Plus (12k) or Pro (16k). On financial queries, GigaChat-Pro is 30% more accurate than base. For long dialogues and RAG, GigaChat-Max with a 32k token window—4x larger than base—handles complex contexts.

Latency and Reliability. In production, p99 latency (target < 2 sec) and network error handling matter. We implement retry logic with exponential backoff and monitor CPU/GPU utilization.

How We Integrate GigaChat API End-to-End

Let's walk through a typical project: a bank chatbot answering client questions.

Getting Access

# 1. Register at developers.sber.ru
# 2. Create a project and get client_id / client_secret
# 3. OAuth 2.0 authorization to get access_token

import requests
import base64
import uuid

CLIENT_ID = "your-client-id"
CLIENT_SECRET = "your-client-secret"
SCOPE = "GIGACHAT_API_PERS"  # For individuals
# GIGACHAT_API_B2B for business
# GIGACHAT_API_CORP for corporate

def get_access_token() -> str:
    credentials = base64.b64encode(f"{CLIENT_ID}:{CLIENT_SECRET}".encode()).decode()
    response = requests.post(
        "https://ngw.devices.sberbank.ru:9443/api/v2/oauth",
        headers={
            "Authorization": f"Basic {credentials}",
            "RqUID": str(uuid.uuid4()),
            "Content-Type": "application/x-www-form-urlencoded",
        },
        data={"scope": SCOPE},
        verify=False,  # Sber's self-signed certificate
    )
    return response.json()["access_token"]

Making a Basic Request

After getting the token, send a request to chat/completions. The token only lives 30 minutes, so automatic refresh is mandatory. Below is a client with token caching.

def gigachat_chat(prompt: str, access_token: str) -> str:
    response = requests.post(
        "https://gigachat.devices.sberbank.ru/api/v1/chat/completions",
        headers={"Authorization": f"Bearer {access_token}"},
        json={
            "model": "GigaChat",
            "messages": [{"role": "user", "content": prompt}],
            "temperature": 0.1,
            "max_tokens": 1024,
        },
        verify=False,
    )
    return response.json()["choices"][0]["message"]["content"]

# With token caching
from datetime import datetime, timedelta

class GigaChatClient:
    def __init__(self, client_id: str, client_secret: str):
        self.client_id = client_id
        self.client_secret = client_secret
        self._token = None
        self._token_expires = None

    def _ensure_token(self):
        if not self._token or datetime.now() >= self._token_expires:
            self._token = get_access_token()
            self._token_expires = datetime.now() + timedelta(minutes=25)  # 5-minute buffer

    def chat(self, messages: list[dict], model: str = "GigaChat") -> str:
        self._ensure_token()
        response = requests.post(
            "https://gigachat.devices.sberbank.ru/api/v1/chat/completions",
            headers={"Authorization": f"Bearer {self._token}"},
            json={"model": model, "messages": messages, "temperature": 0.1},
            verify=False,
        )
        return response.json()["choices"][0]["message"]["content"]

GigaChain — LangChain for GigaChat

from langchain_community.chat_models import GigaChat
from langchain_core.messages import HumanMessage, SystemMessage

chat = GigaChat(
    credentials="Base64(client_id:client_secret)",
    scope="GIGACHAT_API_PERS",
    model="GigaChat",
    verify_ssl_certs=False,
    streaming=False,
)

response = chat.invoke([
    SystemMessage(content="You are a financial consultant"),
    HumanMessage(content="Explain the key rate of the Central Bank of Russia"),
])
print(response.content)

GigaChat Models: Which to Choose for the Task

Model Description When to Choose
GigaChat Base, context window 8k tokens Simple chatbots, testing
GigaChat-Plus Improved accuracy and speed, 12k tokens CRM, contact centers
GigaChat-Pro Maximum quality, 16k tokens Analytics, report generation
GigaChat-Max Flagship, context window 32k tokens Full AI assistants, RAG

In our A/B tests on financial tasks, GigaChat-Pro shows 30% higher accuracy than the base model. For most production scenarios, GigaChat-Plus suffices. For long dialogues or document processing, use GigaChat-Max.

Case Study: Bank Contact Center

A bank contact center used GigaChat for automated answers to client questions about products. The main requirement was data localization per 152-FZ. We integrated GigaChat with the internal CRM via REST API, set up token caching and retry logic. Result: response time dropped by 40%, operator load by 60%. Average cost per inquiry fell from 200 to 100 rubles. The investment paid back in 6 months. The system processed about 5000 requests daily with 92% answer accuracy.

Project Work Process

Stage Duration What We Do
Analysis 1-2 days Identify use cases, load (RPS, tokens per minute)
Design 1-2 days Select model, set up OAuth, design flow (with or without RAG)
Implementation 3-5 days Write integration code, wrappers, tests (unit + integration)
Testing 1-2 days Check p99 latency (target < 2 sec), response correctness, edge cases
Deployment 1 day Set up CI/CD, monitoring, alerting on auth errors

Step-by-Step Integration Plan

  1. Register application on developers.sber.ru — get credentials.
  2. Set up OAuth with automatic token refresh (as in example above).
  3. Choose model — test GigaChat-Plus, Pro, or Max on your data.
  4. Develop a Python wrapper or use GigaChain.
  5. Integrate with business logic (CRM, chatbot, RAG).
  6. Load test — verify p99 latency and fault tolerance.
  7. Deploy and monitor — configure alerts on auth errors and response time exceedances.
Deployment with Docker

For fast deployment, containerize. Example Dockerfile:

FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "app.py"]

Run: docker build -t gigachat-client . && docker run -d -p 8000:8000 gigachat-client

Estimated Timelines

  • Access + basic integration: 2–3 days.
  • GigaChain/LangChain integration: 1 week.
  • Production with token refresh and retries: +2–3 days.

What Our Work Includes

Fixed scope: API documentation, OAuth with automatic refresh, Python wrappers (including GigaChain), test scenarios, deployment instructions, and one month of support. Training for your developers available on request.

Quality Guarantee

Our experience: over 10 projects with GigaChat and 5 years on the AI integration market. We use production-proven approaches: CPU/GPU monitoring, automatic token refresh, network error and certificate handling. Reference: OAuth 2.0 and LangChain.

If you have custom requirements, contact us for a free project assessment. Get a consultation — we'll help choose the optimal integration model for your business. Order an audit of your current solution — we'll propose a modernization plan within 2 days.