webflow-install-auth
Install the Webflow JS SDK (webflow-api) and configure OAuth 2.0 or API token authentication. Use when setting up a new Webflow integration, configuring access tokens, or initializing the WebflowClient in your project. Trigger with phrases like "install webflow", "setup webflow", "webflow auth", "configure webflow API token", "webflow OAuth".
Best use case
webflow-install-auth is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Install the Webflow JS SDK (webflow-api) and configure OAuth 2.0 or API token authentication. Use when setting up a new Webflow integration, configuring access tokens, or initializing the WebflowClient in your project. Trigger with phrases like "install webflow", "setup webflow", "webflow auth", "configure webflow API token", "webflow OAuth".
Teams using webflow-install-auth should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/webflow-install-auth/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How webflow-install-auth Compares
| Feature / Agent | webflow-install-auth | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Install the Webflow JS SDK (webflow-api) and configure OAuth 2.0 or API token authentication. Use when setting up a new Webflow integration, configuring access tokens, or initializing the WebflowClient in your project. Trigger with phrases like "install webflow", "setup webflow", "webflow auth", "configure webflow API token", "webflow OAuth".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Webflow Install & Auth
## Overview
Set up the official Webflow JS SDK (`webflow-api` on npm) and configure authentication
using either a workspace/site API token or OAuth 2.0 for Data Client Apps.
## Prerequisites
- Node.js 18+
- npm, pnpm, or yarn
- A Webflow account with a workspace
- An API token (workspace or site) from `https://developers.webflow.com`
## Instructions
### Step 1: Install the SDK
```bash
# npm
npm install webflow-api
# pnpm
pnpm add webflow-api
# yarn
yarn add webflow-api
```
The package is `webflow-api` (not `@webflow/sdk`). Current version: 3.x (Data API v2).
### Step 2: Choose Authentication Method
Webflow offers two auth methods:
| Method | Use Case | Scope |
|--------|----------|-------|
| **API Token** (workspace) | Server-side scripts, internal tools | All sites in workspace |
| **API Token** (site) | Single-site integrations | One site only |
| **OAuth 2.0** | Public apps, Webflow Marketplace apps | User-authorized scopes |
### Step 3: Token-Based Authentication
```bash
# Set environment variable (never hardcode tokens)
echo 'WEBFLOW_API_TOKEN=your-token-here' >> .env
echo '.env' >> .gitignore
```
```typescript
import { WebflowClient } from "webflow-api";
// Initialize with workspace or site token
const webflow = new WebflowClient({
accessToken: process.env.WEBFLOW_API_TOKEN!,
});
```
### Step 4: OAuth 2.0 Flow (Data Client Apps)
For apps that need user authorization, implement the OAuth 2.0 authorization code flow:
```typescript
import express from "express";
import { WebflowClient } from "webflow-api";
const app = express();
const CLIENT_ID = process.env.WEBFLOW_CLIENT_ID!;
const CLIENT_SECRET = process.env.WEBFLOW_CLIENT_SECRET!;
const REDIRECT_URI = "https://yourapp.com/auth/webflow/callback";
// Step 1: Redirect user to Webflow authorization page
// Scopes: sites:read, sites:write, cms:read, cms:write,
// pages:read, pages:write, forms:read, ecommerce:read,
// ecommerce:write, custom_code:read, custom_code:write
app.get("/auth/webflow", (req, res) => {
const scopes = "sites:read cms:read cms:write";
const authUrl =
`https://webflow.com/oauth/authorize` +
`?client_id=${CLIENT_ID}` +
`&response_type=code` +
`&redirect_uri=${encodeURIComponent(REDIRECT_URI)}` +
`&scope=${encodeURIComponent(scopes)}`;
res.redirect(authUrl);
});
// Step 2: Exchange authorization code for access token
// The authorization code expires in 15 minutes
app.get("/auth/webflow/callback", async (req, res) => {
const code = req.query.code as string;
const response = await fetch("https://api.webflow.com/oauth/access_token", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
code,
grant_type: "authorization_code",
redirect_uri: REDIRECT_URI,
}),
});
const { access_token } = await response.json();
// Store access_token securely — it does not expire but can be revoked
const webflow = new WebflowClient({ accessToken: access_token });
const { sites } = await webflow.sites.list();
res.json({ authorized: true, siteCount: sites?.length });
});
```
### Step 5: Verify Connection
```typescript
import { WebflowClient } from "webflow-api";
const webflow = new WebflowClient({
accessToken: process.env.WEBFLOW_API_TOKEN!,
});
async function verify() {
// List all sites accessible with this token
const { sites } = await webflow.sites.list();
if (!sites || sites.length === 0) {
throw new Error("No sites accessible. Check token scopes.");
}
for (const site of sites) {
console.log(`Site: ${site.displayName} (${site.id})`);
console.log(` Short name: ${site.shortName}`);
console.log(` Last published: ${site.lastPublished}`);
}
}
verify().catch(console.error);
```
## Webflow API Scopes Reference
| Scope | Access |
|-------|--------|
| `sites:read` | List/get sites |
| `sites:write` | Publish sites |
| `cms:read` | Read collections and items |
| `cms:write` | Create/update/delete CMS items |
| `pages:read` | List/get pages |
| `pages:write` | Update page content |
| `forms:read` | Read form submissions |
| `ecommerce:read` | Read products, orders, inventory |
| `ecommerce:write` | Create/update products, fulfill orders |
| `custom_code:read` | Read registered custom code |
| `custom_code:write` | Register/apply custom code |
## Output
- Installed `webflow-api` package
- Environment variable with API token (`.env` file, git-ignored)
- Working `WebflowClient` instance
- Verified connection by listing accessible sites
## Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| `401 Unauthorized` | Invalid or revoked token | Generate new token at developers.webflow.com |
| `403 Forbidden` | Token missing required scope | Add scopes in app settings or generate new token |
| `429 Too Many Requests` | Rate limit exceeded | Wait for `Retry-After` header (60s reset) |
| `MODULE_NOT_FOUND` | Wrong package name | Use `webflow-api`, not `@webflow/sdk` |
| OAuth code expired | Authorization code > 15 min old | Re-initiate OAuth flow promptly |
## Resources
- [Webflow Developer Docs](https://developers.webflow.com)
- [SDK npm package](https://www.npmjs.com/package/webflow-api)
- [SDK GitHub repo](https://github.com/webflow/js-webflow-api)
- [OAuth Reference](https://developers.webflow.com/data/reference/oauth-app)
- [Scopes Reference](https://developers.webflow.com/data/reference/scopes)
## Next Steps
After successful auth, proceed to `webflow-hello-world` for your first API call.Related Skills
validating-authentication-implementations
Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows. Trigger with 'validate authentication', 'check auth security', or 'review login'.
workhuman-install-auth
Workhuman install auth for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman install auth".
wispr-install-auth
Wispr Flow install auth for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr install auth".
windsurf-install-auth
Install Windsurf IDE and configure Codeium authentication. Use when setting up Windsurf for the first time, logging in to Codeium, or configuring API keys for team/enterprise deployments. Trigger with phrases like "install windsurf", "setup windsurf", "windsurf auth", "codeium login", "windsurf API key".
webflow-webhooks-events
Implement Webflow webhook registration, signature verification, and event handling for form_submission, site_publish, ecomm_new_order, page_created, and more. Use when setting up webhook endpoints, implementing event-driven workflows, or handling Webflow notifications. Trigger with phrases like "webflow webhook", "webflow events", "webflow webhook signature", "handle webflow events", "webflow notifications".
webflow-upgrade-migration
Analyze, plan, and execute Webflow SDK upgrades (webflow-api v1 to v3) with breaking change detection, API v1-to-v2 migration, and deprecation handling. Trigger with phrases like "upgrade webflow", "webflow migration", "webflow breaking changes", "update webflow SDK", "webflow v1 to v2".
webflow-security-basics
Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging. Use when securing API tokens, implementing least privilege access, or auditing Webflow security configuration. Trigger with phrases like "webflow security", "webflow secrets", "secure webflow", "webflow API key security", "webflow token rotation".
webflow-sdk-patterns
Apply production-ready Webflow SDK patterns — singleton client, typed error handling, pagination helpers, and raw response access for the webflow-api package. Use when implementing Webflow integrations, refactoring SDK usage, or establishing team coding standards. Trigger with phrases like "webflow SDK patterns", "webflow best practices", "webflow code patterns", "idiomatic webflow", "webflow typescript".
webflow-reference-architecture
Implement Webflow reference architecture — layered project structure, client wrapper, CMS sync service, webhook handlers, and caching layer for production integrations. Trigger with phrases like "webflow architecture", "webflow project structure", "how to organize webflow", "webflow integration design", "webflow best practices".
webflow-rate-limits
Handle Webflow Data API v2 rate limits — per-key limits, Retry-After headers, exponential backoff, request queuing, and bulk endpoint optimization. Use when hitting 429 errors, implementing retry logic, or optimizing API request throughput. Trigger with phrases like "webflow rate limit", "webflow throttling", "webflow 429", "webflow retry", "webflow backoff", "webflow too many requests".
webflow-prod-checklist
Execute Webflow production deployment checklist — token security, rate limit hardening, health checks, circuit breakers, gradual rollout, and rollback procedures. Use when deploying Webflow integrations to production or preparing for launch. Trigger with phrases like "webflow production", "deploy webflow", "webflow go-live", "webflow launch checklist", "webflow production ready".
webflow-performance-tuning
Optimize Webflow API performance with response caching, bulk endpoint batching, CDN-cached live item reads, pagination optimization, and connection pooling. Use when experiencing slow API responses or optimizing request throughput. Trigger with phrases like "webflow performance", "optimize webflow", "webflow latency", "webflow caching", "webflow slow", "webflow batch".