Skip to main content
Glama
Sign In

Schwab MCP Server

by sudowealth
GitHub
TypeScript
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Schwab MCP Server

A Model Context Protocol (MCP) server that enables AI assistants like Claude to securely interact with Charles Schwab accounts and market data through the official Schwab API.

What You Can Do

Ask Claude to:

  • "Show me my Schwab account balances and positions"
  • "Get real-time quotes for AAPL, GOOGL, and MSFT"
  • "What are today's market movers in the $SPX?"
  • "Show me the options chain for TSLA with Greeks"
  • "Get my transactions from the last 30 days"
  • "Search for ETFs related to technology"
  • "Check if the markets are open"

Unofficial MCP Server

This is an unofficial, community-developed TypeScript MCP server for Charles Schwab. It has not been approved, endorsed, or certified by Charles Schwab. It is provided as-is, and its functionality may be incomplete or unstable. Use at your own risk, especially when dealing with financial data or transactions.

Overview

This MCP server acts as a bridge between AI assistants and the Schwab API, providing:

  • Secure OAuth Authentication: Implements Schwab's OAuth 2.0 flow with PKCE for secure authentication
  • Comprehensive Trading Tools: Access to accounts, orders, quotes, and transactions
  • Market Data Tools: Real-time quotes, price history, market hours, movers, and options chains
  • Account Privacy: Built-in account identifier scrubbing to protect sensitive information
  • Enterprise-Ready: Deployed on Cloudflare Workers with Durable Objects for state management

Features

Trading Tools

  • Account Management
    • getAccounts: Retrieve all account information with positions and balances
    • getAccountNumbers: Get list of account identifiers
  • Order Management
    • getOrder: Get order by ID
    • getOrders: Fetch orders with filtering by status, time range, and symbol
    • getOrdersByAccountNumber: Get orders by account number
    • cancelOrder: Cancel an order (Experimental)
    • placeOrder: Place an order (Experimental)
    • replaceOrder: Replace an order (Experimental)
  • Market Quotes
    • getQuotes: Get real-time quotes for multiple symbols
    • getQuoteBySymbolId: Get detailed quote for a single symbol
  • Transaction History
    • getTransactions: Retrieve transaction history across all accounts with date filtering
  • User Preferences
    • getUserPreference: Retrieve user trading preferences and settings

Market Data Tools

  • Instrument Search
    • searchInstruments: Search for securities by symbol with fundamental/reference data
  • Price History
    • getPriceHistory: Get historical price data with customizable periods and frequencies
  • Market Hours
    • getMarketHours: Check market operating hours by date
    • getMarketHoursByMarketId: Get specific market information
  • Market Movers
    • getMovers: Find top market movers by index ($SPX, $COMPX, $DJI)
  • Options Chains
    • getOptionChain: Retrieve full options chain data with Greeks
    • getOptionExpirationChain: Get option expiration dates

Prerequisites

  1. Schwab Developer Account: Register at Schwab Developer Portal
  2. Cloudflare Account: For deployment (Workers paid plan required for Durable Objects)
  3. Node.js: Version 22.x or higher
  4. Wrangler CLI: Installed via npm (included in dev dependencies)

Getting Started

Quick Setup

git clone <repository-url> cd schwab-mcp npm install # Authenticate with Cloudflare (first time only) npx wrangler login # Create KV namespace for OAuth token storage npx wrangler kv:namespace create "OAUTH_KV" # Note the ID from the output - you'll need it for configuration # Set up your personal configuration cp wrangler.example.jsonc wrangler.jsonc # Edit wrangler.jsonc to: # 1. Replace YOUR_KV_NAMESPACE_ID_HERE with the ID from above # 2. Change the name to something unique (e.g., "schwab-mcp-yourname") # Set your secrets npx wrangler secret put SCHWAB_CLIENT_ID # Your Schwab App Key npx wrangler secret put SCHWAB_CLIENT_SECRET # Your Schwab App Secret npx wrangler secret put SCHWAB_REDIRECT_URI # https://your-worker-name.workers.dev/callback npx wrangler secret put COOKIE_ENCRYPTION_KEY # Generate with: openssl rand -hex 32 # Deploy npm run deploy

Configuration Notes

  • wrangler.example.jsonc - Template configuration (committed)
  • wrangler.jsonc - Your personal config (git-ignored, created from template)
  • .dev.vars - Local development secrets (git-ignored, optional)

Since wrangler.jsonc is git-ignored, you can safely develop and test with your personal configuration without exposing secrets.

Detailed Configuration

1. Create a Schwab App
  1. Log in to the Schwab Developer Portal
  2. Create a new app with:
    • App Name: Your MCP server name
    • Callback URL: https://schwab-mcp.<your-subdomain>.workers.dev/callback
    • App Type: Personal or third-party based on your use case
  3. Note your App Key (Client ID) and generate an App Secret
2. Set Environment Variables

The same secrets from Quick Setup need to be set (see above).

GitHub Actions Deployment

For automated deployments, add these GitHub repository secrets:

  1. CLOUDFLARE_API_TOKEN: Your Cloudflare API token
  2. OAUTH_KV_ID: Your KV namespace ID

The workflow handles validation and deployment when pushing to main. Cloudflare secrets must still be set via wrangler secret.

Testing with Inspector

Test your deployment using the MCP Inspector:

npx @modelcontextprotocol/inspector@latest

Enter https://schwab-mcp.<your-subdomain>.workers.dev/sse and connect. You'll be prompted to authenticate with Schwab.

Usage

Claude Desktop Configuration

1. Use Claude Integrations

  1. Go to the Claude Desktop settings
  2. Click on the "Integrations" tab
  3. Click on the "Add Custom Integration" button
  4. Enter the integration name "Schwab"
  5. Enter the MCP Server URL: https://schwab-mcp.<your-subdomain>.workers.dev/sse
  6. Click on the "Add" button
  7. Click "Connect" and the Schwab Authentication flow will start.

2. Add the MCP Server to your Claude Desktop configuration

Add the following to your Claude Desktop configuration file:

{ "mcpServers": { "schwab": { "command": "npx", "args": [ "mcp-remote", "https://schwab-mcp.<your-subdomain>.workers.dev/sse" ] } } }

Restart Claude Desktop. When you first use a Schwab tool, a browser window will open for authentication.

Example Commands

Once connected, you can ask Claude to:

  • "Show me my Schwab account balances"
  • "Get a quote for AAPL"
  • "What are today's market movers in the $SPX?"
  • "Show me the options chain for TSLA"
  • "Get my recent transactions from the last week"

Local Development

For local development, create a .dev.vars file (automatically ignored by git):

SCHWAB_CLIENT_ID=your_development_app_key SCHWAB_CLIENT_SECRET=your_development_app_secret SCHWAB_REDIRECT_URI=http://localhost:8788/callback COOKIE_ENCRYPTION_KEY=your_random_key_here LOG_LEVEL=DEBUG # Optional: Enable debug logging

Run locally:

npm run dev # Server will be available at http://localhost:8788

Connect to http://localhost:8788/sse using the MCP Inspector for testing.

Architecture

Technology Stack

  • Runtime: Cloudflare Workers with Durable Objects
  • Authentication: OAuth 2.0 with PKCE via @cloudflare/workers-oauth-provider
  • API Client: @sudowealth/schwab-api for type-safe Schwab API access
  • MCP Framework: @modelcontextprotocol/sdk with workers-mcp adapter
  • State Management: KV storage for tokens, Durable Objects for session state

Security Features

  1. OAuth 2.0 with PKCE: Secure authentication flow preventing authorization code interception
  2. Enhanced Token Management:
    • Centralized KV token store with automatic migration
    • Automatic token refresh (5 minutes before expiration)
    • 31-day token persistence with TTL
  3. Account Scrubbing: Sensitive account identifiers are automatically replaced with display names
  4. State Security: HMAC-SHA256 signatures for state parameter integrity
  5. Cookie Encryption: Client approval state encrypted with AES-256
  6. Secret Redaction: Automatic masking of sensitive data in logs

Development

Available Scripts

npm run dev # Start development server on port 8788 npm run deploy # Deploy to Cloudflare Workers npm run typecheck # Run TypeScript type checking npm run lint # Run ESLint with automatic fixes npm run format # Format code with Prettier npm run validate # Run typecheck and lint together

Debugging

The server includes comprehensive logging with configurable levels:

  • Development: Terminal output with colored logs
  • Production: Cloudflare dashboard → Workers → Logs
  • Log Levels: DEBUG, INFO, WARN, ERROR (set via LOG_LEVEL env var)

Enable debug logging to see detailed OAuth flow and API interactions:

# For local development echo "LOG_LEVEL=DEBUG" >> .dev.vars # For production npx wrangler secret put LOG_LEVEL --secret="DEBUG"

Error Handling

The server implements robust error handling with specific error types:

  • Authentication Errors (401): Prompt for re-authentication
  • Client Errors (400): Invalid parameters, missing data
  • Server Errors (500): API failures, configuration issues
  • Network Errors (503): Automatic retry with backoff
  • All errors include request IDs for Schwab API troubleshooting

Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

MIT

Troubleshooting

Common Issues

  1. "KV namespace not found" error
    • Ensure you created the KV namespace and updated wrangler.jsonc
    • Run npx wrangler kv:namespace list to verify
  2. Authentication failures
    • Verify your redirect URI matches exactly in Schwab app settings
    • Check that all secrets are set correctly with npx wrangler secret list
    • Enable debug logging to see detailed OAuth flow
  3. "Durable Objects not available" error
    • Ensure you have a paid Cloudflare Workers plan
    • Durable Objects are not available on the free tier
  4. Token refresh issues
    • The server automatically refreshes tokens 5 minutes before expiration
    • Tokens are migrated from clientId to schwabUserId keys automatically
    • Check KV namespace for stored tokens: npx wrangler kv:key list --namespace-id=<your-id>

Recent Updates

  • Enhanced Token Management: Centralized KV token store prevents token divergence
  • Improved Security: HMAC-SHA256 state validation and automatic secret redaction
  • Better Error Handling: Structured error types with Schwab API error mapping
  • Configurable Logging: Debug mode for troubleshooting OAuth and API issues

Acknowledgments

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

A Model Context Protocol server that enables AI assistants like Claude to securely interact with Charles Schwab accounts and market data through the official Schwab API.

  1. What You Can Do
    1. Unofficial MCP Server
      1. Overview
        1. Features
          1. Trading Tools
          2. Market Data Tools
        2. Prerequisites
          1. Getting Started
            1. Quick Setup
            2. Configuration Notes
            3. Detailed Configuration
            4. GitHub Actions Deployment
            5. Testing with Inspector
          2. Usage
            1. Claude Desktop Configuration
            2. Use Claude Integrations
            3. Add the MCP Server to your Claude Desktop configuration
            4. Example Commands
            5. Local Development
          3. Architecture
            1. Technology Stack
            2. Security Features
          4. Development
            1. Available Scripts
            2. Debugging
            3. Error Handling
          5. Contributing
            1. License
              1. Troubleshooting
                1. Common Issues
              2. Recent Updates
                1. Acknowledgments

                  Related MCP Servers

                  • MTS MCP Server

                    CalvinMagezi
                    -
                    security
                    F
                    license
                    -
                    quality
                    A comprehensive suite of Model Context Protocol servers designed to extend AI agent Claude's capabilities with integrations for knowledge management, reasoning, advanced search, news access, and workspace tools.
                    Last updated -
                    5
                    TypeScript
                    • Apple

                  • API Tester MCP Server

                    Vikrant-Khedkar
                    -
                    security
                    F
                    license
                    -
                    quality
                    A Model Context Protocol server that allows Claude to make API requests on your behalf, providing tools for testing various APIs including HTTP requests and OpenAI integrations without sharing your API keys in the chat.
                    Last updated -
                    Python
                    • Linux
                    • Apple

                  • Hass-MCP

                    voska
                    -
                    security
                    A
                    license
                    -
                    quality
                    A Model Context Protocol server that enables AI assistants like Claude to interact directly with Home Assistant, allowing them to query device states, control smart home entities, and perform automation tasks.
                    Last updated -
                    15
                    Python
                    MIT License
                    • Apple
                    • Linux

                  • Schwab Model Context Protocol Server

                    jkoelker
                    -
                    security
                    A
                    license
                    -
                    quality
                    A server that implements the Model Context Protocol for Schwab API, allowing access to account information, positions, stock quotes, and order/transaction history designed for integration with Large Language Models.
                    Last updated -
                    2
                    Python
                    MIT License

                  View all related MCP servers

                  New MCP Servers

                  MCP directory API

                  We provide all the information about MCP servers via our MCP API.

                  curl -X GET 'https://glama.ai/api/mcp/v1/servers/sudowealth/schwab-mcp'

                  If you have feedback or need assistance with the MCP directory API, please join our Discord server