# Store config MCP

URL: https://smartcut.dev/docs/ecommerce-mcp

> Configure your SmartCut hosted storefront — materials, stock, pricing, extras and formulas — from your own LLM client over the Model Context Protocol, authenticated with your API key.

If you run a [hosted SmartCut store](/docs/ecommerce), you can configure it from your own LLM client — Claude Desktop, Claude.ai, Cursor or a custom agent — over the [Model Context Protocol](https://modelcontextprotocol.io). "Add an 18mm oak product line", "raise banding prices 10%", "list my out-of-stock sheets" become things you can just ask for.

It exposes the same store-configuration operations as the admin UI — materials, stock, settings, pricing, extras and formula validation — and writes through the **same validated path**, so nothing the MCP does can put your store into a state the admin couldn't.

## Endpoint

```text
POST https://api.smartcut.dev/ecommerce/mcp
```

A hosted, remote MCP server over **Streamable HTTP** — nothing to install. Each request is scoped to **your store only**: your organisation is resolved from your API key, so a tool can never read or change another store's data.

## Credentials

You authenticate with your **existing SmartCut API key** — there is no separate MCP token.

1. Sign in at [smartcut.dev/account](https://smartcut.dev/account). You need an active **e-commerce subscription** with **API access**.
2. Copy your **API key** from the account page.
3. Give it to your MCP client as an `Authorization` header (see below). The value is the **raw key — no `Bearer ` prefix**.

:::caution
Your API key is a secret and can change your live store. Keep it in an environment variable, not inline in a config file, and never commit it.
:::

## Connect a client

Most clients connect through the [`mcp-remote`](https://www.npmjs.com/package/mcp-remote) bridge. Add the store server to your client's MCP config (e.g. Claude Desktop's `claude_desktop_config.json`):

```json
{
  "mcpServers": {
    "smartcut-store": {
      "command": "npx",
      "args": [
        "-y", "mcp-remote",
        "https://api.smartcut.dev/ecommerce/mcp",
        "--header", "Authorization:${SMARTCUT_API_KEY}"
      ],
      "env": {
        "SMARTCUT_API_KEY": "your-api-key"
      }
    }
  }
}
```

Passing the key via `env` keeps it out of the args list and avoids clients that strip spaces from arguments — note there is no space after `Authorization:`.

If your client supports remote/HTTP MCP servers **natively** (a URL plus custom headers), use:

- **URL**: `https://api.smartcut.dev/ecommerce/mcp`
- **Header**: `Authorization: <your-api-key>`

## Tools

| Tool group | Does |
|---|---|
| `ecommerce_materials_list` / `_get` / `_create` / `_update` / `_delete` | Manage materials (product lines). |
| `ecommerce_stock_list` / `_get` / `_create` / `_update` / `_delete` | Manage stock (the cuttable sheets / lengths). |
| `ecommerce_settings_get` / `_update` | Operational store settings. |
| `ecommerce_pricing_get` / `_update` | Global pricing configuration. |
| `ecommerce_extras_list` / `_get` / `_create` / `_update` / `_delete` / `_delete_all` / `_reorder` | Manage extras — banding, finish, planing, machining, add-ons. |
| `ecommerce_formula_validate` | Dry-run an extras or shipping pricing formula before saving it. |

### Safety

- **Destructive and bulk tools** (`*_delete`, `*_delete_all`, bulk creates) require an explicit `confirm: true` and echo what will change before acting — so the model can't delete a product line on a misread.
- **Settings are operational only.** The MCP will not touch payment credentials, custom-domain verification, or publish state — those stay in the admin UI by design.

## See also

- [Hosted store](/docs/ecommerce) — the storefront, analytics, webhooks and order APIs.
- [MCP server](/docs/mcp) — the optimisation counterpart, for running cutting calculations.