All docs

Public API + MCP

2026-07-18

AdsPilot can be driven from scripts and AI agents (Claude, Make, manus.im) with scoped API keys and a ready-made MCP server. Nothing goes to Meta directly through the API — creates land in the change queue paused, and only an explicit push sends them out.

Creating an API key

Settings → API keys: name + scopes (Read · Create Instant Forms · Queue campaign chains · Trigger push) → the key (adsp_sk_…) is shown exactly once — copy it immediately. The key acts with your permissions: it reaches only the accounts you can, and a Viewer role stays read-only through the API too.

Treat the key like a password — never paste it into chats, repos or shared documents. Revoke it any time in the same card.

Endpoints (/api/v1)

Every request carries Authorization: Bearer <key>. Main endpoints: GET /api/v1/accounts (account list — the returned mirror id goes into the other routes), GET /accounts/:id/leads (filters + paging, max 200/page), GET/POST /accounts/:id/leadforms (form list + form create with the builder's full rule set), GET /accounts/:id/insights (daily series + totals), GET/POST /accounts/:id/changes (queue read + queuing a CREATE spec), POST /accounts/:id/push (push trigger + job poll).

Error format: { error, detail } — on a rejected form create, detail.message carries Meta's real reason.

curl -H "Authorization: Bearer $ADSP_KEY" https://adspilot.im/api/v1/accounts

MCP server (Claude and friends)

mcp/adspilot-mcp.mjs in the repo is a zero-dependency MCP server with 9 tools (accounts, forms, form create, leads, insights, change queue, push). Configure with two env vars: ADSPILOT_API_KEY and optionally ADSPILOT_BASE_URL.

claude mcp add adspilot -e ADSPILOT_API_KEY=adsp_sk_... -- node mcp/adspilot-mcp.mjs

Security guarantees

The key is never stored recoverably (SHA-256 hash only). Every create is born paused through the change queue; a push runs only on explicit call. Authorization resolves through the same chain as the UI — the API never sees more than the key's owner.