Docs
ProductMCP

Agent actions via MCP — setup and support guide

Connect Claude, ChatGPT, or any MCP client to governed Numezis agent actions with OAuth 2.0 and Streamable HTTP.

Numezis exposes governed agent actions through a remote MCP server. Claude, ChatGPT, or any MCP-compatible client can prepare or execute business operations across accounting, sales, purchases, HR, inventory, CRM, and document workflows under Numezis permissions, approvals, and audit trail.

Overview

The MCP endpoint is available at https://www.numezis.com/mcp using Streamable HTTP and JSON-RPC 2.0. The connector lets an agent client run governed business actions while Numezis enforces permissions, approval policy, and portal scope.

Prerequisites

  • Active Numezis subscription with access to the Company or Partner portal.
  • A Claude.ai account with connector access enabled.
  • An authenticated Numezis user with permissions for the modules you want to use.
  • Company modules enabled in Numezis settings (tools are capability-gated).

Connect in Claude.ai

  1. Open Claude.ai, go to Connectors, and add a custom remote MCP server.
  2. Set the server URL to https://www.numezis.com/mcp.
  3. Choose OAuth 2.0 authentication (Dynamic Client Registration is supported).
  4. Sign in to Numezis and approve the requested scopes.
  5. After authorization, run a tools/list request to confirm module visibility.

Code examples

Use these ready-to-copy snippets to connect from Claude, ChatGPT, or a direct HTTP client.

Claude / Cowork custom connector

Name: Numezis
Server URL: https://www.numezis.com/mcp
Authentication: OAuth
OAuth registration: Dynamic Client Registration (DCR)
Default scopes:
  mcp.tools.read
  mcp.tools.execute
  mcp.tools.write
Base parameters: leave empty

# Fallback only when the client cannot use DCR:
Client ID: numezis-mcp-connect
Client secret: leave empty

ChatGPT custom MCP app

Name: Numezis
Server URL: https://www.numezis.com/mcp
Authentication: OAuth
OAuth registration: Dynamic Client Registration (DCR)
Default scopes:
  mcp.tools.read
  mcp.tools.execute
  mcp.tools.write
Base parameters: leave empty

# If DCR is unavailable, use the fallback static client:
Client ID: numezis-mcp-connect
Client secret: leave empty

HTTP JSON-RPC (service accounts)

const response = await fetch("https://www.numezis.com/mcp", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Accept": "application/json, text/event-stream",
    "Authorization": "Bearer " + process.env.NUMEZIS_SERVICE_ACCOUNT_KEY,
    "X-Portal": "company",
    "MCP-Protocol-Version": "2025-03-26",
  },
  body: JSON.stringify({
    jsonrpc: "2.0",
    id: "tools-list-1",
    method: "tools/list",
    params: {},
  }),
});

const payload = await response.json();

Available module groups

Tool availability depends on your enabled modules and user permissions. Core groups include:

  • Finance — Accounting, sales, purchases, reconciliation, VAT workflows and ledger operations.
  • People — HR workflows including employees, contracts, absences and payroll-related operations.
  • Operations — Inventory, project operations and task management capabilities.
  • Customer — CRM, contacts and collaborative comments tied to business records.
  • Documents & Data — Document intake, classification and governed data import flows.
  • Integrations — Google, Microsoft and enrichment/intelligence connectors when enabled.
  • Controls — Approvals, module configuration and core governance utilities.

Security and data handling

  • Transport uses HTTPS/TLS with OAuth Protected Resource Metadata.
  • Access is scoped server-side through AccessMode, portal context and permission checks.
  • Critical mutations can require explicit approval before execution.
  • Operational logs and audits may be retained according to platform policy; see the Privacy Policy and DPA for details.

FAQ

Is this connector read-only?

No. It supports read and write operations, with governance and approval controls for sensitive actions.

Can I use a custom MCP URL per user?

No. Numezis currently exposes one universal remote URL: https://www.numezis.com/mcp.

Which transport is supported?

Streamable HTTP is supported. Legacy SSE endpoints are deprecated.

How are permissions enforced?

Permissions are enforced on every request through user role, enabled modules and portal-scoped AccessMode checks.

Do critical actions require confirmation?

Yes. Depending on policy and tool manifest safety, destructive actions can trigger an approval step.

Where can I get support?

Contact Numezis support, and consult the Privacy Policy and DPA in the Trust section.

For onboarding help or incident support, contact Numezis support. The Privacy Policy and DPA are publicly available in the Trust section.

Where in the app

  • Company → Agent/c/companies/:companyId/agent
  • MCP endpointhttps://www.numezis.com/mcp

Step-by-step

  1. Enable Agent module and permissions. (Expected: tools visible after OAuth.) (UAT-C-AGENT-GOLDEN-001)
  2. Register https://www.numezis.com/mcp in client. (Expected: DCR or client id flow.) (UAT-C-AGENT-GOLDEN-001)
  3. Complete OAuth and run tools/list. (Expected: only entitled tools.) (UAT-C-AGENT-APPROVAL-001)
  4. Execute read tool, then mutation. (Expected: critical tools return approval token.) (UAT-C-AGENT-APPROVAL-001)
  5. Approve in UI when prompted. (Expected: mutation completes with audit.) (UAT-C-AGENT-APPROVAL-001)
  6. Review the audit trail on the record. (Expected: activity event with actor and timestamp.) (UAT-C-AGENT-APPROVAL-001)

Permissions and modules

Agent module; tool-level checks via AccessMode.