Neo integrates with ScalePad so agents can read client and asset data, manage Lifecycle Manager content (notes, meetings, goals, deliverables), work with ControlMap compliance, and create quotes — all from inside the workflows you build.Documentation Index
Fetch the complete documentation index at: https://docs.neoagent.io/llms.txt
Use this file to discover all available pages before exploring further.
ScalePad uses a single API key per MSP — there’s no per-end-client tenant URL. Configure it once and every workflow with ScalePad permissions can use it.
Get your API key from ScalePad
- Log in to your ScalePad account.
- Go to Settings → API Keys.
- Generate a new key with the scopes you need (Core, Lifecycle Manager, ControlMap, Quoter).
- Copy the key — it’s a UUID.
Add the integration in Neo
- In the Neo Dashboard, open Integrations.
- Find the ScalePad section.
- Paste your API key and save.
The four modules
ScalePad’s API is organized into four modules. Neo’s permission groups match this organization one-to-one.| Module | What lives there |
|---|---|
| Core | Clients and hardware assets (workstations, servers, network devices, mobile) synced into ScalePad from your PSA |
| Lifecycle Manager | Notes (ProseMirror JSON), meetings, goals, initiatives, meeting types, deliverable PDFs |
| ControlMap | Compliance health metrics, evidences, risks, reports |
| Quoter | Quotes, quote templates, line items, catalog (categories, item groups, item options) |
Permission groups
Each module is a permission group with Disabled / Read Only / Read-Write access levels. Core is Read Only by API design — ScalePad’s Core endpoints don’t accept writes.| Permission Group | Access Levels | What writing does |
|---|---|---|
| Core | Disabled, Read Only | No writes (Core is read-only at the API level) |
| Lifecycle Manager | Disabled, Read Only, Read/Write | Create and update notes, meetings, goals, initiatives. Delete is opt-in. |
| ControlMap | Disabled, Read Only, Read/Write | Create evidences, update risks. Writes always require technician approval — even with auto mode on. Delete is opt-in. |
| Quoter | Disabled, Read Only, Read/Write | Manage quotes, templates, line items, and catalog. Delete is opt-in. |
ControlMap writes always require approval — compliance evidence and risk changes are high-impact, so the agent always pauses for a technician regardless of your other settings.
Access profiles
Quick-start profiles set all four groups at once:Read Only
All 4 modules read-only. The agent can look up anything but cannot make changes.
Operations Manager
Lifecycle Manager + Quoter read/write (autonomous). Core + ControlMap read-only.
Full Access
Lifecycle Manager + Quoter + ControlMap read/write with deletes enabled. Core stays read-only. ControlMap writes still require approval.
Safety controls
- Core is read-only. No matter what profile you pick, Core never writes — this matches the ScalePad API design.
- ControlMap writes are always approval-gated. Compliance changes pause for a technician regardless of agent auto-mode.
- Delete is opt-in. Each writable permission group has a separate “Allow Delete” toggle — Read/Write doesn’t grant delete by default.
- Path traversal blocked. Tool input is validated — URL paths containing
..are rejected to prevent permission bypass.
How agents call ScalePad
When any ScalePad permission group is non-disabled, Neo auto-injects the ScalePad API tool into the agent’s toolbox — no extra setup needed. The agent constructs requests againsthttps://api.scalepad.com, for example:
GET core/v1/clients→ list clients (Core, read)POST lifecycle-manager/v1/notes→ create a note (Lifecycle Manager, write)POST controlmap/v1/clients/{id}/reports→ list reports (ControlMap — POST but treated as read because the endpoint is registered as a query-POST)
Security
- API keys are stored in Azure Key Vault, never in plaintext.
- All ScalePad traffic is HTTPS to
https://api.scalepad.com. - Agent write access is opt-in per module.
- Compliance (ControlMap) writes are always behind technician approval.