Skip to main content
The Prava MCP is a hosted Model Context Protocol server. MCP is the standard way to give an AI agent new abilities: you add a server URL to your agent, and the agent gains that server’s tools. Adding Prava’s server gives your agent the ability to pay and shop with your card, under your approval.
Works with any MCP client: Claude Code, Cursor, Poke, or your own app. Setup is one URL and one sign-in. See Connect.
This is the payments MCP. It is not the same as the docs MCP (docs.prava.space/mcp), which only lets an agent read these docs. See Use Prava Docs with AI.

What your agent can do

Full parameters and flows: Tools reference.

The credential firewall

The MCP is built so that payment credentials never reach the agent. This is stronger than the CLI path, where the agent handles a one-time token itself. Example: your agent buys you a phone case.
  1. The agent finds the case and locks a price (shop_quote): $18.50.
  2. It creates a payment session for exactly $18.50 and sends you a payment_url.
  3. You open the link and approve with your passkey (a fingerprint or face confirmation on your device). The agent only ever learns the status: get_payment_status returns completed, never the card token.
  4. The agent calls shop_checkout. Prava’s gateway pulls the one-time credentials server-side, completes the merchant checkout, and returns only the outcome: { status: "paid", order_id: … }.
At no point does the agent, the LLM, or the MCP client see a card number, token, or CVV.

Scopes

Access is scoped with OAuth. A scope is a named permission: your MCP client requests these when you connect, and you approve them once.

MCP, CLI, or SDK?

All three share the same account, cards, guardrails, and approval model. An agent connected via MCP shows up in your Prava Pay dashboard next to CLI-linked agents, and you can revoke it the same way.

Next

Connect your agent

One URL, one sign-in. Claude Code, Cursor, and generic clients.

Tools reference

Every tool, its parameters, and the buy-flow chain.