# Use with Claude Code (/docs/claude-code)
A Space API key turns Claude Code into a teammate inside one Wakato **Space**:
it can read your contacts and tables, build and publish pages, draft social
posts, run automations, even author full Space Apps — limited to exactly the
scopes you granted the key.
## 1. Mint a key [#1-mint-a-key]
In Wakato: **Space → Settings → API Keys → New API key**. Pick the scopes you
want Claude to have (start with `read` + `write`; add `run` scopes only for
actions you want it to take live). Copy the `wks_live_…` token — it's shown
once.
## 2. Connect over MCP (recommended) [#2-connect-over-mcp-recommended]
One command from your project directory:
```bash
claude mcp add --transport http wakato \
https://api.wakato.io/functions/v1/space-mcp \
--header "Authorization: Bearer wks_live_YOUR_TOKEN"
```
Or commit a `.mcp.json` to the project (keep the token out of git — use an
environment variable):
```json title=".mcp.json"
{
"mcpServers": {
"wakato": {
"type": "http",
"url": "https://api.wakato.io/functions/v1/space-mcp",
"headers": { "Authorization": "Bearer ${WAKATO_SPACE_KEY}" }
}
}
}
```
Claude Code discovers every tool the key allows via `tools/list` — tools the
key lacks scopes for are not even listed. Then just ask:
* *"List my open tasks and mark the overdue ones high priority."*
* *"Build a pricing page with our contact form embedded, but don't publish it."*
* *"Draft next week's LinkedIn posts from the contents of the Launch table."*
## 3. Or call REST from scripts [#3-or-call-rest-from-scripts]
The same token works as a plain Bearer token against
`https://api.wakato.io/functions/v1/space-api` — useful inside Bash steps,
CI jobs, or any non-MCP tool:
```bash
curl https://api.wakato.io/functions/v1/space-api/contacts \
-H "Authorization: Bearer $WAKATO_SPACE_KEY"
```
See the **API Reference** for every endpoint and its required scope.
## 4. Add context via CLAUDE.md [#4-add-context-via-claudemd]
Drop a note in your project's `CLAUDE.md` so Claude knows what the connection
is for:
```markdown title="CLAUDE.md"
## Wakato
The "wakato" MCP server is connected to our Marketing Space.
Drafts are fine to create freely; anything live (publish, post, send)
should be confirmed with me first.
```
Agents can also fetch a machine-readable overview of this API at
[`/llms.txt`](/llms.txt) and the full text at [`/llms-full.txt`](/llms-full.txt).
## Safety recap [#safety-recap]
* A key is locked to **one Space** — it can't see other Spaces, members, or
your login.
* `write` creates **drafts**; going live (publish/post/send/run) needs the
matching `run` scope.
* Wallet and Finance are read-only; secret **values** are never returned.
* Revoke the key in Space Settings and the connection dies instantly.
# Wakato Space API (/docs)
The **Wakato Space API** gives an external agent or tool — Claude Code, Cursor,
Zapier, a partner integration, or your own scripts — scoped, revocable control
of a single Wakato **Space**.
One **Space API key** (`wks_live_…`) works two ways:
Connect Claude Code, Cursor, or Claude Desktop to `/functions/v1/space-mcp`.
The agent self-discovers every tool.
Call `/functions/v1/space-api` from anything that speaks HTTP, using the
same Bearer token.
## What an agent can do [#what-an-agent-can-do]
Within the scopes you grant, an agent can manage contacts and records, build
and publish pages, draft and publish social posts, run tasks, send email,
reply to DMs, build full Space Apps, and more — all scoped to one Space.
## Built to be safe [#built-to-be-safe]
A key can never touch another Space, your login, or member permissions.
Publishing, sending, and launching are separate `run` scopes you grant
deliberately.
Wallet and Finance can be read; nothing moves funds.
Only secret names are listed — values are never returned.
Mint a key, connect Claude or Cursor, and make your first call.
# Quickstart (/docs/quickstart)
Give an AI agent or third-party tool scoped, revocable control of one Wakato
**Space**. One token, two surfaces:
* **MCP** — for Claude Code, Cursor, Claude Desktop (`/functions/v1/space-mcp`)
* **REST** — for everything else (`/functions/v1/space-api`)
| Env | Base |
| ----------- | ------------------------------------------------------- |
| Production | `https://api.wakato.io/functions/v1` |
| Development | `https://pnwxrleocjbcvrrwrycq.supabase.co/functions/v1` |
## 1. Mint a key [#1-mint-a-key]
In the app: **Space → Settings → API Keys → New API key**.
1. Name it (e.g. "Claude Code").
2. Choose an expiry (or *No expiry*).
3. Tick the **scopes** you want to grant. Each domain has up to three actions:
* **Read** — list / inspect
* **Write** — create / edit (drafts)
* **Run** — the live action: publish a page, send an SMS, post socially, run
an automation. *Grant deliberately.*
4. **Create** and copy the token (`wks_live_…`). It's shown once.
A key is locked to that one Space. It can never touch another Space, move
money, read secret values, manage members, or connect new accounts.
Start least-privilege. "Pages: Read + Write" lets an agent build pages without
being able to publish them live.
## 2a. Connect over MCP (Claude Code, Cursor) [#2a-connect-over-mcp-claude-code-cursor]
The MCP server self-describes its tools — once connected, the agent discovers
everything via `tools/list`. You only need the URL + your key.
```json title=".mcp.json (Claude Code)"
{
"mcpServers": {
"wakato": {
"type": "http",
"url": "https://api.wakato.io/functions/v1/space-mcp",
"headers": { "Authorization": "Bearer wks_live_YOUR_TOKEN" }
}
}
}
```
Cursor (`.cursor/mcp.json`) uses the same shape. Then just ask: *"List my open
tasks"*, *"Build a pricing page with a contact form"*, *"Draft a LinkedIn post
about our launch."*
## 2b. Call over REST [#2b-call-over-rest]
```bash
KEY="wks_live_YOUR_TOKEN"
BASE="https://api.wakato.io/functions/v1/space-api"
# List pages
curl "$BASE/pages" -H "Authorization: Bearer $KEY"
# Create a page
curl -X POST "$BASE/pages" \
-H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
-d '{"title":"Launch","layout_html":""}'
# Publish it (needs the pages:run scope)
curl -X POST "$BASE/pages/PAGE_ID/publish" \
-H "Authorization: Bearer $KEY" -H "Content-Type: application/json" -d '{}'
```
| Code | Meaning |
| ------------- | --------------------------------------------------- |
| `200` / `201` | Success |
| `401` | Missing or invalid key |
| `403` | The key lacks the required scope for that operation |
See the **API Reference** for every endpoint and its required scope.
## 3. What an agent can do [#3-what-an-agent-can-do]
| Domain | Read | Write | Run |
| ----------------------------- | ------------------ | ----------------- | ---------------- |
| Contacts, Tables | ✓ | ✓ | — |
| Pages, Forms, Booking | ✓ | ✓ | publish page |
| Calendar, Tasks | ✓ | ✓ | — |
| Documents, Whiteboards, Meet | ✓ | ✓ | — |
| Assets (media, characters) | ✓ | ✓ | — |
| Social | accounts/analytics | draft posts | publish/schedule |
| Inbox / DMs | threads/messages | — | reply |
| Phone | numbers/calls | — | send SMS |
| Ads | accounts/campaigns | draft campaign | (launch in UI) |
| Cloud Agents | ✓ | ✓ | — |
| Apps (build Space Apps) | ✓ | build code/schema | publish |
| Wallet, Finance, Integrations | ✓ (read-only) | — | — |
| Secrets | names only | — | — |
| Automations | ✓ | — | run |
| Agent Mail | — | send | — |
## 4. Safety model [#4-safety-model]
* **One Space.** A key cannot reach another Space, the user's login, member
permissions, or other users.
* **Draft-first.** Posting, sending, launching, and publishing are separate
`run` scopes — `write` lets an agent prepare, not go live.
* **Money is read-only.** Wallet and Finance can be read; nothing moves funds.
* **Secrets stay secret.** Only names/labels are listed; values live in Vault.
* **Accounts stay yours.** Connecting new social/OAuth accounts requires you.
* **Revocable.** Delete the key and the connection is gone immediately.
## 5. Realtime [#5-realtime]
Changes an agent makes through this API appear **live** in an open Wakato tab
(Pages, Contacts, Tasks, Documents, Calendar, Forms, Booking, Social) — no
refresh needed.
# Ads (/docs/ads)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Agent Mail (/docs/agent-mail)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Apps (/docs/apps)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Assets (/docs/assets)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Automations (/docs/automations)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Booking Pages (/docs/booking-pages)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Calendar (/docs/calendar)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Cloud Agents (/docs/cloud-agents)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Contacts (/docs/contacts)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Documents (/docs/documents)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Finance (/docs/finance)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Forms (/docs/forms)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Integrations (/docs/integrations)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Meet (/docs/meet)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Messaging (/docs/messaging)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Pages (/docs/pages)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Phone (/docs/phone)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Secrets (/docs/secrets)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Social (/docs/social)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Tables (/docs/tables)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Tasks (/docs/tasks)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Wallet (/docs/wallet)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
# Whiteboards (/docs/whiteboards)
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}