Skip to main content

Documentation Index

Fetch the complete documentation index at: https://sitegpt.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

API v2 accepts SiteGPT API tokens as bearer credentials: 
Authorization: Bearer sgpt_...
Tokens are scoped. A token can only perform actions allowed by its scopes, chatbot restrictions, and the dashboard role of the user who created it.

Dashboard-created tokens

Use this flow when a human wants to choose permissions in the SiteGPT dashboard.
1

Open Agents

In the SiteGPT dashboard, open Agents.
2

Create token

Click Create token, choose Standard, Full, or Custom access, and optionally restrict access to selected chatbots.
3

Copy the token

Copy the plaintext token immediately. SiteGPT stores only a secure hash and cannot show the same token again.
4

Use the token

Send it as a bearer token in API v2 requests.

OAuth device login

Use this flow when a CLI, local tool, or personal AI agent needs browser-approved access without asking the user to paste a token into chat. The first-party SiteGPT CLI uses: 
client_id=sitegpt-cli
client_id identifies the application requesting access. It is public, not a secret, and the same for all users of the SiteGPT CLI. OAuth endpoints: 
POST https://sitegpt.ai/oauth/device_authorization
POST https://sitegpt.ai/oauth/token
The OAuth device flow returns an opaque sgpt_... access token. Use that token as the bearer credential for API v2. For the complete request fields, polling behavior, error codes, and examples, see OAuth device flow.

Scopes

Use the smallest scope set needed by your integration.
ResourceReadWriteDelete
Accountaccount:readaccount:write-
Billingbilling:readbilling:write-
API tokenstokens:readtokens:write-
Chatbotschatbots:readchatbots:writechatbots:delete
Knowledgeknowledge:readknowledge:writeknowledge:delete
Personaspersonas:readpersonas:writepersonas:delete
Instructionsinstructions:readinstructions:writeinstructions:delete
Settingssettings:readsettings:write-
Conversation startersstarters:readstarters:writestarters:delete
Conversation followupsfollowups:readfollowups:writefollowups:delete
Conversationsconversations:readconversations:writeconversations:delete
Leadsleads:readleads:writeleads:delete
Membersmembers:readmembers:writemembers:delete
Integrationsintegrations:readintegrations:write-

Security notes

  • Treat sgpt_... tokens as secrets.
  • Prefer chatbot-restricted tokens for agents that only manage one chatbot.
  • Rotate or revoke tokens after demos, shared sessions, or leaked logs.
  • Do not hardcode tokens in source code.
  • Do not validate one exact token prefix in your code. Treat SiteGPT tokens as opaque bearer credentials.