Skip to main content
Tanqory IconTanqory Logo
Log In
Get Started
  • Home
  • Why Tanqory
  • Pricing
  • Partners
  • Themes
  • App Store
  • Academy
  • Affiliates
  • Community
  • Developers
  • Support
  • Business Tools
  • News
  • Research
  • Blog
  • Engineering
  • Legal
  • Status
  • Build & Launch
  • Sell & Get Paid
  • Market & Engage
  • Ship & Deliver
  • Operate & Control
  • Go Global
  • Platform Overview
  • Commerce Core
  • Builder
  • Creative & Brand
  • Intelligence & Automation
  • Operations
  • Integrations
  • Industries overview
  • E-commerce & Retail
  • Wholesale & B2B
  • Restaurants
  • Events & Ticketing
  • Health & Wellness
  • Services
  • About
  • Executive
  • Leadership
  • Governance
  • Brand Identity
  • Careers
  • Legal
Reference
Tanqory.com
API reference
  • Overview
  • Admin API
  • Store API
  • AI API
Get started
  • Quickstart
  • Authentication
  • Base URLs and regions
  • Pagination
  • Errors
  • Rate limits
  • Webhooks
  • Versioning
Build with
  • SDKs
  • MCP server
  • Agent runtime
Resources
  • Publication coverage
  • API license and terms↗
  • Status↗
  • Trust center↗
API reference
  • Overview
  • Admin API
  • Store API
  • AI API
Get started
  • Quickstart
  • Authentication
  • Base URLs and regions
  • Pagination
  • Errors
  • Rate limits
  • Webhooks
  • Versioning
Build with
  • SDKs
  • MCP server
  • Agent runtime
Resources
  • Publication coverage
  • API license and terms↗
  • Status↗
  • Trust center↗

MCP Server

Let Claude Code, Cursor, ChatGPT, and other AI agents call Tanqory directly.

The Tanqory MCP server is in design-partner preview. The platform behind it is in production (Admin API + AI API live), but the MCP transport layer is under active development. Contact the team for early access.

What it is

The Tanqory MCP server exposes commerce primitives as Model Context Protocol tools. Any MCP-compatible client — Claude Code, Cursor, ChatGPT desktop, your own agent — can connect and act on a Tanqory account with the same permissions a human developer would have.

Transport

We ship one transport: Streamable HTTP. Stdio is for local dev only — it cannot do multi-tenant auth, so the production server refuses it.

Authentication

OAuth 2.1 with Dynamic Client Registration (DCR). Every MCP client registers itself; tokens scope to per-tool capability and audit individually.

Initial tools

The first wave of tools maps 1:1 onto Admin and Store API endpoints:

  • create_store — provision a new store
  • create_product, update_product, delete_product
  • publish_store — flip storefront from draft to live
  • create_page, create_blog_post
  • create_discount
  • get_orders, get_customers, get_analytics

Every tool declares a side-effect flag (read / write / destructive). Destructive tools require human approval before execution.

Safety

  • Per-tool RBAC scopes mirror REST scopes
  • Every call is appended to an immutable audit log (tenant, user, agent, tool, input hash, output hash, duration, cost)
  • Prompt injection guards: input validation runs server-side, never trusts client-supplied tool calls blindly
  • Tool poisoning resistance: tool definitions are signed and version-pinned

Roadmap

  • Public registry at .well-known/mcp-server.json for discovery
  • Self-serve OAuth app marketplace
  • Per-customer tool enablement (a store admin chooses what its agents can do)
  • Home
  • Why Tanqory
  • Pricing
  • Partners
  • Themes
  • App Store