Agent integration (MCP)

Prowpt.ai supports programmatic access for external AI agents—Cursor, Claude Code, OpenClaw, or custom scripts—through API keys and an MCP server. Available from the Starter plan onwards.

What is agent integration?

Instead of building your app exclusively through the Prowpt web editor, you can connect your favourite AI coding tool and let it create, edit, and publish apps on your behalf. Agents authenticate with API keys and can perform every action a human user can—manage projects, write source code, update translations, configure workflows, and more.

Direct control: the agent writes code and manages resources directly—no Prowpt credits consumed for CRUD operations.
AI-assisted: the agent delegates complex tasks to Prowpt's built-in assistant, which plans, edits, and validates—this consumes credits like normal generation.
Both modes can be combined in the same workflow.

Getting started

You need an API key and a way to connect your agent. The recommended path for Cursor and Claude Code is the MCP server; custom scripts can call the REST API directly.

Use the 'Download Agent Rules (.md)' button in Settings → API Keys to get a conventions file you can drop into .cursor/rules/ so your agent always writes Prowpt-compliant code.

Go to Settings → API Keys and create a new key. Choose the scopes you need (or 'Full access' to start). The key is shown once—save it securely.
Install the MCP server: pip install prowpt-mcp-server (or pipx install prowpt-mcp-server).
Configure your AI tool with the key (see setup examples below).

MCP server setup

The MCP (Model Context Protocol) server is an open-source Python package that exposes Prowpt tools to any MCP-compatible AI agent. Install it from PyPI (pip install prowpt-mcp-server) or see the source on GitHub (github.com/prowptai/prowpt-mcp-server).

Cursor: create .cursor/mcp.json with { "mcpServers": { "prowpt": { "command": "prowpt-mcp", "env": { "PROWPT_API_KEY": "pk_live_..." } } } }
Claude Code: export PROWPT_API_KEY="pk_live_..." then run prowpt-mcp.
Environment variables: PROWPT_API_KEY (required), PROWPT_API_URL (optional, defaults to https://api.prowpt.ai).

REST API (alternative)

For custom scripts, OpenClaw, or any HTTP client, authenticate with the X-API-Key header (or Authorization: Bearer header) and call the Prowpt REST endpoints directly.

List projects: GET /api/projects
Create a project: POST /api/projects with { "name": "...", "app_kind": "code" }
Write source files: PATCH /api/projects/{id}/sources with { "files": { "App.tsx": "..." } }
Publish: POST /api/projects/{id}/publish
Use the built-in assistant: POST /api/generate/sync with { "project_id": ..., "prompt": "..." }

API key scopes

Each API key has a set of scopes that control which operations it can perform. Use the minimum scopes needed for your workflow.

Wildcards are supported: projects:* grants all project scopes. * grants everything.

Scope	Description
projects:read	List and view projects
projects:write	Create, update, clone projects
projects:publish	Publish and deploy projects
projects:delete	Delete projects
sources:read	Read source files
sources:write	Write/update source files
assistant:use	Use the built-in AI assistant (consumes credits)
workflows:read / write / execute	View, manage, and run workflows
records:read / write	Read and manage records
record_types:read / write	View and manage record types
translations:read / write	Read and update translations
email_templates:read / write	View and update email templates
assets:read / write	View, upload, and delete assets
billing:read	View billing and usage info
billing:purchase_credits	Purchase credit packs
* (wildcard)	All scopes — equivalent to Full Access

Available MCP tools

The MCP server exposes tools grouped by category. Each tool maps to one or more REST API calls behind the scenes.

Project Management: list_projects, get_project, create_project, update_project, delete_project, clone_project, publish_project, deploy_project, get_project_context
Source Code: list_source_files, read_source_file, write_source_files, get_preview_url, get_source_versions, restore_source_version
AI Assistant (uses credits): send_prompt, accept_preview, get_assistant_status
Records & Data: list_record_types, create_record_type, update_record_type, list_records, create_record, update_record, delete_record
Workflows: list_workflows, create_workflow, update_workflow, delete_workflow, execute_workflow, get_workflow_executions
Assets: list_assets, upload_asset, delete_asset
Translations: get_translations, update_translations
Email Templates: list_email_templates, get_email_template, upsert_email_template, delete_email_template, preview_email_template, send_test_email, seed_email_templates, reset_system_templates
Payments (Stripe Connect): connect_stripe, get_stripe_status, disconnect_stripe
Billing: get_usage, get_credits, purchase_credit_pack, get_account_info

MCP resources

The MCP server also exposes static resources that agents can read at any time for guidance on code conventions and platform patterns.

For any code-generation task, agents should call get_project_context first. This returns the full conventions, available record types, templates, i18n state, and subscription info—everything needed to write correct code.

Resource URI	Description
prowpt://docs/quickstart	Quick-start guide with tool summaries and recommended workflows
prowpt://docs/code-guidelines	Comprehensive code conventions: PROJECT_CONFIG shape, auth patterns, i18n, records API, routing rules, component templates, and best practices

Credits and billing for agents

Agent API calls follow a clear cost model. CRUD operations are free and included in your subscription; only AI-assisted generation consumes credits.

CRUD API calls are still governed by your subscription tier limits (project count, workflow executions) and per-key rate limits—not credits.

Action type	Credit cost	Notes
CRUD operations (projects, sources, records, etc.)	Free	Included in subscription
AI Assistant (send_prompt, /api/generate/sync)	~1.0 cr	Same cost as UI-based generation
Workflow execution	~0.1 cr	Per execution
Publishing / deploying	Free	Included in subscription

Rate limits

Each API key has a rate limit (default: 60 requests per minute). Rate limit info is returned in 429 Too Many Requests responses. AI assistant and generation calls are also subject to the key rate limit.

If your agent hits rate limits frequently, consider splitting work across multiple keys or adding delays between rapid-fire requests.

Activity monitoring

All API-key-authenticated requests are logged and can be reviewed in the UI or via API.

Settings → API Keys → Activity Log: stats cards (total requests, today, active keys, avg response time) plus a filterable request log.
Per-project: Security → Agent Activity shows all API-key requests targeting that specific project.
API endpoints: GET /api/settings/api-keys/activity, GET /api/settings/api-keys/activity/stats, GET /api/projects/{id}/security/agent-activity.

Security best practices

Follow these guidelines to keep your agent integration secure.

Least privilege: create keys with only the scopes needed for the task.
Rotate regularly: use the rotate endpoint to replace keys periodically.
Monitor usage: check the Activity Log in Settings and the Agent Activity panel in each project's Security tab.
Revoke compromised keys immediately from Settings → API Keys.
Never commit keys to source control—use environment variables.
Set expiry dates for short-lived automation tasks using the optional expires_at field.