Onepage

Live

OAUTH 2.0

DESIGN

Design

Onepage is a website builder platform. The MCP connector lets Claude create, edit, and manage Onepage websites and pages on behalf of the user.

  • Acts as the user: Every tool call runs as the authorizing user. Access and audit trail stay intact.
  • Credentials stay vaulted: AES-256 encrypted, resolved at request time, never stored in LLM context.
  • Scoped before every call: Per-user permissions enforced automatically. 90-day audit trail included.
Onepage
agent · Acme Q3
Run
Archive Page in Onepage
S
onepagemcp_archive_page
85ms
Onepage agent
Archive a page. the page is removed from the live site..
Sources: Onepage
onepagemcpmcp
1 tool call
18:29
Message Claude...

Onepage tools for AI agents

CALL ANY TOOL
12 tools covering build, archive.
onepagemcp_archive_page
Archive a page. the page is removed from the live site.
Archive a page. the page is removed from the live site.
Parameters
Name
Type
Required
Description
page_id
string
Required
Page UUID.
site_id
string
Required
Site UUID.
_conversation_ref
string
Optional
Short random token generated on your first call in a conversation; reuse the exact same value on every subsequent call to group related tool calls for analytics.
_rationale
string
Optional
Describe the user's intent and why this tool was selected in general terms only; do not include specific field values, names, emails, or other data.
onepagemcp_build_react_app
Trigger a build of the vibe section's react app. returns bui
onepagemcp_build_siteui_package
Trigger a build of a @siteui shared package. returns build s
onepagemcp_confirm_media_upload
Confirm that a direct media upload (via pre-signed url) has
onepagemcp_create_color_schema
Create a color schema (palette) for a site's branding.
onepagemcp_create_crm_form
Create a crm contact form on a site to collect leads.
onepagemcp_create_folder
Create a workspace folder to organize sites. folders are fla
onepagemcp_create_font_kit
Create a font kit (collection of fonts) for a site.
onepagemcp_create_page
Create a new draft page on a site.
onepagemcp_create_section
Create a new section on a page from an available section tem
onepagemcp_create_site
Create a new site. the internal_domain slug is derived from
onepagemcp_create_siteui_package
Create a new @siteui shared package for the workspace.
Build your Agent
Same auth pattern across every framework.
Python · LlamaIndex
from langchain_mcp_adapters.client import MultiServerMCPClient
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="onepagemcp")

mcp = MultiServerMCPClient({
"onepagemcp": {
"url": "https://mcp.scalekit.com/onepagemcp",
"headers": {"Authorization": "Bearer " + token}
}
})
tools = await mcp.get_tools()
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "onepagemcp" });

const openai = new OpenAI();
// Connect to MCP at https://mcp.scalekit.com/onepagemcp
// Pass: Authorization: Bearer + token
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "onepagemcp" });

const anthropic = new Anthropic();
// Connect to MCP at https://mcp.scalekit.com/onepagemcp
// Pass: Authorization: Bearer + token
from google.adk.agents import LlmAgent
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="onepagemcp")
# Connect to MCP at https://mcp.scalekit.com/onepagemcp
# Pass: Authorization: Bearer + token
Try these prompts
Paste any prompt into your agent to get started.
Get started
Copy the prompt
Copied
Archive a page?
Copy the prompt
Copied
Trigger a build of the vibe section’s React app?
Advanced
Copy the prompt
Copied
Trigger a build of a @siteui shared package?
Copy the prompt
Copied
Confirm that a direct media upload (via pre-signed URL) has completed?
SEE HOW AUTH WORKS
User authorises once. Every agent call after uses their token with scope enforcement.
1
Authorize
Your user connects
Onepage
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Onepage
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Onepage
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Onepage
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other connectors.
No items found.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought.
01.
Shared tokens break per-user analytics
A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
One connector today. Ten tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions

Does the agent access Onepage as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Onepage OAuth token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Onepage?
Yes. Pass a tool name filter to listScopedTools so the design agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Onepage.

What happens when a user revokes Onepage access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Which Onepage sites can the agent build or edit?
Only sites in the authorizing user's Onepage account. Page edits, media uploads, and CRM form changes attribute to that user, keeping client sites isolated per builder.

Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""onepagemcp"": {
""url"": ""https://mcp.scalekit.com/onepagemcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.onepagemcp]
url = ""https://mcp.scalekit.com/onepagemcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""onepagemcp"": {
""url"": ""https://mcp.scalekit.com/onepagemcp"",
""type"": ""http""
}
}
}