Skip to main content
The Crevio MCP server lets AI agents — like Claude, Cursor, or custom LLM workflows — manage your store through natural language. It exposes two tools that accept Ruby code: one to discover available API endpoints, and one to execute them. Two tools, full API coverage, minimal context usage.

What is MCP?

Model Context Protocol (MCP) is an open standard that gives AI assistants a way to connect to external tools and data sources. Instead of manually writing API calls, an AI agent discovers and invokes your Crevio API through MCP — using natural language.

How it works

Traditional MCP servers expose one tool per API endpoint. This works for small APIs, but quickly becomes impractical — each tool definition consumes tokens in the AI model’s context window. At 67 operations across 44 API paths and ~427 tokens per tool, that’s over 28,000 tokens burned before the agent does anything useful. Crevio uses Code Mode — inspired by Cloudflare’s approach — with just two tools:
  1. code_search — The agent writes Ruby code to filter and explore the API catalog
  2. code_execute — The agent writes Ruby code to call endpoints, chain requests, and transform results
The key insight: LLMs write code better than they navigate large JSON schemas. Give them a programming environment and they figure it out. The agent never sees the full API spec. It discovers only what it needs, keeps context lean, and gets the same responses as the REST API. Multi-step workflows that would require 10+ tool calls collapse into a single code execution.

Base URL

https://mcp.crevio.co/mcp
The server uses Streamable HTTP transport — a single POST endpoint that accepts JSON-RPC requests and returns JSON-RPC responses.

Authentication

All MCP requests require a Bearer token in the Authorization header. Use the same API tokens from your Developer settings. 
curl -X POST https://mcp.crevio.co/mcp \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
MCP tokens have the same permissions as API tokens. Only share them with trusted AI tools and agents.

The two tools

code_search — Discover API endpoints

A read-only, idempotent tool for exploring the Crevio API. Write Ruby code to filter and search the API catalog. A tools method is available that returns all 67 operations (across 44 API paths) as an array of hashes. Each entry has keys: :method, :path, :summary, :description, :tags, :parameters, and :request_body. 
{
  "name": "code_search",
  "arguments": {
    "code": "tools.select { |t| t[:path].include?(\"products\") }.map { |t| \"#{t[:method]} #{t[:path]} — #{t[:summary]}\" }"
  }
}
Returns: 
{
  "result": [
    "GET /products — List products",
    "POST /products — Create product",
    "GET /products/{id} — Get product details",
    "PATCH /products/{id} — Update product",
    "DELETE /products/{id} — Delete product"
  ]
}
More search examples: 
# List all available resource groups (tags)
tools.map { |t| t[:tags] }.flatten.compact.uniq.sort

# Find endpoints that accept a specific parameter
tools.select { |t| t[:parameters]&.any? { |p| p["name"] == "status" } }

# Count endpoints per tag
tools.group_by { |t| t[:tags]&.first }.transform_values(&:size)

# Get full details for a specific endpoint
tools.find { |t| t[:method] == "POST" && t[:path] == "/products" }

code_execute — Run API operations

Executes Ruby code against the live Crevio API in a sandboxed environment. Available methods:
  • get(path, **params) — GET request
  • post(path, **params) — POST request
  • patch(path, **params) — PATCH request
  • delete(path, **params) — DELETE request
Paths are automatically prefixed with /v1. Parameters are sent as query params for GET/DELETE and as a JSON body for POST/PATCH. 
{
  "name": "code_execute",
  "arguments": {
    "code": "get(\"/products\")"
  }
}
The power of code mode is chaining multiple calls in a single execution: 
# List products and get their names
products = get("/products")
products["data"].map { |p| p["name"] }

# Create a product with a price variant
product = post("/products", name: "My Course", slug: "my-course", status: "draft")
post("/price_variants",
  product_id: product["id"],
  name: "Standard",
  amount_type: "fixed",
  amount: 4900,
  currency: "usd",
  billing_type: "one_time"
)

# Cross-resource aggregation — 3 API calls, one round-trip
account = get("/account")
customers = get("/customers")
products = get("/products")
{
  account_name: account["name"],
  total_customers: customers["data"].size,
  total_products: products["data"].size,
  product_names: products["data"].map { |p| p["name"] }
}

# Batch update — update all active products in one shot
products = get("/products")["data"]
updated = products.select { |p| p["status"] == "active" }.map do |p|
  patch("/products/#{p['id']}", status: "archived")
  p["name"]
end
{ updated_count: updated.size, names: updated }
The code_execute tool dispatches requests through the same API controllers as api.crevio.co — all authorization, validation, and rate limiting apply. Responses match the REST API format exactly.

Connecting to Claude Desktop

Add this to your Claude Desktop configuration file (claude_desktop_config.json): 
{
  "mcpServers": {
    "crevio": {
      "url": "https://mcp.crevio.co/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_TOKEN"
      }
    }
  }
}
After restarting Claude Desktop, you can ask Claude to manage your store in plain English:
“List all my products and their prices” “Create a 20% discount code called SUMMER20 that expires next month” “Who are my top 5 customers by order count?”

Connecting to Cursor

In Cursor, go to Settings > MCP Servers and add a new server:
  • Name: Crevio
  • Type: Streamable HTTP
  • URL: https://mcp.crevio.co/mcp
  • Headers: Authorization: Bearer YOUR_API_TOKEN

Other MCP clients

Any MCP-compatible client that supports Streamable HTTP transport can connect. The server implements the standard MCP specification with JSON-RPC over HTTP.

Example: How an agent handles a request

When you ask “Create a buy-one-get-one discount for my course”, here’s what happens under the hood:
1

Discover relevant endpoints

The agent calls code_search with Ruby code to find discount and product endpoints:
tools.select { |t| t[:tags]&.include?("Discounts") || t[:tags]&.include?("Products") }
     .map { |t| { method: t[:method], path: t[:path], summary: t[:summary] } }
2

Find the product and create the discount

The agent calls code_execute to chain everything together in one shot:
products = get("/products")
course = products["data"].find { |p| p["name"].downcase.include?("course") }

discount = post("/discounts",
  code: "BOGO",
  discount_type: "percent_off",
  percent_off: 100,
  duration: "once",
  applies_to_product_ids: [course["id"]]
)

{ product: course["name"], discount_code: discount["code"] }
3

Confirm the result

The agent formats the response and tells you the discount was created with code BOGO.
The whole interaction uses just 2 tool calls — one search, one execution — regardless of how many API endpoints Crevio has.

What’s available

Everything accessible through the REST API is available via MCP:
CategoryOperations
AccountRetrieve account details
ProductsCreate, update, delete, list, retrieve
Price variantsCreate, update, list, retrieve
OrdersList, retrieve
Order itemsRetrieve
RefundsCreate, list, retrieve
CustomersList, create, update, retrieve
SubscriptionsList, retrieve, cancel, pause, resume
CheckoutsCreate, retrieve, update
CartsCreate, retrieve, update, delete
DiscountsCreate, update, delete, list, retrieve
Checkout linksCreate, update, delete, list, retrieve
ExperiencesList, retrieve
Blog postsList, retrieve
InvoicesCreate, list, retrieve, void, pay
ReviewsList, retrieve
FilesCreate, list, retrieve, delete, confirm upload
EmailsSend
Webhook endpointsCreate, update, delete, list, retrieve, test
Webhook eventsList, retrieve
x402Get and update configuration

Security

The code execution environment runs in a sandboxed BasicObject clean room — the agent cannot access the filesystem, network, environment variables, or Ruby’s standard library. Only safe operations (arrays, hashes, strings, iteration) and the API dispatch methods are available. A 5-second timeout prevents runaway executions. All operations run within your account’s tenant boundary — the same multi-tenant isolation as the REST API. The MCP server dispatches requests through the same API controllers as api.crevio.co. No special code paths — the agent gets the same behavior, validation, and error messages as direct API calls.