adyen-mcp
mcp
Pass
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 20 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This is an official TypeScript-based MCP server that allows Large Language Models (LLMs) to interact directly with Adyen's payment and management APIs. It enables developers to automate payment operations, retrieve transaction statuses, and manage terminal accounts via function calling.
Security Assessment
Overall Risk: Medium. The tool itself does not execute arbitrary shell commands, contained no hardcoded secrets, and did not exhibit any dangerous code patterns during the file scan. However, the core function of this server is to make authenticated network requests to Adyen's highly sensitive financial APIs. It is capable of creating payment sessions, processing refunds, canceling authorized payments, and managing company accounts. Because an LLM will have the ability to initiate financial transactions or access payment data, the blast radius for a misconfiguration or a prompt injection attack is very high. Strict access controls and careful API permission scoping are mandatory.
Quality Assessment
Overall Quality: High. The repository is actively maintained, with very recent updates, and is backed by a reputable financial technology company (Adyen). It is licensed under the standard MIT license and has accumulated a solid baseline of community engagement. The light code audit scanned 12 files without finding any red flags or requesting dangerous local system permissions.
Verdict
Use with caution. The code itself is safe and well-maintained, but developers must implement strict guardrails to prevent unauthorized financial transactions or unintended access to sensitive payment data.
This is an official TypeScript-based MCP server that allows Large Language Models (LLMs) to interact directly with Adyen's payment and management APIs. It enables developers to automate payment operations, retrieve transaction statuses, and manage terminal accounts via function calling.
Security Assessment
Overall Risk: Medium. The tool itself does not execute arbitrary shell commands, contained no hardcoded secrets, and did not exhibit any dangerous code patterns during the file scan. However, the core function of this server is to make authenticated network requests to Adyen's highly sensitive financial APIs. It is capable of creating payment sessions, processing refunds, canceling authorized payments, and managing company accounts. Because an LLM will have the ability to initiate financial transactions or access payment data, the blast radius for a misconfiguration or a prompt injection attack is very high. Strict access controls and careful API permission scoping are mandatory.
Quality Assessment
Overall Quality: High. The repository is actively maintained, with very recent updates, and is backed by a reputable financial technology company (Adyen). It is licensed under the standard MIT license and has accumulated a solid baseline of community engagement. The light code audit scanned 12 files without finding any red flags or requesting dangerous local system permissions.
Verdict
Use with caution. The code itself is safe and well-maintained, but developers must implement strict guardrails to prevent unauthorized financial transactions or unintended access to sensitive payment data.
Typescript library for integrating Adyen APIs via an MCP server
README.md
Adyen MCP Server - Alpha
The Adyen Model Context Protocol (MCP) server allows you to integrate with Adyen APIs through LLMs function calling utilizing various clients. It currently supports the following tools. Read more on our Blog - Part 1.
- CheckoutAPI - Sessions
- Creates a /sessions payment request - POST
/sessions - Gets the result of a payment session - GET
/sessions/{sessionId} - Gets the available payment methods - POST
/paymentMethods
- Creates a /sessions payment request - POST
- CheckoutAPI - Payment Links
- Creates a payment link - POST
/paymentLinks - Gets the status of a payment link - GET
/paymentLinks/{linkId} - Updates a payment link (force expiry of the link) - PATCH
/paymentLinks/{linkId}
- Creates a payment link - POST
- Checkout API - Modifications
- Cancels an authorized payment - POST
/payments/{paymentPspReference}/cancels - Refunds a captured payment - POST
/payments/{paymentPspReference}/refunds
- Cancels an authorized payment - POST
- Management API - Accounts
- Gets a list of merchant accounts for your company account - GET
/merchants
- Gets a list of merchant accounts for your company account - GET
- Management API - Terminals
- Gets a list of terminals - GET
/terminals - Reassigns a terminal - POST
/terminals/{terminalId}/reassign - Gets a list of Android apps - GET
/companies/{companyId}/androidApps - Gets Android app details - GET
/companies/{companyId}/androidApps/{id} - Gets a list of Android certificates - GET
/companies/{companyId}/androidCertificates - Creates a terminal action - POST
/terminals/scheduleActions - Gets a list of terminal actions - GET
/companies/{companyId}/terminalActions - Gets terminal settings - GET
/companies/{companyId}/terminalSettings/ GET/merchants/{merchantId}/terminalSettings/ GET/merchants/{merchantId}/stores/{reference}/terminalSettings/ GET/terminals/{terminalId}/terminalSettings - Updates terminal settings - PATCH
/companies/{companyId}/terminalSettings/ PATCH/merchants/{merchantId}/terminalSettings/ PATCH/merchants/{merchantId}/stores/{reference}/terminalSettings/ PATCH/terminals/{terminalId}/terminalSettings
- Gets a list of terminals - GET
- Management API - Webhooks
- List all webhooks - GET
/companies/{companyId}/webhooks - List all webhooks - GET
/merchants/{merchantId}/webhooks - Get a webhook - GET
/companies/{companyId}/webhooks/{webhookId} - Get a webhook - GET
/merchants/{merchantId}/webhooks/{webhookId}
- List all webhooks - GET
Usage
- Run the MCP server via
npxwith the following command:
npx -y @adyen/mcp --adyenApiKey=YOUR_ADYEN_API_KEY --env=TEST
If you are using the LIVE environment then you must also provide your live URL prefix, for example:
npx -y @adyen/mcp --adyenApiKey=YOUR_ADYEN_API_KEY --env=LIVE --livePrefix=YOUR_PREFIX_URL
We advise to only run a subset of tools required for your particular use case:
npx -y @adyen/mcp --adyenApiKey=YOUR_ADYEN_API_KEY --env=TEST --tools=list_all_company_webhooks,list_all_merchant_webhooks
Example usage in .vscode:
{
"servers": {
"adyen-mcp-server": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@adyen/mcp", "--adyenApiKey=YOUR_ADYEN_API_KEY", "--env=TEST"],
"env": {
"ADYEN_API_KEY": "${ADYEN_API_KEY}"
}
}
}
}
Note: To run certain functionality (tools) in the mcp-server, you need a webservice user with the following roles:
- Management API - Accounts Read
- Management API - Payment methods Read
- Checkout Webservice Role
- Merchant PAL Webservice Role
- Management API - Terminals read
- Management API — Assign Terminal
- Management API — Terminal actions read
- Management API — Terminal actions read and write
- Management API — Android files read
- Management API — Terminal settings read
- Management API — Terminal settings read and write
- Management API — Webhooks read
Adyen recommends creating a new webservice user and generating a new API key for the purpose of this application.
Only use the new user’s API key for the MCP application and limit the roles to match the tools you'll be using.
License
MIT license. For more information, see the LICENSE file.
Contributing
We strongly encourage you to contribute to our repository. Find out more in our contribution guidelines. If you'd like to run this in Codespaces, follow this guide.
Support
If you have a feature request, or spotted a bug or a technical problem, create a GitHub issue. For other questions, contact: [email protected]
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found