AgentPay MCP Server
Provides a trust and governance layer for AI agents, enabling secure API access, credential vaulting, paid execution with human approval, and automatic call resume.
README
AgentPay
<p align="center"> <strong>Trust + capability vault + governed paid execution for agents.</strong> </p>
<p align="center"> <a href="https://www.npmjs.com/package/@agentpayxyz/mcp-server"><img src="https://img.shields.io/npm/v/%40agentpayxyz%2Fmcp-server?color=4ade80&label=mcp-server" alt="npm"></a> <a href="https://github.com/Rumblingb/Agentpay/actions/workflows/ci.yml"><img src="https://github.com/Rumblingb/Agentpay/actions/workflows/ci.yml/badge.svg" alt="CI"></a> <img src="https://img.shields.io/badge/status-live_beta-4ade80" alt="Live Beta"> <img src="https://img.shields.io/badge/license-BSL--1.1-blue" alt="License"> <a href="https://github.com/Rumblingb/Agentpay"><img src="https://img.shields.io/github/stars/Rumblingb/Agentpay?style=social" alt="Stars"></a> </p>
AgentPay is the authority layer between an AI agent and the real world. It handles provider access, funding authority, human approval, exact-call resume, and proof so agents can finish work end to end without raw secrets in chat or repeated dashboard setup.
It is not a generic "agent platform." It is the trust seam that makes autonomous execution usable.
npx -y @agentpayxyz/mcp-server
That one command gives any MCP-compatible host the ability to:
- request API access
- vault credentials without exposing the raw key to the agent
- run governed paid execution
- pause for OTP or approval only when needed
- resume the exact blocked call automatically
- reuse governed access later from the same workbench
Why it exists
Agents fail at the same place every time:
- they need an API the developer has not wired yet
- they need a credential the human should not paste into chat
- they hit a paid step and lose continuity
AgentPay fixes that seam.
Capability Vault Users connect a provider once through AgentPay. The raw credential is vaulted server-side. The agent receives only governed capability access.
Governed paid execution Humans set guardrails once: funding rail, auto-approve limit, OTP policy, and spend limits. AgentPay enforces those rules when the agent acts.
Exact-call resume When a paid step needs a human, AgentPay pauses, collects the minimum approval, and resumes the exact blocked call without asking the agent to reconstruct it.
Same-workbench reuse Local projects never need raw provider keys. AgentPay can issue opaque, revocable workbench leases so the same workbench can reuse governed access later.
The inevitable path
This is the path AgentPay is built around:
- Agent asks for an API.
- AgentPay checks whether governed access already exists.
- If not, AgentPay runs one hosted setup flow for authority and provider connection.
- The agent uses the capability for free until paid usage is required.
- AgentPay pauses for OTP or confirmation only if policy requires it.
- AgentPay resumes the exact blocked call.
- The same workbench can reuse governed access later without re-entering the secret.
Get started in 30 seconds
Add AgentPay to Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"agentpay": {
"command": "npx",
"args": ["-y", "@agentpayxyz/mcp-server"],
"env": {
"AGENTPAY_API_KEY": "apk_your_key_here",
"AGENTPAY_MERCHANT_ID": "your_merchant_id"
}
}
}
}
Get your API key:
curl -s -X POST https://api.agentpay.so/api/merchants/register \
-H "Content-Type: application/json" \
-d '{ "name": "My Agent", "email": "you@example.com" }'
Now ask your host:
"My agent needs Firecrawl. Set a $5 auto-approve limit, ask for OTP above that, and keep the key out of chat."
Or:
"My agent needs Databento for this workbench. If access already exists, reuse it. If not, start the minimal AgentPay setup flow."
Terminal-native control plane
AgentPay should be operated through hosts and terminals, not a merchant dashboard.
Key surfaces:
GET /api/capabilities/authority-bootstrapPOST /api/capabilities/authority-bootstrapPOST /api/capabilities/access-resolvePOST /api/capabilities/onboarding-sessionsPOST /api/capabilities/lease-executeGET /api/capabilities/leasesPOST /api/capabilities/leases/:leaseId/revokePOST /api/capabilities/:capabilityId/execute
These let a host or agent:
- read authority state
- set guardrails
- connect providers
- request human approval only when needed
- reuse governed access safely later
Flagship provider paths
The current wedge is strongest when AgentPay owns setup and continuity for high-value agent APIs.
Current priority paths:
- Databento
- Firecrawl
- Browserbase
- Exa
- Generic REST API fallback
The product goal is simple: visiting provider dashboards should become the exception, not the default.
Remote MCP
For hosts that support remote MCP:
https://api.agentpay.so/api/mcp
Authenticate with your API key as a Bearer token, or mint a short-lived token for Claude, OpenAI, or another remote MCP host:
curl -X POST https://api.agentpay.so/api/mcp/tokens \
-H "Authorization: Bearer apk_your_key_here" \
-d '{ "audience": "openai", "ttlSeconds": 3600 }'
Ace - built on AgentPay
Ace is a proof front door built on AgentPay. It demonstrates the core seam under real-world conditions. It is not the core story.
Product truth
If a human still has to:
- paste a raw provider key into chat
- rebuild a blocked call after payment
- keep reopening provider dashboards
- or lose continuity between approval and execution
then the product is still unfinished.
Developer resources
| Resource | Link |
|---|---|
| Quickstart | QUICKSTART.md |
| MCP server reference | packages/mcp-server/README.md |
| Full API reference | openapi.yaml |
| Terminal-native control plane | docs/TERMINAL_NATIVE_CONTROL_PLANE_20260419.md |
| Examples | examples/README.md |
| Security model | docs/SECURITY_MODEL.md |
Repository layout
apps/
api-edge/ Cloudflare Workers public API
meridian/ Ace front door
packages/
mcp-server/ Published MCP package
sdk/ TypeScript SDK
sdk-node/ Node.js SDK
examples/ Example agents and adapters
docs/ Architecture and product notes
migrations/ PostgreSQL migrations
ops/ Founder and growth operating artifacts
License
Business Source License 1.1. Converts to AGPL-3.0 on 2029-01-01.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.