Connect Webflow MCP to AI Agents

CALL ANY TOOL

OAuth-scoped per editor. Every CMS update and site publish attributed to the authorizing workspace member.

webflow_cms_items_list

List CMS items

List items in a Webflow CMS collection with filtering, sorting, and pagination scoped to the authorized site.

Parameters

Name

Type

Required

Description

collection_id

string

Required

Webflow CMS collection ID

limit

integer

Optional

Max items to return (max 100)

offset

integer

Optional

Pagination offset

sort_by

string

Optional

Sort field: name, slug, lastPublished

webflow_cms_item_update

Update CMS item

webflow_pages_list

List pages

webflow_page_settings_update

Update page settings

webflow_site_publish

Publish site

Build your Agent

Drop the toolkit in, point it at the authorized editor, and your agent can manage Webflow CMS collections and pages from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["webflowmcp"], toolNames: ["webflow_cms_items_list", "webflow_cms_item_update", "webflow_page_settings_update"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["webflowmcp"], toolNames: ["webflow_cms_items_list", "webflow_cms_item_update", "webflow_page_settings_update"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["webflowmcp"], toolNames: ["webflow_cms_items_list", "webflow_cms_item_update", "webflow_page_settings_update"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/webflowmcp",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your website agent to start managing Webflow CMS collections and site content.

Search & recall

Copy the prompt

Copied

List all CMS collections in my [site name] Webflow site.

Copy the prompt

Copied

Get all items in the [collection name] collection with their published status.

Copy the prompt

Copied

List all pages on [site name] with their slugs and SEO titles.

Create & publish

Copy the prompt

Copied

Create a new item in the [collection] collection with name: [name] and fields: [fields].

Copy the prompt

Copied

Update the meta description for [item name] in the [collection] collection.

Copy the prompt

Copied

Publish all draft items in the [collection] collection and trigger a site deploy.

SEE HOW AUTH WORKS

Editors authorize Webflow once. Their OAuth token stays vaulted, every CMS update runs under their identity, and every change is logged.

1

Authorize

Your user connects

Webflow MCP

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Webflow MCP

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Webflow MCP

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Webflow MCP

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other website and CMS connectors.

No items found.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

One vault for every website connector. Webflow today, Sanity and Notion tomorrow.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Webflow MCP today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Webflow as the user or a shared service account?

As the user. Each editor authorizes once via OAuth and Scalekit resolves their credential at request time. CMS updates and site publishes appear under that editor's Webflow identity, not a shared bot account.

Where is the Webflow OAuth token stored?

In Scalekit's AES-256 vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM completions.

Can I prevent the agent from publishing to the live site?

Yes. Use listScopedTools to allow CMS item reads and draft updates but block the webflow_site_publish tool. Editors can review AI changes in Webflow Studio before publishing goes live.

What happens when an editor revokes Webflow access?

The connection is invalidated on the next tool call for that editor. Subsequent requests fail closed. Other workspace members remain unaffected. The revocation event is logged for audit.

Can the agent update Webflow CMS and trigger a downstream SEO or analytics workflow?

Yes. A single agent can update Webflow CMS items, publish the site, and ping a Google Search Console reindex or PostHog event in the same workflow. Each connector resolves under the same editor identity with its own vaulted credential.

Webflow MCP

Tools your website agent reaches for on Webflow, scoped per editor.