Guides
Agent access
Scoped API keys, the REST API, and the MCP server.
The whole directory is operable by an agent. Create a scoped key, and any coding agent can read the catalog, draft content, publish, and run pipelines — over REST or the Model Context Protocol.
API keys and scopes
Create keys in /admin/api-keys. The plaintext is shown once at creation; only a sha256 hash is stored. Scopes are cumulative — each tier includes the ones before it:
| Scope | Allows |
|---|---|
read | GET endpoints (including drafts and review queues) |
content | Create and edit drafts |
publish | Publish, promote, delete, revalidate, run pipelines |
admin | Everything, incl. settings and key management |
Every key is prefixed awp_ and authenticated with a bearer header on every request:
Authorization: Bearer awp_…
REST API
The complete OpenAPI 3.1 document lives at GET /api/docs (also rendered at /admin/api-docs). The shapes:
# read the directory
curl https://your-domain/api/tools?limit=5
# create a draft tool (content scope)
curl -X POST https://your-domain/api/tools \
-H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
-d '{"name":"Example","slug":"example","description":"…","website":"https://example.com","category":"ai-coding","pricingTier":"freemium","isActive":false}'
MCP server
/api/mcp speaks the Model Context Protocol over streamable HTTP. Any MCP client — Claude Code, Claude Desktop, Cursor, custom agents — connects with a bearer key and gets the site as tools:
{
"mcpServers": {
"my-site": {
"type": "http",
"url": "https://your-domain/api/mcp",
"headers": { "Authorization": "Bearer awp_…" }
}
}
}
Available tools: awp_site_stats, awp_list_tools, awp_get_tool, awp_add_tool, awp_update_tool, awp_list_news_queue, awp_publish_news, awp_list_submissions, awp_approve_submission, awp_reject_submission, awp_update_settings. Each tool enforces the key's scopes — a read key can look but not touch.