Salesforce SAP MCP

Salesforce SAP MCP

Enables Claude AI to securely query live SAP inventory data through Salesforce by invoking typed Apex methods via MCP, using OAuth 2.0 JWT Bearer flow for authentication.

Category
Visit Server

README

Salesforce SAP MCP Integration

Claude connects directly to Salesforce via a custom MCP Server, invoking Apex to fetch live SAP inventory data. No middleware. No Flow. Direct agent-to-backend integration.


Business Problem

AI agents need a secure, structured way to call enterprise backend systems — not screen scraping, not unstructured API calls. MCP (Model Context Protocol) solves this by exposing typed, governed tools that an LLM can call directly.

This project proves Claude can securely query live SAP inventory data through Salesforce, using Apex as the typed execution layer.


Architecture

Architecture

How It Works

  1. Claude calls the registered MCP tool SAPInventoryService with a SKU
  2. Request authenticated via OAuth 2.0 JWT Bearer flow through the External Client App
  3. Salesforce MCP Server routes the call to the Apex InvocableMethod
  4. Apex makes an HTTP callout via Named Credential to the SAP endpoint
  5. Response parsed and returned as typed output
  6. Claude composes a natural language answer from the structured data

Live Verified Response

Field Value
SKU IPX-200
Product Industrial Pump X200
Available Qty 850 units
Status In Stock
Warehouse Mumbai WH-1
Lead Time 3 days

Components

Component Type Purpose
SalesforceSAPMCP MCP Server Definition Exposes Apex as MCP tool
Claude_Connect_Salesforce_MCP External Client App OAuth/JWT auth for Claude
SAPInventoryService Apex Class (Invocable) Calls SAP, returns typed result
SAPInventoryServiceTest Apex Test Class Test coverage
SAP_Mock_API Named Credential Secure SAP endpoint URL
SAP_Mock_External External Credential Auth configuration
SAP_Agent_Access Permission Set Apex + object access

Security — JWT Bearer Flow

Step What Happens
1 Claude authenticates using a signed JWT, not username/password
2 Salesforce validates the JWT signature against the registered certificate
3 Salesforce issues a session token scoped to the MCP server's permitted tools
4 No long-lived credentials exposed — every session is token-based and short-lived

Same auth pattern enterprises use for server-to-server integrations, applied here to agent-to-backend communication.

Apex Implementation

@InvocableMethod(
    label='Get SAP Inventory'
    description='Fetches live inventory data from SAP for a given product SKU'
)
global static List<InventoryResult> getInventory(List<InventoryRequest> requests) {
    // Calls SAP_Mock_API named credential
    // Returns typed InventoryResult: productName, availableQty, 
    // warehouse, leadTimeDays, status
}

Typed request/response wrapper classes mean the MCP tool schema is strongly typed — Claude knows exactly what input is required and what shape the response takes.

Problems Faced & How They Were Solved

Problem Root Cause Fix
External Credential access error on Apex callout MCP server's execution user lacked the External Credential principal mapping Added principal mapping to SAP_Agent_Access permission set, assigned to integration user
MCP tool not appearing for Claude Apex method not registered in McpServerDefinition metadata Added tool registration block mapping SAPInventoryService as a callable tool

Prerequisites

Requirement Detail
Salesforce org MCP Server support enabled
External Client App JWT Bearer Flow configured
Salesforce CLI npm install -g @salesforce/cli

Deployment

sf org login web
sf project deploy start --manifest package.xml
sf org assign permset --name SAP_Agent_Access
sf org assign permset --name SAP_Mock_API_Access

Admin Configuration

Step Action
1 External Client App — enable "Issue JWT-based access tokens" under OAuth settings
2 Upload certificate — generate self-signed cert, upload public key to External Client App
3 Permission Set Mapping — map External Credential principal to integration user's permission set
4 MCP Server Definition — verify SAPInventoryService tool is listed and active
5 Connect from claude.ai — add Salesforce MCP connector using the org's My Domain URL, not api.salesforce.com

Demo

Claude calling Salesforce MCP Claude calling Salesforce MCP

Production Considerations

Area Current State Production Fix
SAP endpoint Mock via Beeceptor Update Named Credential URL to real S/4HANA endpoint — no Apex changes needed
Error handling Apex returns success:false with errorMessage on failure Already production-ready — Claude surfaces errors gracefully
Rate limiting Single SKU per call Add governor limit checks for bulk SKU lookups

Key Insight

The agent is a trigger, not an executor. Claude extracts the SKU from natural language and calls a typed Apex method — validation rules, sharing rules, and business logic all still apply. MCP is the contract layer that makes this connection type-safe and secure.

Tech Stack

Layer Technology
AI Connector Claude (claude.ai MCP connector)
Auth OAuth 2.0 JWT Bearer Flow
Backend Logic Apex (@InvocableMethod)
Credential Management Named Credentials + External Credentials
MCP Layer Salesforce MCP Server Definition

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured