Dashboard
How it Works Documentation Quick Start PAPI — Pages & Assets MAPI — Dynamic Data Integrations SAPI — Sessions & Forms MCP Server OpenClaw Skill Tools Deploy Dashboard
Integrations Platform Built-in Account Self-Profile
Account Self-Profile

Account Self-Profile

⚡ Built-in — Platform Built-in

Return the signed-in visitor's own data from MAPI entities, driven by a per-project config (set-profile). Works for any vertical (shop, blog, ...). KEY RULES: (1) Identity is the verified visitor session email, resolved server-side (_sapi_email) — never accept an email/identity from client input. (2) Each source has a REQUIRED field allowlist; only listed fields are returned (fail-closed). (3) NEVER put confidential/sensitive fields in an allowlist (margins, cost/purchase prices, internal pricing, billing details, birth dates, activation/guest codes, private notes, or special-category data such as health info). (4) get-me requires a verified visitor session via SAPI Execute (no sapi_anonymous).

⚡ Built-in — No Setup Required This integration is built into the WebsitePublisher platform. All endpoints are available immediately — no API key needed.

Endpoints (4)

POST set-profile

Create or update the account self-profile config for this project. Defines which MAPI entities are returned as the visitor's own data, how each is matched to the verified session email, and which fields are exposed (allowlist). GUARDRAILS: fields is a STRICT, REQUIRED allowlist (fail-closed — unlisted fields are never returned). Do NOT allowlist confidential/sensitive fields (margin, cost/purchase price, internal pricing, billing, birth date, guest/activation codes, notes, or special-category data such as health/lens choices). The match VALUE is always derived server-side (session email for top-level, parent id for children) — never client input; children are scoped to already-matched parent ids (no IDOR). Returns warnings[] for fields not found in the entity schema (system fields id/created_at are always valid).

Field Type Required Description
sources array ✓ Yes Array of source definitions. Each: { key, entity, cardinality(one|many), match:{field, from}, fields:[allowlist], sort:{field,dir}, limit, not_found(null|empty_object|omit), children:[...] }. Top-level match.from is always the verified session email. Child match.from is "parent.<field>" (e.g. "parent.id"). fields is a REQUIRED allowlist — only listed fields are returned.
require_verified boolean No Require a verified visitor session (default true). When true, get-me returns 401 without verification.
enabled boolean No Enable/disable the profile (default true).
identity object No Identity source. Only { "from": "session_email" } is supported in v1.
POST get-profile

Get the current account self-profile config for this project.

No input parameters required.

POST remove-profile

Remove the account self-profile config for this project.

No input parameters required.

POST get-me

Return the verified visitor's own data according to the configured profile. Identity is the verified session email (server-side); no client identity is accepted.

No input parameters required.

MCP Tool Names

When using this integration through an AI assistant (Claude, ChatGPT, Cursor, etc.), the endpoints are available as MCP tools:

EndpointMCP Tool Name
set-profile account_set_profile
get-profile account_get_profile
remove-profile account_remove_profile
get-me account_get_me
← Back to all integrations