For AI agents MCP 1.0

Give your agent a live view of every payment.

The topropay MCP server hands an LLM the same primitives our routing engineers use: live payments, the routing decision behind each one, approval-rate roll-ups, and a draft-and-approve path for refunds and captures. Plug into Claude, Cursor, Windsurf, or any MCP-aware client in a few lines of JSON.

  • Read-only by default
  • stdio + SSE transports
  • Signed audit trail
  • Scoped MCP keys

Overview

#What is the topropay MCP server?

Model Context Protocol is the standard interface by which LLM clients call external tools and load external context. The topropay MCP server is the bridge between an MCP client (Claude Desktop, Cursor, Windsurf, an Agentic Workflow runner) and your live topropay account.

The server is a thin process that translates MCP tool calls into authenticated REST calls against api.topropay.com. Nothing about your account leaves the boundary you already trust — the same scopes, the same audit trail, the same idempotency guarantees apply. The only difference is the caller is a model.

Capabilities

#What an agent can do once it is wired in

  • Inspect

    Read live payments & routing

    Pull any payment, see every routed attempt, and reason over the decision the engine made. Read-only by default — no chance of moving funds.

  • Analyse

    Approval-rate diagnostics

    Ask the agent why approval is down on a market or BIN. The MCP server returns connector scores, latency, and decline reasons in structured form.

  • Draft

    Prepare refunds & captures

    Agents draft refund and capture proposals. A signed approval step from a human runs them — the agent never has unilateral write access.

  • Reconcile

    Match settlement to orders

    Stream the reconciliation feed into the agent's context. It pairs deposits with order IDs and explains every variance.

  • Compose

    Generate code & runbooks

    Because the schema is in the agent's context, it can author idempotent SDK calls, dashboards, and operator runbooks that compile first try.

  • Audit

    Signed agent trail

    Every MCP call is logged with the agent identity, the prompt that triggered it, and a SHA-256 of the response — exportable for compliance.

Install

60 seconds

#Connect your client

Pick your MCP client below. Each tab shows the exact config file and the JSON block to drop in. Restart the client once and the topropay server appears as a connected tool source.

Config path ~/Library/Application Support/Claude/claude_desktop_config.json (Windows: %APPDATA%\Claude\claude_desktop_config.json)

{
  "mcpServers": {
    "topropay": {
      "command": "npx",
      "args": ["-y", "@topropay/mcp-server@latest"],
      "env": { "TOPROPAY_API_KEY": "sk_live_..." }
    }
  }
}

Config path ~/.cursor/mcp.json (or project-scoped at .cursor/mcp.json next to your repo)

{
  "mcpServers": {
    "topropay": {
      "command": "npx",
      "args": ["-y", "@topropay/mcp-server@latest"],
      "env": { "TOPROPAY_API_KEY": "sk_live_..." }
    }
  }
}

Config path ~/.codeium/windsurf/mcp_config.json (toggle the server on in Settings → Cascade → MCP after saving)

{
  "mcpServers": {
    "topropay": {
      "command": "npx",
      "args": ["-y", "@topropay/mcp-server@latest"],
      "env": { "TOPROPAY_API_KEY": "sk_live_..." }
    }
  }
}

Config path Any MCP-aware client supporting remote servers (use this when the agent runs in CI, a notebook, or an Agentic Workflow runner)

{
  "mcpServers": {
    "topropay": {
      "url": "https://mcp.topropay.com/sse",
      "headers": { "Authorization": "Bearer sk_live_..." }
    }
  }
}
  1. 01Grab an MCP-scoped key from the dashboard (Settings → API → MCP).
  2. 02Paste the JSON above into your client's config file.
  3. 03Restart the client. The topropay server shows up under connected tools.
  4. 04Ask the agent "summarise yesterday's approval rate by market". It calls approval.metrics and answers from real data.

Reference

#Tools the server exposes

Eight tools cover the read, analyse, and draft path. Tools are namespaced by resource (payments.*, routing.*) so the agent picks the right one from the name alone.

ToolScopeWhat it does
payments.search read Find payments by status, currency, customer, BIN, or window. Cursor-paginated.
payments.get read Retrieve a single payment with every routed attempt and decline reason.
routing.explain read Return the routing score table the engine saw at decision time, with per-connector inputs.
approval.metrics read Roll-up of approval / decline / cascade-recovery rates filterable by market, brand, MCC.
refunds.draft draft Stage a refund proposal. Returns the diff and the operator-approval URL — does not execute.
captures.draft draft Stage a capture (full or partial). Same approval contract as refunds.
webhooks.list read List webhook subscriptions, secrets are redacted. Useful for agent-led config audits.
reports.download read Return a settlement or reconciliation report row-set as structured data, not CSV blob.

Context

#Resources & prompts

Beyond tools, the server registers MCP resources (live documents the agent can pull into context) and prompts (named, parametrised workflows). Use prompts when you want deterministic, repeatable agent behaviour.

  • Resource topropay://schema/openapi Live OpenAPI 3.1 spec of the REST API — the agent reasons over field shapes.
  • Resource topropay://schema/events Webhook event catalogue with every payload shape and emit condition.
  • Resource topropay://docs/routing Plain-language explanation of routing strategies, with worked examples.
  • Prompt diagnose_approval_drop Pre-built prompt that walks the agent through an approval-rate regression analysis.
  • Prompt reconcile_settlement Match a settlement batch to the orders that funded it and surface anomalies.

Authentication

#Keys & scopes

MCP keys are distinct from your REST keys and carry their own scope. Issue them per agent so audit logs name the right caller and revocation is surgical.

ScopeTools enabledTypical use
readAll *.search, *.get, routing.explain, approval.metricsAnalyst agent, dashboards, research notebooks.
draftAdds refunds.draft, captures.draftOps-on-call agent that stages writes for human approval.
writeAdds direct write tools (gated behind dashboard allow-list)Reserved; off by default. Requires a written request and an IP allow-list.

Pass the key through the client's env block (local) or as a bearer header (remote). Never hard-code a key into a prompt — the agent will surface it back into context.

Security

#Security model

A model is an unreliable narrator. The MCP server is built around that assumption.

  • Read-only default. Fresh keys can only read; write scopes are explicit and dashboard-gated.
  • Drafts, not writes. Refunds and captures are staged. A human signs off in the dashboard before money moves.
  • Per-agent identity. The MCP client name and version are sent on every call and stamped into the audit log.
  • Argument cap. payments.search caps at 1,000 rows per call. Agents cannot exfiltrate the whole ledger in one prompt.
  • Redacted PII. Cardholder PAN and CVC never leave the boundary; tokenised references do.
  • Killswitch. Revoke a key from the dashboard and every active session drops on the next call.

Examples

#Agent recipes

A handful of real prompts that pay back the install effort on day one. Drop them into your agent's system prompt or trigger them by name through the prompt registry.

  • "Find every EUR payment from yesterday with status=failed, group by issuing BIN, and tell me which BINs cascaded but still declined."

    payments.search + routing.explain. Returns a ranked list of issuers with their cascade-recovery rate.

  • "Approval on DE Visa is down 3pp this week vs last. Why?"

    approval.metrics with a weekly window and the diagnose_approval_drop prompt. Returns a narrated diagnosis.

  • "Draft a refund for order A-9421 — customer says the second charge was a mistake."

    payments.search on metadata.order_id + refunds.draft. Returns a proposal and a dashboard URL for sign-off.

  • "Match yesterday's settlement batch to orders and flag anything that doesn't line up."

    reports.download + the reconcile_settlement prompt. Returns a structured variance table.

Help

#Troubleshooting

Does the agent have write access by default?

No. Out of the box the MCP server runs read-only. The draft tools (refunds.draft, captures.draft) stage proposals; a human approves them from the dashboard before anything executes.

Where does the agent send my data?

Nowhere on its own. The MCP server is a local process (or a private remote endpoint you control). Whatever the agent forwards to its model provider is governed by your model contract — not by us.

Can we restrict which tools an agent sees?

Yes. The MCP key supports scopes: read, draft, write. Issue a read-only key for an analyst agent and reserve draft for an ops-on-call agent.

Does the server work over stdio, SSE, or both?

Both. The local NPM package speaks stdio for Claude Desktop / Cursor / Windsurf, and the hosted endpoint at mcp.topropay.com speaks SSE for remote agents.

How do we audit what an agent did?

Every MCP call is logged with the connected client name, the tool, the arguments, the operator who approved any write, and a SHA-256 of the response payload. Exports are available from the dashboard.

Ready to wire it up

Plug your agent into live payments.

Request a sandbox MCP key. We send a config file and a five-minute walkthrough for the client you use.