Skip to main content
Returns the full WebMCP-compliant JSON manifest for a website. This is the data AI agents read to understand your site’s available actions.

Request

GET https://openhermit.com/api/manifest?key=YOUR_API_KEY
Or via the canonical WebMCP path (recommended — works via a rewrite): 
GET https://yoursite.com/.well-known/webmcp.json

Response

{
  "webmcp_version": "1.0",
  "site": {
    "name": "Acme Corp",
    "domain": "acme.com",
    "description": "We build great products.",
    "agent_instructions": "This site has 2 agent-ready actions: contact_form and book_consultation."
  },
  "actions": [
    {
      "name": "Contact Form",
      "type": "contact_form",
      "tool_name": "contact_form",
      "description": "Send a message to the Acme team",
      "selector": "#contact-form",
      "page_url": "https://acme.com/contact",
      "enabled": true,
      "before_prompt": "Have name, email and question ready.",
      "success_prompt": "Message sent. We reply within 24 hours.",
      "failure_prompt": "Email hello@acme.com directly.",
      "next_action": {
        "url": "https://calendly.com/acme/30min",
        "label": "Book a meeting"
      },
      "fields": [
        { "name": "name", "type": "text", "required": true },
        { "name": "email", "type": "email", "required": true },
        { "name": "message", "type": "textarea", "required": false }
      ]
    }
  ]
}

Notes

  • Only enabled actions are included. Disabled actions are omitted entirely.
  • The /.well-known/webmcp.json path is handled via a Next.js rewrite — no separate file is needed on your server.
  • Response includes X-WebMCP: enabled and X-OpenHermit: 1.0 headers.
  • This endpoint is public — no authentication required (the API key is in the query string, identifying which site to return).

CORS

Accepts cross-origin requests (Access-Control-Allow-Origin: *).