Setup
Four steps: install, configure, connect. About 10 minutes start to finish.
Ask your developer to run:
composer require magebitcom/magento2-mcp-module
bin/magento module:enable Magebit_Mcp
bin/magento setup:upgrade
bin/magento cache:flushThen install only the tool packs you need. See Home for the full list:
composer require magebitcom/magento2-mcp-order-tools
composer require magebitcom/magento2-mcp-catalog-tools
composer require magebitcom/magento2-mcp-customer-tools
composer require magebitcom/magento2-mcp-cms-tools
composer require magebitcom/magento2-mcp-marketing-tools
composer require magebitcom/magento2-mcp-report-toolsAfter each one, your developer runs bin/magento setup:upgrade again.
Open Stores → Configuration → Magebit → MCP Server. Defaults are safe — you only need to touch a handful of fields.
- Enable MCP Server — leave Yes. Use this as a kill-switch if you ever need to pause everything.
- Server Name — rename to something recognisable, e.g. Acme Store — Production.
- Allow Write Tools — leave No for now. Flip on later, once you've tested read-only.
Fill these in if you want a prettier name/icon in the AI agent's server picker. Skip the whole section if you don't care — defaults work fine.
- Allowed Origins — defaults cover the major AI agents. Before going live, delete any lines for agents you won't use.
Default 90 days is fine. Leave alone.
- Enable Rate Limiting — switch to Yes before going live.
Leave the defaults. They're correct.
Hit Save Config.
For hosted AI agents — Claude Web, ChatGPT, agent platforms. Operators sign in to Magento and tick what they're sharing, like "Sign in with Google".
- Go to System → MCP → OAuth Clients → Add New Client.
- On the Client Info tab, fill in:
- Preset — pick Claude Web to autofill Name and Redirect URIs. Pick Custom for anything else and fill the fields manually.
- Name — e.g. Claude Web. Shown on the consent screen.
-
Redirect URIs — one URI per line. Must match exactly what the AI agent uses — no trailing slash. Examples:
-
Claude Web:
https://claude.ai/api/mcp/auth_callback(provided by the Claude Web preset). -
ChatGPT: ChatGPT generates a per-app callback URL like
https://chatgpt.com/connector/oauth/<random-id>. Open the New App dialog in ChatGPT first, expand Advanced OAuth settings, copy the Callback URL value shown there, and paste it here. There is no static ChatGPT preset because the URL is unique per app.
-
Claude Web:
- Open the Allowed Tools tab. Tick the tools this client is allowed to invoke (or click Allow All for the full set). Nothing is ticked by default. Selecting any write tool here implicitly enables
mcp:writefor this client at runtime; selecting only read tools keeps it onmcp:read. The token-issuing admin's own role still constrains what they can actually approve at consent time. - Click Save Client. The next screen shows the Client ID and Client Secret — copy both into the AI agent's settings. The secret is shown only once; if you lose it, delete the client and create a new one.
That's it. Anyone with a Magento admin login can now click Connect in the AI agent, sign in, and tick which scopes they're granting. Each session shows up in System → MCP → Connections — revoke from there.
For Cursor, Claude Code, or custom scripts — anything that can't use OAuth.
- Go to System → MCP → Connections → New Connection.
- On the Token Info tab, fill in:
- Admin User (required) — the token inherits this user's permissions. Best practice: a dedicated admin user with a tight role.
- Name (required) — your label, e.g. Cursor — laptop.
- Expires At (UTC) — optional. Leave blank for a non-expiring token.
- Allow Write Tools — set to Yes to let the AI change data; leave No for read-only.
- Click Save. The next screen shows the token once — copy it now.
- In the AI client, paste:
| Setting | Value |
|---|---|
| Server URL | https://<your-store>/mcp |
| Authorization header | Bearer <token> |
Manage and revoke tokens from System → MCP → Connections at any time.