EPD MCP Server
Drive EPD Commerce from any MCP-aware AI client — Claude, Cursor, your own agent.
What is the MCP server
The EPD MCP server exposes the EPD Commerce API as a set of typed tools that an LLM-driven client can call. Same merchant account, same data, same auth — but instead of writing HTTP code, your agent calls a tool by name with structured arguments.
If you build internal copilots, customer-support agents, ops dashboards, or developer assistants, this is how you wire them up to commerce.
Privacy Notice for free-tier LLM users
Your conversations may be used for AI training. Most free-tier AI services retain and analyze your messages to improve their models. This means your questions, personal information, and discussions could become part of their training data.
To protect yourself:
- Check the provider’s privacy policy and opt-out options.
- Consider paid tiers, which typically offer better privacy protections.
- Remember: once shared, your data may be difficult or impossible to remove from training datasets.
Connect a client and run your first tool in under 10 minutes.
The fastest way to interact with EPD as a human asking an AI.
The official debugging tool — see every tool call and response.
HTTP-level details if you are building a custom client.
Endpoint
POST https://api.epd.com/mcp
Authorization: Bearer <epd_test_sk_...|epd_live_sk_...>
epd-version: 2026-02-11
| Property | Value |
|---|---|
| Transport | Streamable HTTP (single POST per request) |
| Session model | Stateless — every request is independent |
| Auth | Same EPD API keys as the REST API |
| Sandbox / live | Decided by the key prefix, like everywhere else in EPD |
| Rate limit | 60 requests / minute, per key |
What’s available
Tools are organized by resource:
| Group | Tools | Examples |
|---|---|---|
| Account | 3 | ping, get_account, upgrade_account_api_version |
| Customers | 5 | create_customer, list_customers, update_customer, delete_customer |
| Payment Methods | 3 | add_payment_method, list_payment_methods, delete_payment_method |
| Products | 7 | create_product, update_product, delete_product_image, … |
| Plans | 2 | list_plans, get_plan |
| Orders | 5 | create_order, list_orders, get_order, refund_order, retry_order |
| Coupons | 9 | create_coupon, validate_coupon, generate_coupon_codes, archive_coupon, … |
| Subscriptions | 5 | create_subscription, cancel_subscription, update_subscription, … |
| Transactions | 2 | list_transactions, get_transaction |
| Webhook Endpoints | 12 | create_webhook_endpoint, rotate_webhook_secret, replay_webhook_event, … |
| Webhook Versions | 3 | list_webhook_versions, preview_webhook_payload, compare_webhook_versions |
| Composite tools | 11 | create_customer_and_charge, refund_and_cancel, get_revenue_summary, … |
Why use MCP instead of the REST API
Every tool declares whether it is read-only, destructive, idempotent, and external — so an agent can apply policies (e.g. “ask before destructive”).
create_customer_and_charge does what would take three REST calls. Faster, fewer errors.
MCP tools use the exact same API keys as REST — including restricted keys with per-resource permissions. Revoke a leaked key once and both surfaces stop.
Your agent sends a tool name and JSON args. No URL, no header juggling, no retry logic in the prompt.
How calls are protected
- Authentication — same EPD secret keys (
epd_test_sk_,epd_live_sk_, restricted variants). - Permissions — restricted keys’ permissions apply to MCP tools the same way they apply to REST.
- Idempotency — every write tool accepts
idempotency_keyas a normal parameter; same 24-hour dedupe window. - Rate limit — 60 requests / minute per key on the MCP endpoint.
Roadmap
We’re actively expanding the tool surface. Expect: payment-method-from-Collect.js token, more dispute and chargeback tools, multi-step plan changes with explicit proration preview.