Admin Auth

⚡ Built-in — Platform Built-in

Password-protected access for PAPI pages. Per-user accounts with peppered bcrypt hashing, 8-hour session tokens, session audit log, self-service password reset, cross-project lead aggregation via project linking.

⚡ Built-in — No Setup Required This integration is built into the WebsitePublisher platform. All endpoints are available immediately — no API key needed.

Endpoints (13)

POST login

Authenticate with email + password and receive a session token (wsa_). Valid for 8 hours.

Field	Type	Required	Description
`email`	string	✓ Yes	Admin user email address
`password`	string	✓ Yes	Admin password

POST verify

Verify a session token is still valid. Updates last_used_at for audit trail.

Field	Type	Required	Description
`token`	string	✓ Yes	Session token (wsa_...)

POST logout

Invalidate a session token.

Field	Type	Required	Description
`token`	string	✓ Yes	Session token to invalidate (wsa_...)

POST request-reset

Request a password reset. Sends a reset link to the user email via server-side Resend. Always returns success — no user enumeration possible.

Field	Type	Required	Description
`email`	string	✓ Yes	Email address of the admin user
`base_url`	string	✓ Yes	Base URL of the PAPI site (e.g. https://dashboard.websitepublisher.ai) — used to build the reset link

POST reset-password

Set a new password using a valid reset token (rst_...). Token is single-use and valid for 1 hour. Invalidates all active sessions.

Field	Type	Required	Description
`token`	string	✓ Yes	Reset token (rst_...) from email link
`password`	string	✓ Yes	New password (min 8 characters)
`password_confirmation`	string	✓ Yes	Must match password

POST create_user

Create a new admin user for this project. Password stored as peppered bcrypt hash.

Field	Type	Required	Description
`email`	string	✓ Yes	Email address for the new admin user
`password`	string	✓ Yes	Password for the new admin user

POST list_users

List all active admin users for this project.

No input parameters required.

POST delete_user

Deactivate an admin user and invalidate all their active sessions.

Field	Type	Required	Description
`email`	string	✓ Yes	Email address of the admin user to deactivate

POST update_password

Reset the password for an existing admin user (admin-side). Invalidates all active sessions.

Field	Type	Required	Description
`email`	string	✓ Yes	Email address of the admin user
`password`	string	✓ Yes	New password

POST list_sessions

List all active sessions for this project. Shows email, IP, created_at, last_used_at.

Field	Type	Required	Description
`email`	string	No	Optional: filter sessions by user email

POST link_project

Link a microsite project to this dashboard project. Allows wsa_ tokens to aggregate leads from linked projects.

Field	Type	Required	Description
`linked_id`	integer	✓ Yes	WebSumo project ID of the microsite to link

POST unlink_project

Remove a microsite project link from this dashboard project.

Field	Type	Required	Description
`linked_id`	integer	✓ Yes	WebSumo project ID of the microsite to unlink

POST list_linked_projects

List all microsite projects linked to this dashboard project.

No input parameters required.

MCP Tool Names

When using this integration through an AI assistant (Claude, ChatGPT, Cursor, etc.), the endpoints are available as MCP tools:

Endpoint	MCP Tool Name
login	`admin_auth_login`
verify	`admin_auth_verify`
logout	`admin_auth_logout`
request-reset	`admin_auth_request_reset`
reset-password	`admin_auth_reset_password`
create_user	`admin_auth_create_user`
list_users	`admin_auth_list_users`
delete_user	`admin_auth_delete_user`
update_password	`admin_auth_update_password`
list_sessions	`admin_auth_list_sessions`
link_project	`admin_auth_link_project`
unlink_project	`admin_auth_unlink_project`
list_linked_projects	`admin_auth_list_linked_projects`

← Back to all integrations