Skip to main content
The Model Context Protocol (MCP) is the standard by which AI agents (Claude and others) connect to external tools and data. Vellaro exposes two MCP servers, so an agent can both shop on the store and manage the store — using the same API and the same security rules as the rest of the platform.

Storefront MCP

Conversational commerce: search products, manage the cart, start checkout, track orders. Auth with a publishable key.

Admin MCP

Management via natural language: catalog, prices, stock, orders. Auth with a staff token + permissions, with confirmations on sensitive actions.

Storefront MCP

Designed for public clients/agents that buy on the user’s behalf. Main tools: Auth: the store’s publishable key (cx_pk_live_...) — it identifies the store and cannot touch the admin.

Admin MCP

Designed for operators/integrations: “raise electronics prices by 5% and deactivate the out-of-stock items”. Main tools: Security — inherits the Admin API model:
  • Auth with a staff token + granular permissions; every action is scoped to its store.
  • Mutations require explicit confirmation and are audit-logged.
  • The staff token must never go into a public client.

How to connect

An MCP client (e.g. Claude Desktop) is configured with the server endpoint and credentials:
With the claude.ai custom connector (which supports OAuth only, not custom headers), pass the publishable key in the URL for the storefront — leave the OAuth fields empty:
The MCP servers are a thin layer over the same REST API documented here: anything a tool does, you can also do via HTTP. The API Reference remains the source of truth. Auth details and caveats in MCP Servers.