EPD MCP Server
Drive EPD Commerce from any MCP-aware AI client — Claude, Cursor, your own agent.
Coming Soon — The MCP server is in final testing and will be available to all merchants shortly. The documentation below reflects the full feature set shipping on release.
What is the MCP server
The EPD MCP server exposes the EPD Commerce API as a set of typed tools that an LLM-driven client can call. Same merchant account, same data, same auth — but instead of writing HTTP code, your agent calls a tool by name with structured arguments.
If you build internal copilots, customer-support agents, ops dashboards, or developer assistants, this is how you wire them up to commerce.
Privacy Notice for free-tier LLM users
Your conversations may be used for AI training. Most free-tier AI services retain and analyze your messages to improve their models. This means your questions, personal information, and discussions could become part of their training data.
To protect yourself:
- Check the provider’s privacy policy and opt-out options.
- Consider paid tiers, which typically offer better privacy protections.
- Remember: once shared, your data may be difficult or impossible to remove from training datasets.
Connect a client and run your first tool in under 10 minutes.
The fastest way to interact with EPD as a human asking an AI.
The official debugging tool — see every tool call and response.
HTTP-level details if you are building a custom client.
Endpoint
POST https://api.epd.com/mcp
Authorization: Bearer <epd_test_sk_...|epd_live_sk_...>
| Property | Value |
|---|---|
| Transport | Streamable HTTP (single POST per request) |
| Session model | Stateless — every request is independent |
| Auth | Same EPD API keys as the REST API |
| Sandbox / live | Decided by the key prefix, like everywhere else in EPD |
| Rate limit | 60 requests / minute, per key |
What’s available
Tools are organized by resource:
| Group | Tools | Examples |
|---|---|---|
| Account | 3 | ping, get_account, upgrade_account_api_version |
| Customers | 5 | create_customer, list_customers, update_customer, delete_customer |
| Payment Methods | 3 | add_payment_method, list_payment_methods, delete_payment_method |
| Products | 7 | create_product, update_product, delete_product_image, … |
| Plans | 2 | list_plans, get_plan |
| Orders | 4 | create_order, list_orders, refund_order, get_order |
| Coupons | 9 | create_coupon, validate_coupon, generate_coupon_codes, archive_coupon, … |
| Subscriptions | 5 | create_subscription, cancel_subscription, update_subscription, … |
| Transactions | 2 | list_transactions, get_transaction |
| Webhook Endpoints | 12 | create_webhook_endpoint, rotate_webhook_secret, replay_webhook_event, … |
| Webhook Versions | 3 | list_webhook_versions, preview_webhook_payload, compare_webhook_versions |
| Composite tools | 11 | create_customer_and_charge, refund_and_cancel, get_revenue_summary, … |
Why use MCP instead of the REST API
Every tool declares whether it is read-only, destructive, idempotent, and external — so an agent can apply policies (e.g. “ask before destructive”).
create_customer_and_charge does what would take three REST calls. Faster, fewer errors.
MCP tools use the exact same API keys as REST — including restricted keys with per-resource permissions. Revoke a leaked key once and both surfaces stop.
Your agent sends a tool name and JSON args. No URL, no header juggling, no retry logic in the prompt.
How calls are protected
- Authentication — same EPD secret keys (
epd_test_sk_,epd_live_sk_, restricted variants). - Permissions — restricted keys’ permissions apply to MCP tools the same way they apply to REST.
- Idempotency — every write tool accepts
idempotency_keyas a normal parameter; same 24-hour dedupe window. - Rate limit — 60 requests / minute per key on the MCP endpoint.
Roadmap
We’re actively expanding the tool surface. Expect: payment-method-from-Collect.js token, more dispute and chargeback tools, multi-step plan changes with explicit proration preview.