Add Jortt API MCP server
Model Context Protocol server that exposes the full Jortt accounting API
as MCP tools, generated from Jortt's OpenAPI specification.
- OAuth 2.0 client-credentials auth with token caching and 401 refresh
- 82 tools covering customers, invoices, estimates, expenses, projects,
bank accounts, reports, labels, ledger accounts and payroll
- Spec fetched at build time (with a runtime fetch fallback), so new API
operations become new tools automatically with no code changes
- Path/query/body parameters handled automatically; request bodies passed
under a single `body` argument with a resolved JSON Schema
- Readable, stable snake_case tool names derived from method, path and
operation summary
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016QhaFvGz9gfRg5qDV3ragu
2026-07-11 14:09:11 +00:00
|
|
|
# Copy to .env and fill in credentials from your registered Jortt API application:
|
|
|
|
|
# https://app.jortt.nl/new_profile/api/jortt/oauth_applications/list
|
2026-07-11 19:10:55 +02:00
|
|
|
# Every secret below can alternatively be read from a file via <NAME>_FILE,
|
|
|
|
|
# e.g. JORTT_CLIENT_SECRET_FILE=/run/agenix/jortt-client-secret
|
Add Jortt API MCP server
Model Context Protocol server that exposes the full Jortt accounting API
as MCP tools, generated from Jortt's OpenAPI specification.
- OAuth 2.0 client-credentials auth with token caching and 401 refresh
- 82 tools covering customers, invoices, estimates, expenses, projects,
bank accounts, reports, labels, ledger accounts and payroll
- Spec fetched at build time (with a runtime fetch fallback), so new API
operations become new tools automatically with no code changes
- Path/query/body parameters handled automatically; request bodies passed
under a single `body` argument with a resolved JSON Schema
- Readable, stable snake_case tool names derived from method, path and
operation summary
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016QhaFvGz9gfRg5qDV3ragu
2026-07-11 14:09:11 +00:00
|
|
|
JORTT_CLIENT_ID=
|
|
|
|
|
JORTT_CLIENT_SECRET=
|
2026-07-11 19:10:55 +02:00
|
|
|
|
Add Jortt API MCP server
Model Context Protocol server that exposes the full Jortt accounting API
as MCP tools, generated from Jortt's OpenAPI specification.
- OAuth 2.0 client-credentials auth with token caching and 401 refresh
- 82 tools covering customers, invoices, estimates, expenses, projects,
bank accounts, reports, labels, ledger accounts and payroll
- Spec fetched at build time (with a runtime fetch fallback), so new API
operations become new tools automatically with no code changes
- Path/query/body parameters handled automatically; request bodies passed
under a single `body` argument with a resolved JSON Schema
- Readable, stable snake_case tool names derived from method, path and
operation summary
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016QhaFvGz9gfRg5qDV3ragu
2026-07-11 14:09:11 +00:00
|
|
|
# Optional: space-separated scopes to request (defaults to all registered scopes)
|
|
|
|
|
# JORTT_SCOPES=invoices:read customers:read reports:read
|
2026-07-11 19:10:55 +02:00
|
|
|
|
|
|
|
|
# Optional: expose only GET (list/get) tools
|
|
|
|
|
# JORTT_READ_ONLY=1
|
|
|
|
|
|
|
|
|
|
# --- HTTP transport (default is stdio) ---
|
|
|
|
|
# MCP_TRANSPORT=http
|
|
|
|
|
# MCP_HOST=127.0.0.1
|
|
|
|
|
# MCP_PORT=3910
|
|
|
|
|
|
|
|
|
|
# Authentication for incoming MCP requests: "token" or "oidc" (required for http)
|
|
|
|
|
# MCP_AUTH_MODE=token
|
|
|
|
|
# MCP_AUTH_TOKEN= # generate with: openssl rand -hex 32
|
|
|
|
|
|
|
|
|
|
# OIDC resource-server mode (auth by an external OAuth provider / proxy):
|
|
|
|
|
# MCP_AUTH_MODE=oidc
|
|
|
|
|
# MCP_OIDC_ISSUER=https://auth.example.com
|
|
|
|
|
# MCP_RESOURCE_URL=https://jortt-mcp.example.com/mcp
|
|
|
|
|
# MCP_OIDC_AUDIENCE= # defaults to MCP_RESOURCE_URL
|
|
|
|
|
# MCP_OIDC_ALLOWED_SUBJECTS=kate,kate@example.com
|
|
|
|
|
# For issuers with opaque tokens (e.g. Authelia), use RFC 7662 introspection:
|
|
|
|
|
# MCP_OIDC_INTROSPECTION_URL= # discovered from the issuer when omitted
|
|
|
|
|
# MCP_OIDC_CLIENT_ID=
|
|
|
|
|
# MCP_OIDC_CLIENT_SECRET=
|
|
|
|
|
|
|
|
|
|
# DNS-rebinding protection: exact Host / Origin header allowlists
|
|
|
|
|
# MCP_ALLOWED_HOSTS=jortt-mcp.example.com
|
|
|
|
|
# MCP_ALLOWED_ORIGINS=
|