posterly-mcp-server 0.20.4 → 0.20.5

package/README.md

@@ -108,7 +108,7 @@ Add the same server definition to your Cursor MCP settings:
 
 ## Available tools
 
-`posterly-mcp-server@0.20.4` exposes 58 tools.
+`posterly-mcp-server@0.20.5` exposes 59 tools.
 
 Public setup tools work before `POSTERLY_API_KEY` exists:
 
@@ -125,6 +125,7 @@ Authenticated tools require `POSTERLY_API_KEY`:
 - `get_connect_link`
 - `create_connect_session` (create a guided browser handoff for connecting a social account)
 - `get_connect_session` (poll connection progress while the user approves OAuth or enters credentials)
+- `create_api_key` (create a new API key after explicit confirmation; scopes cannot exceed the calling dashboard key)
 - `list_oauth_clients`
 - `create_oauth_client` (create a public PKCE client after explicit confirmation)
 - `update_oauth_client` (update redirect URIs/scopes after explicit confirmation)

package/dist/index.js

@@ -56,6 +56,7 @@ import { uploadMediaFromUrlTool } from './tools/upload-media-from-url.js';
 import { getConnectLinkTool } from './tools/get-connect-link.js';
 import { createConnectSessionTool } from './tools/create-connect-session.js';
 import { getConnectSessionTool } from './tools/get-connect-session.js';
+import { createApiKeyTool } from './tools/create-api-key.js';
 import { listOAuthClientsTool } from './tools/list-oauth-clients.js';
 import { createOAuthClientTool } from './tools/create-oauth-client.js';
 import { updateOAuthClientTool } from './tools/update-oauth-client.js';
@@ -156,6 +157,15 @@ server.tool(getConnectSessionTool.name, getConnectSessionTool.description, getCo
         return { content: [{ type: 'text', text: `Error: ${err.message}` }], isError: true };
     }
 });
+server.tool(createApiKeyTool.name, createApiKeyTool.description, createApiKeyTool.inputSchema.shape, async (input) => {
+    try {
+        const text = await createApiKeyTool.execute(client, input);
+        return { content: [{ type: 'text', text }] };
+    }
+    catch (err) {
+        return { content: [{ type: 'text', text: `Error: ${err.message}` }], isError: true };
+    }
+});
 server.tool(listOAuthClientsTool.name, listOAuthClientsTool.description, listOAuthClientsTool.inputSchema.shape, async () => {
     try {
         const text = await listOAuthClientsTool.execute(client);

package/dist/lib/api-client.d.ts

@@ -159,6 +159,34 @@ export type AskSupportPayload = {
     request_human?: boolean;
     confirm_escalation?: boolean;
 };
+export type ApiKeyScope = 'accounts:read' | 'accounts:write' | 'posts:read' | 'posts:write' | 'media:write' | 'analytics:read';
+export type CreateApiKeyPayload = {
+    name?: string;
+    scopes?: ApiKeyScope[];
+    workspace_id?: string;
+    expires_in_days?: number;
+    confirm: true;
+};
+export type CreateApiKeyResponse = {
+    key: string;
+    api_key: {
+        id: string;
+        name: string;
+        key_prefix: string;
+        scopes: ApiKeyScope[];
+        workspace_id?: string | null;
+        expires_at?: string | null;
+        created_at: string;
+    };
+    warning?: string;
+    limits?: {
+        tier?: string;
+        max_user_keys?: number;
+        active_user_keys?: number;
+        remaining_user_keys?: number;
+        uses_grandfathered_keys?: boolean;
+    };
+};
 export type AskSupportResponse = {
     success: boolean;
     workspace_id: string;
@@ -552,6 +580,7 @@ export declare class PosterlyClient {
     startSignup(data: PublicSignupPayload): Promise<PublicSignupResponse>;
     getSignupSession(sessionId: string): Promise<PublicSignupSessionResponse>;
     whoami(): Promise<Whoami>;
+    createApiKey(data: CreateApiKeyPayload): Promise<CreateApiKeyResponse>;
     listAccounts(params?: {
         workspace_id?: string;
     }): Promise<Account[]>;

package/dist/lib/api-client.js

@@ -113,6 +113,9 @@ export class PosterlyClient {
     async whoami() {
         return this.request('GET', '/whoami');
     }
+    async createApiKey(data) {
+        return this.request('POST', '/api-keys', data);
+    }
     async listAccounts(params) {
         const searchParams = new URLSearchParams();
         if (params?.workspace_id)

package/dist/lib/version.d.ts

@@ -1 +1 @@
-export declare const POSTERLY_MCP_VERSION = "0.20.4";
+export declare const POSTERLY_MCP_VERSION = "0.20.5";

package/dist/lib/version.js

@@ -1 +1 @@
-export const POSTERLY_MCP_VERSION = '0.20.4';
+export const POSTERLY_MCP_VERSION = '0.20.5';

package/dist/tools/create-api-key.d.ts

@@ -0,0 +1,26 @@
+import { z } from 'zod';
+import type { CreateApiKeyPayload, PosterlyClient } from '../lib/api-client.js';
+export declare const createApiKeyTool: {
+    name: string;
+    description: string;
+    inputSchema: z.ZodObject<{
+        name: z.ZodOptional<z.ZodString>;
+        scopes: z.ZodOptional<z.ZodArray<z.ZodEnum<["accounts:read", "accounts:write", "posts:read", "posts:write", "media:write", "analytics:read"]>, "many">>;
+        workspace_id: z.ZodOptional<z.ZodString>;
+        expires_in_days: z.ZodOptional<z.ZodNumber>;
+        confirm: z.ZodLiteral<true>;
+    }, "strip", z.ZodTypeAny, {
+        confirm: true;
+        workspace_id?: string | undefined;
+        name?: string | undefined;
+        scopes?: ("accounts:read" | "accounts:write" | "posts:read" | "posts:write" | "media:write" | "analytics:read")[] | undefined;
+        expires_in_days?: number | undefined;
+    }, {
+        confirm: true;
+        workspace_id?: string | undefined;
+        name?: string | undefined;
+        scopes?: ("accounts:read" | "accounts:write" | "posts:read" | "posts:write" | "media:write" | "analytics:read")[] | undefined;
+        expires_in_days?: number | undefined;
+    }>;
+    execute(client: PosterlyClient, input: CreateApiKeyPayload): Promise<string>;
+};

package/dist/tools/create-api-key.js

@@ -0,0 +1,35 @@
+import { z } from 'zod';
+import { code, mdKeyValue, mdSection, mdTitle } from '../lib/format.js';
+const scopeSchema = z.enum(['accounts:read', 'accounts:write', 'posts:read', 'posts:write', 'media:write', 'analytics:read']);
+function formatCreatedApiKey(result) {
+    const key = result.api_key;
+    return [
+        mdTitle('API key created'),
+        `Full key (shown once): ${code(result.key)}`,
+        mdSection('Details', mdKeyValue([
+            ['Name', key.name],
+            ['Key ID', code(key.id)],
+            ['Prefix', code(key.key_prefix)],
+            ['Scopes', key.scopes.join(', ')],
+            ['Workspace', key.workspace_id ? code(key.workspace_id) : 'all accessible workspaces'],
+            ['Expires', key.expires_at || 'no expiry'],
+            ['Remaining key slots', result.limits?.remaining_user_keys ?? 'unknown'],
+        ])),
+        mdSection('Warning', result.warning || 'Store this securely. It will not be shown again.'),
+    ].filter(Boolean).join('\n\n');
+}
+export const createApiKeyTool = {
+    name: 'create_api_key',
+    description: 'Create a new Posterly API key for the authenticated user. SECRET-CREATING WRITE: only use after explicit user confirmation. The new key can only request scopes already present on the calling dashboard-created API key; OAuth and managed assistant tokens cannot mint keys.',
+    inputSchema: z.object({
+        name: z.string().trim().min(1).max(120).optional().describe('Human-readable key name.'),
+        scopes: z.array(scopeSchema).min(1).max(6).optional().describe('Scopes for the new key. Omit to copy the calling key scopes. Cannot exceed the calling key scopes.'),
+        workspace_id: z.string().trim().min(1).optional().describe('Optional workspace restriction. Workspace-scoped calling keys cannot create keys outside their workspace.'),
+        expires_in_days: z.number().int().min(1).max(365).optional().describe('Optional expiry from now, up to 365 days. Omit for no expiry.'),
+        confirm: z.literal(true).describe('Must be true after the user explicitly confirms that a new secret API key should be created.'),
+    }),
+    async execute(client, input) {
+        const result = await client.createApiKey(input);
+        return formatCreatedApiKey(result);
+    },
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "posterly-mcp-server",
-  "version": "0.20.4",
+  "version": "0.20.5",
   "description": "MCP server for posterly: schedule social media posts from Claude Desktop",
   "license": "MIT",
   "homepage": "https://www.poster.ly/mcp",

package/src/index.ts

@@ -57,6 +57,7 @@ import { uploadMediaFromUrlTool } from './tools/upload-media-from-url.js';
 import { getConnectLinkTool } from './tools/get-connect-link.js';
 import { createConnectSessionTool } from './tools/create-connect-session.js';
 import { getConnectSessionTool } from './tools/get-connect-session.js';
+import { createApiKeyTool } from './tools/create-api-key.js';
 import { listOAuthClientsTool } from './tools/list-oauth-clients.js';
 import { createOAuthClientTool } from './tools/create-oauth-client.js';
 import { updateOAuthClientTool } from './tools/update-oauth-client.js';
@@ -210,6 +211,20 @@ server.tool(
   }
 );
 
+server.tool(
+  createApiKeyTool.name,
+  createApiKeyTool.description,
+  createApiKeyTool.inputSchema.shape,
+  async (input) => {
+    try {
+      const text = await createApiKeyTool.execute(client, input as any);
+      return { content: [{ type: 'text' as const, text }] };
+    } catch (err: any) {
+      return { content: [{ type: 'text' as const, text: `Error: ${err.message}` }], isError: true };
+    }
+  }
+);
+
 server.tool(
   listOAuthClientsTool.name,
   listOAuthClientsTool.description,

package/src/lib/api-client.ts

@@ -163,6 +163,43 @@ export type AskSupportPayload = {
   confirm_escalation?: boolean;
 };
 
+export type ApiKeyScope =
+  | 'accounts:read'
+  | 'accounts:write'
+  | 'posts:read'
+  | 'posts:write'
+  | 'media:write'
+  | 'analytics:read';
+
+export type CreateApiKeyPayload = {
+  name?: string;
+  scopes?: ApiKeyScope[];
+  workspace_id?: string;
+  expires_in_days?: number;
+  confirm: true;
+};
+
+export type CreateApiKeyResponse = {
+  key: string;
+  api_key: {
+    id: string;
+    name: string;
+    key_prefix: string;
+    scopes: ApiKeyScope[];
+    workspace_id?: string | null;
+    expires_at?: string | null;
+    created_at: string;
+  };
+  warning?: string;
+  limits?: {
+    tier?: string;
+    max_user_keys?: number;
+    active_user_keys?: number;
+    remaining_user_keys?: number;
+    uses_grandfathered_keys?: boolean;
+  };
+};
+
 export type AskSupportResponse = {
   success: boolean;
   workspace_id: string;
@@ -693,6 +730,10 @@ export class PosterlyClient {
     return this.request<Whoami>('GET', '/whoami');
   }
 
+  async createApiKey(data: CreateApiKeyPayload): Promise<CreateApiKeyResponse> {
+    return this.request('POST', '/api-keys', data);
+  }
+
   async listAccounts(params?: { workspace_id?: string }): Promise<Account[]> {
     const searchParams = new URLSearchParams();
     if (params?.workspace_id) searchParams.set('workspace_id', params.workspace_id);

package/src/lib/version.ts

@@ -1 +1 @@
-export const POSTERLY_MCP_VERSION = '0.20.4';
+export const POSTERLY_MCP_VERSION = '0.20.5';

package/src/tools/create-api-key.ts

@@ -0,0 +1,41 @@
+import { z } from 'zod';
+import type { CreateApiKeyPayload, CreateApiKeyResponse, PosterlyClient } from '../lib/api-client.js';
+import { code, mdKeyValue, mdSection, mdTitle } from '../lib/format.js';
+
+const scopeSchema = z.enum(['accounts:read', 'accounts:write', 'posts:read', 'posts:write', 'media:write', 'analytics:read']);
+
+function formatCreatedApiKey(result: CreateApiKeyResponse): string {
+  const key = result.api_key;
+  return [
+    mdTitle('API key created'),
+    `Full key (shown once): ${code(result.key)}`,
+    mdSection('Details', mdKeyValue([
+      ['Name', key.name],
+      ['Key ID', code(key.id)],
+      ['Prefix', code(key.key_prefix)],
+      ['Scopes', key.scopes.join(', ')],
+      ['Workspace', key.workspace_id ? code(key.workspace_id) : 'all accessible workspaces'],
+      ['Expires', key.expires_at || 'no expiry'],
+      ['Remaining key slots', result.limits?.remaining_user_keys ?? 'unknown'],
+    ])),
+    mdSection('Warning', result.warning || 'Store this securely. It will not be shown again.'),
+  ].filter(Boolean).join('\n\n');
+}
+
+export const createApiKeyTool = {
+  name: 'create_api_key',
+  description:
+    'Create a new Posterly API key for the authenticated user. SECRET-CREATING WRITE: only use after explicit user confirmation. The new key can only request scopes already present on the calling dashboard-created API key; OAuth and managed assistant tokens cannot mint keys.',
+  inputSchema: z.object({
+    name: z.string().trim().min(1).max(120).optional().describe('Human-readable key name.'),
+    scopes: z.array(scopeSchema).min(1).max(6).optional().describe('Scopes for the new key. Omit to copy the calling key scopes. Cannot exceed the calling key scopes.'),
+    workspace_id: z.string().trim().min(1).optional().describe('Optional workspace restriction. Workspace-scoped calling keys cannot create keys outside their workspace.'),
+    expires_in_days: z.number().int().min(1).max(365).optional().describe('Optional expiry from now, up to 365 days. Omit for no expiry.'),
+    confirm: z.literal(true).describe('Must be true after the user explicitly confirms that a new secret API key should be created.'),
+  }),
+
+  async execute(client: PosterlyClient, input: CreateApiKeyPayload) {
+    const result = await client.createApiKey(input);
+    return formatCreatedApiKey(result);
+  },
+};