abTestBot Agent Gateway
Connect AI agents and LLM assistants to abTestBot's A/B testing research and experiment management services. Supports both MCP (Model Context Protocol) and A2A (Agent-to-Agent Protocol).
What You Can Do
- Register a new website and get back the tracking snippet to install
- List your registered websites
- Get AI-analyzed site intelligence (industry, competitors, keywords)
- List and filter A/B test ideas
- Generate new AI-powered test ideas
- Generate variant code from a natural-language prompt — no pre-existing idea required (e.g. "change the hero price from $99 to $499 and update the Stripe link")
- List, inspect, and create experiments
- Launch always-on Continuous Loops that auto-iterate champion-challenger experiments with statistical guardrails (Bayesian sequential, 7-day floor, 95% P-to-win, regression checks)
All calls are billed per-credit. Purchase credits →
Prerequisites
- An abTestBot account on any plan
- Credits — buy a pack from Settings → Billing → Agent Credits (Starter $9/100, Growth $39/500, Scale $129/2,000). Enterprise plans include unlimited usage — no credits needed.
- An API key (
sk_live_...) from Settings → API (available once your first pack is purchased, or automatically on the Enterprise plan)
MCP Setup
There are two ways to connect. OAuth is the easy path — you give your client just the URL and sign in once in your browser. The API key path is for clients that only support a static bearer header.
Option A — OAuth (recommended)
The gateway is a full OAuth 2.1 authorization server. Clients that support MCP OAuth (Claude, Cursor, and others) only need the server URL — they discover the auth endpoints, register themselves, and run the sign-in flow automatically:
https://agent.abtestbot.com/mcp
What happens:
- Your client hits
/mcp, gets a401pointing at the gateway's authorization server, and opens a browser window. - You log in to abTestBot the normal way (email/password or Google) and pick which workspace to grant access to, then click Authorize. No keys, no copy-paste.
- The client receives a short-lived access token (auto-refreshed) — no secret is stored in your config. Revoke access anytime by removing your membership / the connection in workspace settings.
Claude Code (CLI):
claude mcp add --transport http abtestbot https://agent.abtestbot.com/mcp
# then run /mcp inside Claude Code and complete the browser sign-in
Claude Desktop / Cursor / other UI clients: add a remote MCP server with the URL https://agent.abtestbot.com/mcp and complete the browser prompt when it appears.
See oauth.md for the full flow, endpoints, and client-implementer details.
Option B — Static API key
For clients that take a bearer header directly:
{
"mcpServers": {
"abtestbot": {
"url": "https://agent.abtestbot.com/mcp",
"headers": {
"Authorization": "Bearer sk_live_YOUR_KEY_HERE"
}
}
}
}
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"abtestbot": {
"url": "https://agent.abtestbot.com/mcp",
"headers": { "Authorization": "Bearer sk_live_..." }
}
}
}
Then ask Claude: "List my sites on abTestBot", "Generate 5 A/B test ideas for site [id]", or "Start a continuous loop on my pricing page headline"
Continuous Loops
The gateway exposes 4 tools for always-on optimization: create_loop, pause_loop, resume_loop, and get_loop_status. Once started, a loop runs a champion-challenger cycle on a target page — the AI authors each new challenger, only statistically defensible winners get promoted (Bayesian sequential, 7-day round floor, ≥500 samples/arm, 95% probability-to-win, regression checks every 8th round), and the loop auto-pauses after 3 consecutive inconclusive rounds.
See tools.md → Continuous Loops for params, credits, and example MCP requests.
A2A Setup (n8n, LangGraph, AutoGPT, CrewAI, etc.)
Agent Card URL (for discovery):
https://agent.abtestbot.com/.well-known/agent.json
Task endpoint:
POST https://agent.abtestbot.com/a2a/tasks
Authorization: Bearer sk_live_...
Content-Type: application/json
{
"id": "your-task-id",
"message": {
"role": "user",
"parts": [
{
"type": "data",
"data": {
"tool": "list_sites",
"params": {}
}
}
]
}
}
Health Check
curl https://agent.abtestbot.com/health
# → {"ok":true}
Security
Your sk_live_ key is a bearer token — anyone with it can spend your credits (or, on Enterprise, use your unlimited agent-gateway access) until you revoke it. Treat it like a password.
Safe placements
- Server-side environment variables, CI/CD secret stores
- Local MCP client config files (e.g.
claude_desktop_config.json) — these stay on your machine and aren't shipped anywhere - A password manager
Never
- Frontend JavaScript or browser-exposed code
- Git repositories, even private ones (git history is forever)
- Public blog posts, tweets, Stack Overflow, YouTube screenshots — use the placeholder
sk_live_YOUR_KEY_HEREin examples - Plain-text chat / email
If a key leaks: Settings → API → revoke it, then generate a new one. Revocation propagates within 60 seconds (our auth-cache TTL). Deactivated keys cannot be reactivated — you'll need to generate a replacement.
Building a public tool on top of abTestBot? Route all calls through your own backend so the key never reaches end users' browsers. If you ship a desktop/CLI tool, have each end user generate their own key in their own abTestBot workspace — don't bundle a single key into distributed binaries.
Server-side, we only store the SHA-256 hash of each key — so even if our database leaked, the raw keys can't be recovered. But if the raw key leaks from your code or repo, it is fully usable by anyone who finds it until revoked.
Reference
- OAuth guide — connect with just a URL; endpoints and flow details
- Tool reference — all tools, parameters, credit costs, examples
- Credits guide — how billing works, purchasing packs
- Portability guide — use this gateway in your own project