What is the MCP server

The EPD MCP server exposes the EPD Commerce API as a set of typed tools that an LLM-driven client can call. Same merchant account, same data, same auth — but instead of writing HTTP code, your agent calls a tool by name with structured arguments.

If you build internal copilots, customer-support agents, ops dashboards, or developer assistants, this is how you wire them up to commerce.

Privacy Notice for free-tier LLM users

Your conversations may be used for AI training. Most free-tier AI services retain and analyze your messages to improve their models. This means your questions, personal information, and discussions could become part of their training data.

To protect yourself:

  • Check the provider’s privacy policy and opt-out options.
  • Consider paid tiers, which typically offer better privacy protections.
  • Remember: once shared, your data may be difficult or impossible to remove from training datasets.

Endpoint

POST https://api.epd.com/mcp
Authorization: Bearer <epd_test_sk_...|epd_live_sk_...>
epd-version: 2026-02-11
PropertyValue
TransportStreamable HTTP (single POST per request)
Session modelStateless — every request is independent
AuthSame EPD API keys as the REST API
Sandbox / liveDecided by the key prefix, like everywhere else in EPD
Rate limit60 requests / minute, per key

What’s available

Tools are organized by resource:

GroupToolsExamples
Account3ping, get_account, upgrade_account_api_version
Customers5create_customer, list_customers, update_customer, delete_customer
Payment Methods3add_payment_method, list_payment_methods, delete_payment_method
Products7create_product, update_product, delete_product_image, …
Plans2list_plans, get_plan
Orders5create_order, list_orders, get_order, refund_order, retry_order
Coupons9create_coupon, validate_coupon, generate_coupon_codes, archive_coupon, …
Subscriptions5create_subscription, cancel_subscription, update_subscription, …
Transactions2list_transactions, get_transaction
Webhook Endpoints12create_webhook_endpoint, rotate_webhook_secret, replay_webhook_event, …
Webhook Versions3list_webhook_versions, preview_webhook_payload, compare_webhook_versions
Composite tools11create_customer_and_charge, refund_and_cancel, get_revenue_summary, …

Why use MCP instead of the REST API

Built-in tool annotations

Every tool declares whether it is read-only, destructive, idempotent, and external — so an agent can apply policies (e.g. “ask before destructive”).

Composite shortcuts

create_customer_and_charge does what would take three REST calls. Faster, fewer errors.

Same auth, same keys

MCP tools use the exact same API keys as REST — including restricted keys with per-resource permissions. Revoke a leaked key once and both surfaces stop.

No HTTP plumbing in the prompt

Your agent sends a tool name and JSON args. No URL, no header juggling, no retry logic in the prompt.

How calls are protected

  • Authentication — same EPD secret keys (epd_test_sk_, epd_live_sk_, restricted variants).
  • Permissions — restricted keys’ permissions apply to MCP tools the same way they apply to REST.
  • Idempotency — every write tool accepts idempotency_key as a normal parameter; same 24-hour dedupe window.
  • Rate limit — 60 requests / minute per key on the MCP endpoint.

Roadmap

We’re actively expanding the tool surface. Expect: payment-method-from-Collect.js token, more dispute and chargeback tools, multi-step plan changes with explicit proration preview.