# Sencha — testimonials, run by your agent Sencha collects text + video testimonials from customers and puts them on your site. Every capability is operable by an agent over MCP and REST: your agent decides when and who to ask, Sencha runs the machinery (hosted forms, request emails + follow-ups, consent records, approval inbox, widgets). Trust stance: the agent runs logistics; humans write every word. Requests trace to real customers ("verified customer" badge), imported praise stays visibly distinct from submitted, and nothing goes public without approval unless the workspace explicitly opts in. ## Authentication One API key unlocks everything: Authorization: Bearer sn_live_... Create keys in Settings → API keys. The full key is shown once. ## MCP (recommended for agents) Endpoint: https://sencha.to/api/mcp (streamable HTTP) Connect with Claude Code: claude mcp add --transport http sencha https://sencha.to/api/mcp \ --header "Authorization: Bearer sn_live_..." ~25 tools covering the whole loop: get_project_overview, list/create/update projects, forms (create_form returns the public collection URL), contacts (upsert_contact, suppress_contact), send_request (personalized ask — drafts wait for human OK unless autoSendRequests is on), list/get/cancel requests, create_testimonial (import with provenance), list/get/update/approve/reject testimonials (approve respects the autoPublish gate), create_widget (returns the embed snippet), update/list widgets, get_embed (script|iframe|react|json|jsonld), get_stats, and webhooks. ## REST API Catalog: GET https://sencha.to/api/v1 (self-describing, no auth needed) GET /api/v1/overview orient: counts, response rate, wall URL GET /api/v1/stats GET|POST /api/v1/projects PATCH /api/v1/projects/:id GET|POST /api/v1/forms PATCH /api/v1/forms/:id GET|POST /api/v1/contacts POST /api/v1/contacts/:id/suppress GET|POST /api/v1/requests GET /api/v1/requests/:id POST /api/v1/requests/:id/cancel GET|POST /api/v1/testimonials GET|PATCH /api/v1/testimonials/:id POST /api/v1/testimonials/:id/approve POST /api/v1/testimonials/:id/reject GET|POST /api/v1/widgets PATCH /api/v1/widgets/:id GET /api/v1/widgets/:id/embed?format=script|iframe|react|json|jsonld GET|POST /api/v1/webhooks DELETE /api/v1/webhooks/:id Public (no auth): GET /api/embed/:widgetId returns a widget's published testimonials as JSON for build-time/SSR use. ## Outbound webhooks Events: testimonial.received, testimonial.published, request.completed, request.bounced. Each delivery is signed: x-sencha-signature: sha256=hex(hmac_sha256(secret, timestamp + "." + body)) with the timestamp echoed in x-sencha-timestamp. The signing secret is returned once when the endpoint is created. ## Approval gates - autoSendRequests off (default): send_request leaves a drafted email for a human OK in the dashboard; status "draft" is success. - autoPublish off (default): agent approvals land approved-but-unpublished; a human releases them. publishedAt null is success. Politeness is enforced server-side: suppression, 90-day per-contact cooldown, idempotency keys, one-click unsubscribe on every email.