Magento MCP Server
Enables AI assistants to manage Adobe Commerce and Magento 2 instances through business-level tools for catalog, promotions, CMS, and SEO. It features secure OAuth 1.0 authentication, safety guardrails for bulk operations, and built-in diagnostic reports for store health.
README
Magento MCP Server
An MCP (Model Context Protocol) server for Adobe Commerce / Magento 2 administration. Connects AI assistants like Claude, Windsurf, Cursor, and other MCP-compatible clients to your Magento instance for business-level operations — catalog management, promotions, CMS, diagnostics, and more.
Features
- 30+ tools for Magento administration via the standard MCP protocol
- OAuth 1.0 (HMAC-SHA256) integration authentication — no 2FA prompts
- Two-phase commit for bulk operations (prepare → review → commit)
- Built-in guardrails — bulk caps, price change warnings, confirmation requirements
- Multi-store aware — explicit scope handling for websites, stores, and store views
- Audit logging — every action logged with timestamps, user, and parameters
Available Tools
Auth & Scope
auth.login/auth.logout/auth.whoami— session managementscope.list_websites_stores/scope.set_default— multi-store scope
Catalog
catalog.search_products— search with filters, pagination, field projectioncatalog.get_product— full product details by SKUcatalog.prepare_bulk_update/catalog.commit_bulk_update— two-phase bulk product updates
Pricing
pricing.prepare_bulk_price_update/pricing.commit_bulk_price_update— safe bulk price changes with threshold warnings
Promotions
promotions.search_rules/promotions.get_rule— find and inspect cart price rulespromotions.prepare_cart_price_rule_create/promotions.commit_cart_price_rule_create— create rules safelypromotions.update_rule/promotions.enable_rule/promotions.disable_rulepromotions.generate_coupons/promotions.export_coupons
CMS
cms.search_pages/cms.get_page— find and read CMS pagescms.prepare_bulk_update_pages/cms.commit_bulk_update_pagescms.search_blocks/cms.get_blockcms.prepare_bulk_update_blocks/cms.commit_bulk_update_blocks
SEO
seo.prepare_bulk_update_url_keys/seo.commit_bulk_update_url_keys— URL key changes with collision detectionseo.bulk_update_meta— bulk meta title/description/keyword updatesseo.report_redirect_chains— find redirect chain issues
Diagnostics
diagnostics.product_display_check— why isn't my product showing?diagnostics.indexer_status_report— indexer health checkdiagnostics.inventory_salable_report— MSI stock/salable quantity
Cache
cache.purge_by_url/cache.purge_product/cache.purge_category— targeted cache invalidation (Fastly or fallback)
Quick Start
Prerequisites
- Node.js 18+
- A Magento 2 / Adobe Commerce instance
- An Integration configured in Magento with appropriate API permissions
Installation
git clone https://github.com/thomastx05/magento-mcp.git
cd magento-mcp
npm install
npm run build
Magento Integration Setup
- In Magento Admin, go to System > Integrations > Add New Integration
- Give it a name (e.g., "MCP Server")
- Under API, select the resources you want to expose
- Save and Activate the integration
- Copy the four OAuth credentials:
- Consumer Key
- Consumer Secret
- Access Token
- Access Token Secret
MCP Client Configuration
Add to your MCP client config (e.g., mcp_config.json for Windsurf, claude_desktop_config.json for Claude Desktop):
{
"mcpServers": {
"magento-mcp": {
"command": "node",
"args": ["C:/path/to/magento-mcp/dist/index.js"],
"env": {
"MAGENTO_BASE_URL": "https://your-magento-instance.com",
"MAGENTO_OAUTH_CONSUMER_KEY": "your_consumer_key",
"MAGENTO_OAUTH_CONSUMER_SECRET": "your_consumer_secret",
"MAGENTO_OAUTH_TOKEN": "your_access_token",
"MAGENTO_OAUTH_TOKEN_SECRET": "your_access_token_secret"
}
}
}
}
Alternative: Username/Password Auth
If you prefer admin token auth instead of OAuth (requires handling 2FA if enabled):
{
"env": {
"MAGENTO_BASE_URL": "https://your-magento-instance.com",
"MAGENTO_ADMIN_USERNAME": "your_admin_user",
"MAGENTO_ADMIN_PASSWORD": "your_admin_password"
}
}
Usage
Once configured, call auth.login first to establish a session, then use any tool:
> auth.login
Login successful (OAuth 1.0 integration)
> catalog.search_products { filters: { name: { value: "%eye drops%", condition: "like" } } }
Found 12 products...
> diagnostics.inventory_salable_report { sku: "PROD-001" }
Qty: 3,805 | In Stock: Yes | Backorders: Enabled
Architecture
src/
index.ts # MCP server entry point (McpServer + StdioServerTransport)
config/index.ts # Configuration & guardrail defaults
actions/ # Tool handlers (one file per domain)
auth.ts
catalog.ts
pricing.ts
promotions.ts
cms.ts
seo.ts
diagnostics.ts
cache.ts
scope.ts
client/
magentoRest.ts # REST client with OAuth 1.0 signing
fastlyClient.ts # Optional Fastly CDN integration
session/
sessionStore.ts # In-memory session & OAuth credential storage
planStore.ts # Two-phase commit plan storage
idempotencyLedger.ts
validation/
schemas.ts # Zod input schemas for all tools
guardrails.ts # Safety checks (bulk caps, price thresholds, confirmations)
protocol/
types.ts # TypeScript interfaces
audit/
auditLogger.ts # Action audit trail (JSONL)
Security
- No credentials stored on disk — OAuth tokens are passed via environment variables and kept in memory only
- Magento ACL enforced — the integration's API permissions control what the server can do
- Guardrails on top — bulk operation caps, price change thresholds, and confirmation requirements provide defense-in-depth
- Two-phase commit — destructive bulk operations require explicit review and confirmation
- Audit trail — every action is logged with timestamp, user, parameters, and result
Configuration
Guardrails and limits are configurable in src/config/index.ts:
| Setting | Default | Description |
|---|---|---|
maxSkusPerBulkCommit |
500 | Max products per bulk update |
maxCouponQtyPerGeneration |
1000 | Max coupons per generation |
priceChangeThresholdPercent |
50 | Warning threshold for price changes (%) |
maxDiscountPercent |
50 | Max percent discount without override |
allowedCatalogUpdateFields |
name, description, status, visibility, ... | Whitelist for bulk catalog updates |
Optional: Fastly CDN Integration
For targeted cache purge via Fastly, add these environment variables:
{
"env": {
"FASTLY_SERVICE_ID": "your_service_id",
"FASTLY_API_TOKEN": "your_api_token"
}
}
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.