Dashboard

Integrations Documentation

Connect third-party services to your website. Store credentials securely in the Vault and execute API calls through the integration proxy — your API keys never leave the server.

ℹ️ How Integrations Work Store your API key once in the Vault (VAPI). Then call the integration proxy (IAPI) to send emails, process payments, and more. The system injects your credentials server-side — they're never exposed to AI assistants, browsers, or API responses.

Overview

The integrations system consists of two APIs working together:

API Base Path Purpose
VAPI /vapi/* Secure credential vault — store, list, and delete API keys
IAPI /iapi/* Integration proxy — discover, configure, and execute third-party API calls

The typical flow is: store a secret in the Vault, setup the integration, then execute proxy calls. The proxy resolves {{vault:key_name}} references server-side and forwards requests to the third-party API with real credentials.

Authentication

All Vault and Integration endpoints (except the public catalog) require authentication via Bearer token:

Authorization: Bearer {your_api_token}

Both wps_ session tokens and wpa_ access keys are accepted.

⚠️ Project Ownership Each request is validated against project ownership. You can only access secrets and integrations for projects tied to your token.

Vault — Secure Credential Storage

The Vault is a write-only credential store. After storing a secret, the actual value is never returned by any API endpoint. You only get metadata (name, prefix, creation date). The system decrypts values internally when executing integration proxy calls.

🔒 Write-Only by Design Secret values are encrypted with AES-256-GCM and can never be retrieved. If you lose a key, delete the secret and store a new one.

Store a Secret

POST /vapi/project/{project_id}/secrets

Store or update an encrypted credential in the vault.

Request Body

Field Type Required Description
key_name string Yes Identifier for the secret (e.g., resend_api_key)
value string Yes The secret value to encrypt and store
service_type string No Service identifier (e.g., resend, mollie)
description string No Human-readable description

Example

curl -X POST "https://api.websitepublisher.ai/vapi/project/22291/secrets" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "key_name": "resend_api_key",
    "value": "re_abc123...",
    "service_type": "resend"
  }'

Response

{
    "success": true,
    "data": {
        "key_name": "resend_api_key",
        "key_prefix": "re_abc...",
        "service_type": "resend",
        "status": "active",
        "message": "Secret stored securely. The value will never be shown again."
    }
}

List Secrets

GET /vapi/project/{project_id}/secrets

List all secrets in the project vault. Returns metadata only — never the actual values.

Response

{
    "success": true,
    "data": [
        {
            "key_name": "resend_api_key",
            "key_prefix": "re_abc...",
            "service_type": "resend",
            "status": "active",
            "created_at": "2026-02-10T14:30:00Z"
        }
    ]
}

Delete a Secret

DELETE /vapi/project/{project_id}/secrets/{key_name}

Permanently delete a secret from the vault. This action cannot be undone.

Integration Catalog

The catalog lists all available integrations. These endpoints are public — no authentication required.

GET /iapi/integrations

List all available integrations with their endpoints and required secrets.

GET /iapi/integrations/{service}

Get details for a specific integration, including endpoints and input schemas.

GET /iapi/integrations/{service}/schema

Get input validation schema for each endpoint of an integration.

Integration Management

Manage integrations for your project. View configured status, setup new integrations, and remove existing ones.

GET /iapi/project/{project_id}/integrations

List all integrations for a project, showing which are configured and which are available.

Response

{
    "success": true,
    "data": {
        "configured_count": 1,
        "integrations": [
            {
                "service": "resend",
                "status": "configured",
                "endpoints": ["send-email"]
            },
            {
                "service": "mollie",
                "status": "available",
                "missing_secrets": ["mollie_api_key"]
            }
        ]
    }
}

Setup Integration

POST /iapi/project/{project_id}/integrations/{service}/setup

Configure an integration by providing the required API keys. Keys are stored encrypted in the Vault automatically.

Request Body

Field Type Required Description
secrets object Yes Key-value pairs of required credentials

Example

curl -X POST "https://api.websitepublisher.ai/iapi/project/22291/integrations/resend/setup" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "secrets": {
      "resend_api_key": "re_abc123..."
    }
  }'

Response

{
    "success": true,
    "data": {
        "integration": "resend",
        "status": "configured",
        "secrets_stored": ["resend_api_key"],
        "available_endpoints": [
            {
                "endpoint": "send-email",
                "method": "POST"
            }
        ]
    }
}

Execute Proxy Call

POST /iapi/project/{project_id}/{service}/{endpoint}

Execute an API call to the third-party service. The system resolves vault credentials server-side and proxies the request.

Request Body

The input fields depend on the specific endpoint. Check the integration schema for required fields.

Example — Send Email via Resend

curl -X POST "https://api.websitepublisher.ai/iapi/project/22291/resend/send-email" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "hello@yourdomain.com",
    "to": "user@example.com",
    "subject": "Welcome!",
    "html": "<h1>Hello!</h1><p>Welcome to our site.</p>"
  }'

Response

{
    "success": true,
    "data": {
        "integration": "resend",
        "endpoint": "send-email",
        "result": {
            "id": "d5b79f7a-f3ee-4f17-8b21-0969f800e226"
        }
    }
}
✅ Credentials Never Exposed The proxy injects your API key from the vault server-side. It never appears in the request, response, or logs.

Remove Integration

DELETE /iapi/project/{project_id}/integrations/{service}

Remove an integration and permanently delete all associated vault secrets.

⚠️ Destructive Action This permanently deletes the integration configuration and all stored API keys. You'll need to set it up again with new credentials.

Available Services

Resend — Transactional Email

Send transactional emails through the Resend API. Get your API key at resend.com.

Endpoint Method Description
send-email POST Send a transactional email
Required Secret Format
resend_api_key Starts with re_

Input Fields — send-email

Field Type Required Description
from string Yes Sender email address
to string Yes Recipient email address
subject string Yes Email subject line
html string Yes HTML email body

Mollie — Payments

Process payments through the Mollie API. Get your API key at mollie.com.

Endpoint Method Description
create-payment POST Create a new payment
get-payment GET Retrieve payment details
list-payments GET List all payments
Required Secret Format
mollie_api_key Starts with test_ or live_

Input Fields — create-payment

Field Type Required Description
amount[value] string Yes Payment amount (e.g., "10.00")
amount[currency] string Yes Currency code (e.g., "EUR")
description string Yes Payment description
redirectUrl string Yes URL to redirect after payment

Input Fields — get-payment

Field Type Required Description
payment_id string Yes Mollie payment ID (e.g., tr_HR7FbLobgM)

Freemium Limits

Usage limits are enforced per project based on tier:

Tier Vault Secrets Integrations Proxy Calls / Month
Free 2 1 100
Pro 10 5 5,000
Business 50 Unlimited 50,000
Enterprise Unlimited Unlimited Unlimited

When a limit is reached, the API returns 429 Too Many Requests with a descriptive error message. Re-configuring an existing integration does not count toward the integration limit.

Security Model

🛡️ Defense in Depth Multiple security layers ensure credentials are never exposed.

The integrations system implements several security measures:

AES-256-GCM Encryption — All vault secrets are encrypted at rest. Each entry uses a unique IV for authenticated encryption.

Write-Only Vault — After storage, secret values cannot be retrieved via any API endpoint, MCP tool, or dashboard interface. The system can only decrypt them internally during proxy execution.

Output Sanitization — A global middleware scans all API responses for vault references ({{vault:...}}) and known API key patterns, replacing them with [REDACTED]. This is a safety net in case a credential accidentally appears in response data.

Project Isolation — Each project has its own vault namespace. Cross-project access is prevented by ownership validation on every request.

Server-Side Resolution — Vault credentials are resolved server-side inside the proxy engine. The AI assistant, browser, or API client never sees the actual key value.

Error Handling

All errors return a consistent format:

{
    "success": false,
    "error": {
        "message": "Description of the error",
        "code": 400
    }
}

HTTP Status Codes

Code Meaning
200 Success
201 Created (secret stored)
400 Bad Request — missing or invalid input
401 Unauthorized — invalid token or project mismatch
404 Not Found — service or endpoint doesn't exist
409 Conflict — integration not configured (setup required)
422 Validation Error — input doesn't match schema
429 Limit Reached — freemium tier exceeded
502 Bad Gateway — third-party API returned an error

Complete Example

Here's the full flow to send an email via Resend — from setup to delivery:

# 1. Setup Resend integration (stores key in vault)
curl -X POST "https://api.websitepublisher.ai/iapi/project/22291/integrations/resend/setup" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"secrets": {"resend_api_key": "re_your_key_here"}}'

# 2. Send an email (proxy resolves vault key server-side)
curl -X POST "https://api.websitepublisher.ai/iapi/project/22291/resend/send-email" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "hello@yourdomain.com",
    "to": "user@example.com",
    "subject": "Welcome!",
    "html": "<h1>Welcome</h1><p>Thanks for signing up.</p>"
  }'

# 3. Check configured integrations
curl "https://api.websitepublisher.ai/iapi/project/22291/integrations" \
  -H "Authorization: Bearer YOUR_TOKEN"

# 4. Remove integration when done (deletes vault keys)
curl -X DELETE "https://api.websitepublisher.ai/iapi/project/22291/integrations/resend" \
  -H "Authorization: Bearer YOUR_TOKEN"
ℹ️ AI Assistants When using integrations through ChatGPT, Claude Desktop, or other AI assistants, the same flow applies. The assistant calls these endpoints on your behalf — you just need to set up the integration once.

Powered by WebSumo