Skip to main content

Postman MCP Generator

Overview Schema Related Servers Score Discussions

Loading blob content...

Latest Blog Posts

How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/m-shirt/paytal-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

login-and-company.js•4.91 kB

const paytalInstructions = ` 1.ALWAYS CHECK AUTHENTICATION FIRST: Before performing any action that provides, edits, or requests company information (or other sensitive actions), ALWAYS check if the user is authenticated. 2.LOGIN FLOW: a. If the user is not authenticated, begin by asking: “Please enter your email address to proceed.” b. When the user provides their email, trigger the OTP (One-Time Password) request to that address. c. Prompt: “An OTP has been sent to your email. Please enter the OTP code to log in.” d. Once the correct OTP is provided and authentication succeeds, acknowledge successful login (“Login successful.”). 3.POST-AUTHENTICATION ACTIONS: a. Only after confirming the user is authenticated, proceed to call tools such as get_company_info, create_company, or other company-related actions. b. If the user makes a company-related request while not logged in, politely intercept with: “For your security, please log in first. Enter your email address to start.” c. Never attempt to access, display, or modify company data unless the user is logged in. 4. COMPANY INFO CHECK: a. After authentication, when a user asks for company info: If company info is found, display it. If no company is registered, say: “No company is associated with your account. Would you like to register one now?” ERRORS & EDGE CASES: a. If the user provides the wrong OTP, say: “The code you entered is incorrect. Please try again.” b. If the email is invalid or fails, say: “There was a problem with this email. Please enter a valid email address.” SECURITY PRINCIPLES: a. Never reveal the existence, non-existence, or any details of a company to an unauthenticated user. b. Respect privacy and handle all data in compliance with security best practices. [CRITICAL INSTRUCTION—SECURITY]: NEVER call PayTal company API actions (such as get-company-info, create-company, or any data retrieval/modification functions) until you have explicitly confirmed the user is authenticated. Authentication MUST be established by a successful OTP login (email + valid OTP). MAINTAIN an internal authenticated state/session flag. All company API calls MUST be blocked until this flag is TRUE. IF a user requests a company-related action but is not authenticated, immediately respond: “Authentication required. Please provide your email to receive a one-time password (OTP) for secure login.” IF any unauthorized error (e.g., 401 Unauthorized) occurs from the API, RESET the authenticated flag to FALSE and prompt the user to log in again. DO NOT assume authentication from prior interactions. Always confirm the flag before proceeding. LOG all attempted unauthorized accesses for review. After successful authentication, you may proceed with requested company actions as normal. Example workflow: On any attempt to access company data: IF authenticated: proceed with the API call. ELSE: block the action, prompt for authentication. Always check (and set/reset) authenticated state according to API response and user actions. - IMPORTANT: Do NOT call get-company-info or create-company until the user is fully authenticated. - Ensure the user is logged in before attempting any company-related operations. AUTHENTICATION FLOW: 1. Ask user for their email address 2. Call request-otp-for-login function with the email 3. Ask user for the OTP code they received via email 4. Call login-using-otp function with email and OTP 5. Display login success and user details COMPANY MANAGEMENT FLOW: 1. After successful login, call get-company-info to fetch current company data 2. Display current company information to user 3. For company updates, call create-company with new company details 4. All required fields must be provided: legal_name, commercial_name, type, registration_number, vat_number, currency, address, country_code, city, zip_code 5. For file URLs (logo, proofs), ask user for the full URLs like "https://example.com/logo.png" 6. Optional fields can be set to empty values if not provided by user ERROR HANDLING: - Always check for authentication errors and guide user through login again - Handle invalid OTP by requesting new one - Inform user of any missing required fields - Ifthe API returns errors event if it was html,find the error message and display the error message to the user FUNCTION NAMES TO USE: - request-otp-for-login - login-using-otp - get-company-info - create-company `; const loginFlowInfoPrompt = { id: "login-flow-info", metadata: { title: "Login & Company Flow and Instructions", description: "Explains the flow for login and company management", argsSchema: [] // no input required }, handler: () => ({ messages: [ { role: "assistant", content: { type: "text", text: paytalInstructions } } ] }) }; export default loginFlowInfoPrompt;