moltflow-admin
Manage MoltFlow authentication, billing, API keys, usage tracking, and tenant settings.
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install github:LeoYeAI~openclaw-master-skills~moltflow-admincURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/github%3ALeoYeAI~openclaw-master-skills~moltflow-admin/file -o moltflow-admin.md> **MoltFlow** — WhatsApp Business automation for teams. Connect, monitor, and automate WhatsApp at scale.
> ***Due to high demand and a recent registration issue, we're offering our top-tier Business plan with unlimited quotas for just $19.90/month on yearly billing — for a limited time only.*** [**Claim the deal**](https://buy.stripe.com/cNifZibX7gpQebJ0nsfnO00)
> Free tier available. [Sign up](https://molt.waiflow.app/checkout?plan=free)
# MoltFlow Admin Skill
Manage authentication, billing, API keys, usage tracking, and tenant settings for MoltFlow.
## Real-World Scenarios
**Agency managing 5 clients** — "Create a scoped API key for each client that only lets them send messages and read their own groups — nothing else."
**Startup scaling up** — "Check my current plan usage and tell me if I'm about to hit my message limit so I can upgrade before the campaign."
**Compliance officer** — "Show me the daily usage breakdown for this month so I can audit how many messages each session sent."
## When to Use
Use this skill when you need to:
- Authenticate with MoltFlow (login, token refresh, magic link)
- Manage API keys (create, rotate, revoke)
- Check subscription status, plan limits, or usage
- Create a Stripe checkout session or billing portal link
Trigger phrases: "login to MoltFlow", "create API key", "check subscription", "billing portal", "usage report"
## Prerequisites
- **MOLTFLOW_API_KEY** — required for most endpoints. Generate from [MoltFlow Dashboard > API Keys](https://molt.waiflow.app/api-keys)
- Auth endpoints (`/auth/*`) accept email/password — no API key needed for initial login
## Base URL
```
https://apiv2.waiflow.app/api/v2
```
## Required API Key Scopes
| Scope | Access |
|-------|--------|
| `settings` | `manage` |
| `usage` | `read` |
| `billing` | `manage` |
| `account` | `manage` |
## Authentication
All requests (except login/signup) require one of:
- `Authorization: Bearer <access_token>` (JWT from login)
- `X-API-Key: <api_key>` (API key from dashboard)
---
## Auth Endpoints
| Method | Endpoint | Description |
|--------|----------|-------------|
| POST | `/auth/login` | Login with email/password |
| POST | `/auth/refresh` | Refresh access token |
| GET | `/auth/me` | Get current user profile |
| POST | `/auth/logout` | Invalidate session |
| POST | `/auth/forgot-password` | Request password reset email |
| POST | `/auth/reset-password` | Confirm password reset |
| POST | `/auth/verify-email` | Verify email address |
| POST | `/auth/magic-link/request` | Request magic link login |
| POST | `/auth/magic-link/verify` | Verify magic link token |
| POST | `/auth/setup-password` | Set password for magic-link users |
### Login — Request/Response
```json
// POST /auth/login
{
"email": "user@example.com",
"password": "your-password"
}
// Response
{
"access_token": "eyJhbGciOi...",
"refresh_token": "eyJhbGciOi...",
"token_type": "bearer",
"user": {
"id": "uuid",
"email": "user@example.com",
"full_name": "John Doe",
"role": "owner",
"tenant_id": "uuid"
}
}
```
---
## User Management
Self-service user profile endpoints (authenticated user):
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/users/me` | Get own profile |
| PATCH | `/users/me` | Update own profile |
---
## API Keys
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/api-keys` | List all API keys |
| POST | `/api-keys` | Create new key |
| GET | `/api-keys/{id}` | Get key details |
| DELETE | `/api-keys/{id}` | Revoke key |
| POST | `/api-keys/{id}/rotate` | Rotate key (new secret) |
### Create API Key — Request/Response
```json
// POST /api-keys
{
"name": "outreach-bot",
"scopes": ["messages:send", "custom-groups:manage", "bulk-send:manage"],
"expires_in_days": 90
}
// Response (raw key shown ONCE — save it immediately)
{
"id": "uuid",
"name": "outreach-bot",
"key_prefix": "mf_abc1",
"raw_key": "mf_abc1234567890abcdef...",
"scopes": ["messages:send", "custom-groups:manage", "bulk-send:manage"],
"expires_at": "2026-04-15T10:00:00Z",
"created_at": "2026-01-15T10:00:00Z",
"is_active": true
}
```
- `scopes`: **Required** array of permission scopes. Specify only the scopes needed (e.g., `["sessions:read", "messages:send"]`). See main SKILL.md for the complete scope reference.
- `expires_in_days`: Optional expiry in days (default: no expiry).
**Important:** The `raw_key` is only returned at creation time. It is stored as a SHA-256 hash — it cannot be retrieved later.
---
## Billing & Subscription
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/billing/subscription` | Current plan, limits, and usage |
| POST | `/billing/checkout` | Create Stripe checkout session |
| POST | `/billing/portal` | Get Stripe billing portal URL |
| POST | `/billing/cancel` | Cancel subscription |
| GET | `/billing/plans` | List available plans and pricing |
| POST | `/billing/signup-checkout` | Checkout for new signups |
### Check Subscription — Response
```json
{
"plan_id": "pro",
"display_name": "Pro",
"status": "active",
"billing_cycle": "monthly",
"current_period_end": "2026-02-15T00:00:00Z",
"limits": {
"max_sessions": 3,
"max_messages_per_month": 5000,
"max_groups": 10,
"max_labels": 50,
"ai_replies_per_month": 500
},
"usage": {
"sessions": 2,
"messages_this_month": 1247,
"groups": 5,
"labels": 12,
"ai_replies_this_month": 89
}
}
```
### Create Checkout — Request
```json
// POST /billing/checkout
{
"plan_id": "pro",
"billing_cycle": "monthly"
}
// Response
{
"checkout_url": "https://checkout.stripe.com/c/pay/cs_live_...",
"session_id": "cs_live_..."
}
```
---
## Usage Tracking
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/usage/current` | Current month usage summary |
| GET | `/usage/history` | Historical usage by month |
| GET | `/usage/daily` | Daily breakdown for current month |
---
## Tenant Settings
Self-service tenant configuration (owner/admin role required for writes).
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/tenant/settings` | Get current tenant settings |
| PATCH | `/tenant/settings` | Update tenant settings (owner/admin only) |
#### Response Fields
| Field | Type | Description |
|-------|------|-------------|
| `allowed_numbers` | `string[]` | Phone numbers allowed for outbound messaging |
| `require_approval` | `bool` | Whether outbound messages require admin approval |
| `ai_consent_enabled` | `bool` | Whether AI features (auto-reply, style matching) are enabled |
#### Get Tenant Settings
```bash
curl https://apiv2.waiflow.app/tenant/settings \
-H "X-API-Key: $MOLTFLOW_API_KEY"
```
### Get Settings — Response
```json
{
"allowed_numbers": ["+5511999999999"],
"require_approval": false,
"ai_consent_enabled": true
}
```
#### Update Tenant Settings
```bash
curl -X PATCH https://apiv2.waiflow.app/tenant/settings \
-H "X-API-Key: $MOLTFLOW_API_KEY" \
-H "Content-Type: application/json" \
-d '{"ai_consent_enabled": true}'
```
### Update Settings — Request Body
All fields are optional. Only provided fields are updated.
```json
{
"allowed_numbers": ["+5511999999999", "+5511888888888"],
"require_approval": true,
"ai_consent_enabled": true
}
```
**Notes:**
- `ai_consent_enabled` records a GDPR consent entry (consent type `ai_processing`, version `1.0`) with the user's IP and user-agent.
- Any authenticated user can read settings; only `owner` or `admin` roles can update.
---
## curl Examples
### 1. Login and Get Token
```bash
curl -X POST https://apiv2.waiflow.app/api/v2/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "your-password"
}'
```
### 2. Create a Scoped API Key
```bash
curl -X POST https://apiv2.waiflow.app/api/v2/api-keys \
-H "X-API-Key: $MOLTF