tossinvest-openapi-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@tossinvest-openapi-mcpwhat are my current holdings?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
tossinvest-openapi-mcp
Safe-by-default local stdio MCP server for the official Toss Securities / 토스증권 Open API.
This package is an independent developer tool and is not affiliated with, endorsed by, or sponsored by Toss Securities.
This package is designed for developers who want read-only account, market, and order data in an MCP client, with optional order operations protected by multiple explicit safety gates.
Safety defaults
Uses only the official Toss Open API server:
https://openapi.tossinvest.comStarts without credentials;
auth_statusreports missing configuration instead of crashing.Keeps OAuth access tokens in memory only.
On
401 invalid-tokendata API responses, discards the cached token, requests a fresh OAuth token, and retries the original request once.auth_statusseparates token issuance from data endpoint reachability and reports whether a defaultTOSS_ACCOUNT_SEQis configured.Redacts API keys, secrets, bearer tokens, account headers, and account numbers from tool output/errors.
Trading is disabled by default.
v0.2 workflow tools are safety-first and preview-based:
portfolio_snapshot → pre_trade_check → order_preview → approval → order_execute → order_status_summary.order_previewstores preview contracts in memory only and never calls Toss order POST endpoints.order_executeis intentionally fast: it rechecks only preview/confirmation/hash/env/delegated-authority gates, submits at most one order POST, and reports timeout/network ambiguity asunknown_execution_statefor reconciliation before any manual retry.Order tools default to
dryRun=true.Real create/modify/cancel operations require
ENABLE_TRADING=trueplus the operation-specific gate.Confirmation is required by default.
Default max order amounts are
0KRW and0USD.BLOCKED_SYMBOLStakes precedence overALLOWED_SYMBOLS.
Related MCP server: tossinvest-openapi-mcp
Install and run
This repository is currently distributed from GitHub source only. It has not been published to npm under an EthanKlocked-owned package.
Important: the unscoped npm name tossinvest-openapi-mcp is already used by a different npm package, so do not install or run that package expecting this repository's code.
Clone this repository, then install and build locally:
git clone https://github.com/EthanKlocked/tossinvest-openapi-mcp.git
cd tossinvest-openapi-mcp
npm install
npm run build
npm testRun locally:
TOSS_API_KEY=... TOSS_SECRET_KEY=... node dist/index.jsDo not put real secrets in committed files. Prefer passing env vars from your local shell or MCP client secret manager.
MCP client configuration example
Use the local cloned path:
{
"mcpServers": {
"tossinvest": {
"command": "node",
"args": ["/absolute/path/to/cloned/tossinvest-openapi-mcp/dist/index.js"],
"env": {
"TOSS_API_KEY": "${TOSS_API_KEY}",
"TOSS_SECRET_KEY": "${TOSS_SECRET_KEY}",
"TOSS_ACCOUNT_SEQ": "${TOSS_ACCOUNT_SEQ}"
}
}
}
}If this project is later published to npm, use a package name owned by the maintainer, such as @ethanklocked/tossinvest-openapi-mcp, rather than the already-taken unscoped name.
Environment variables
Name | Default | Purpose |
| unset | Toss Open API client id / API key. |
| unset | Toss Open API client secret. |
| unset | Optional default account sequence for account-scoped tools. |
|
| Global gate for any real order operation. |
|
| Gate for real order create. |
|
| Gate for real order modify. |
|
| Gate for real order cancel. |
|
| Requires exact confirmation text for real order operations. |
|
| Maximum allowed calculated KRW order amount. |
|
| Maximum allowed calculated USD order amount. |
| unset | Optional comma-separated allow list. |
| unset | Optional comma-separated block list; always wins over allow list. |
|
| Timeout for OAuth, read-only, and order requests. Set |
Confirmation text for real order operations:
I understand this may place a real Toss Securities orderTools
Read-only tools:
auth_statusaccountsholdingspricesorderbooktradesprice_limitscandlesstock_infostock_warningsexchange_ratemarket_calendarorders_openorders_closedorder_detailbuying_powersellable_quantitycommissions
Workflow tools:
portfolio_snapshot— reads holdings, KRW/USD buying power, open orders, calculable position weights, account/accountSeq state, warning flags, and partial failures. Position weights use a KRW-converted, cash-inclusive denominator (holdings + KRW/USD cash buying power); whencashStatusispartial, omitted cash currencies are listed inomittedCashCurrencies.pre_trade_check— separate read/check layer for candidate orders; returnscanProceedDryRun,realOrderBlockedByDefault,checks,warnings,blockers,missing,estimate, anddataFreshness.order_preview— creates an in-memory preview contract; returnspreviewId,requestHash,ttlSeconds,expiresAt, exactconfirmationText, estimated amount/fee/cash/quantity checks, gate status, risk flags, and calculability notes. It never calls order POST endpoints. Default TTL: 90 seconds; max accepted TTL: 300 seconds.order_execute— fast preview-based submission; requirespreviewId, matchingrequestHash, exact confirmation (I approve this exact Toss order preview), unexpired preview, env gates, and optional delegated-authority bounds. It does not runpre_trade_checkin the hot path and does not add automatic order POST retry.order_status_summary— read-only reconciliation summary for open/recently closed orders, state counts, filled/partial/canceled/rejected/replace-related states when present, and caveats for disappeared/replaced orders.
Trading tools:
order_validate— checks local gates only and never calls Toss order POST endpoints.order_create— defaults to dry-run; real execution requires all create gates.order_modify— defaults to dry-run; real execution requires all modify gates.order_cancel— defaults to dry-run; real execution requires all cancel gates. WhenALLOWED_SYMBOLSorBLOCKED_SYMBOLSis configured, real cancellation also requires caller-suppliedrequest.symbolso local symbol policy can be evaluated before the POST. The server does not fetch order details before cancel because this would add a second API dependency and the official detail payload shape should be confirmed by users with live credentials before relying on it for safety.
Auth status and account selection
auth_status intentionally separates OAuth token issuance from actual data API reachability:
configured: required credential environment variables are present.tokenAvailable:POST /oauth2/tokensucceeded.dataApiReachable: a real read-only data check againstGET /api/v1/accountssucceeded.authenticated:trueonly when both token issuance and the data endpoint check succeed.accountSeqConfigured:truewhenTOSS_ACCOUNT_SEQis set.accountSeqRequiredForAccountTools:true; account-scoped tools need either a per-callaccountSeqorTOSS_ACCOUNT_SEQ.
Most market-data tools such as prices, orderbook, trades, and stock_info do not require accountSeq. Account-scoped tools such as holdings, orders_open, orders_closed, order_detail, buying_power, sellable_quantity, commissions, and real/dry-run order tools require accountSeq via the tool arguments or TOSS_ACCOUNT_SEQ.
Endpoint mapping
Tool | Method/path | Side effect |
|
| Token/data reachability check only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
|
| Read-only |
| Composes | Read-only workflow snapshot |
| Composes market calendar, warnings, price limits, buying power/sellable quantity, commissions, and open orders | Read/check only; no order POST |
| Local preview contract plus read/check calls | No Toss order POST; memory-only preview storage |
|
| At most one order POST; no automatic order POST retry |
|
| Read-only reconciliation |
| Local gate evaluation only | No Toss order POST |
|
| Real order only after all gates pass |
|
| Real order modification only after all gates pass |
|
| Real order cancellation only after all gates pass |
v0.2 workflow examples
Recommended safety-first flow:
portfolio_snapshot → pre_trade_check → order_preview → user/delegated approval → order_execute → order_status_summaryMarket calendar checks are routed by request market:
currency=KRWor a six-digit Korean stock symbol usesmarket_calendar(KR).US tickers /
currency=USDusemarket_calendar(US).US non-business days are detected from the official calendar shape when
result.today.dayMarket,preMarket,regularMarket, andafterMarketare allnull.KR non-business days are detected when
result.today.integratedisnull.In those cases
pre_trade_checkandorder_previewreturn amarket_closed_non_business_dayblocker withmarket,date, andnextBusinessDay; they do not reportmarket_open_unknowninmissing.
portfolio_snapshot example:
{
"accountSeq": 1,
"currencies": ["KRW", "USD"],
"limit": 50
}pre_trade_check example. This is a separate read/check tool and is intentionally not forced into order_execute's hot path:
{
"accountSeq": 1,
"request": {
"symbol": "005930",
"side": "BUY",
"orderType": "LIMIT",
"quantity": "1",
"price": "70000",
"currency": "KRW"
},
"delegatedAuthority": {
"remainingAmount": 100000,
"expiresAt": "2026-07-05T15:00:00.000Z"
}
}order_preview example. It never calls Toss order POST endpoints and returns previewId, requestHash, TTL, and exact confirmation text:
{
"accountSeq": 1,
"ttlSeconds": 90,
"request": {
"symbol": "005930",
"side": "BUY",
"orderType": "LIMIT",
"quantity": "1",
"price": "70000",
"currency": "KRW"
}
}order_execute example. Copy the previewId, requestHash, and exact confirmationText from the preview response:
{
"previewId": "preview_...",
"requestHash": "<sha256-from-preview>",
"confirmation": "I approve this exact Toss order preview"
}If an order POST times out or returns an ambiguous network failure, order_execute returns status: "unknown_execution_state" and directs callers to reconcile with order_status_summary/order_detail before any manual retry. The server does not automatically retry order POSTs.
order_status_summary example:
{
"accountSeq": 1,
"symbol": "005930",
"limit": 50
}Trading safety examples
Dry-run validation:
{
"request": {
"symbol": "005930",
"side": "BUY",
"orderType": "LIMIT",
"quantity": "1",
"price": "70000",
"currency": "KRW"
}
}Real create requires all of the following:
ENABLE_TRADING=true
ENABLE_ORDER_CREATE=true
REQUIRE_CONFIRMATION=true
MAX_ORDER_KRW=100000
ALLOWED_SYMBOLS=005930And the tool call must include:
{
"dryRun": false,
"confirmation": "I understand this may place a real Toss Securities order",
"request": {
"symbol": "005930",
"side": "BUY",
"orderType": "LIMIT",
"quantity": "1",
"price": "70000",
"currency": "KRW"
}
}Official endpoint mapping
The implementation is intentionally thin and maps tools to official Toss Open API paths:
OAuth:
POST /oauth2/tokenMarket/account/order data:
/api/v1/...paths fromhttps://openapi.tossinvest.com/openapi-docs/latest/openapi.jsonOrder create/modify/cancel: official
/api/v1/ordersPOST paths only, guarded locally before any POST is attempted.
Development
npm install
npm test
npm run lint
npm run audit:prodThe required test suite uses Node's built-in test runner and mocked fetch calls. It does not require real Toss credentials and does not call live order endpoints.
Opt-in read-only integration smoke test
After configuring your own Toss credentials locally, you can run a safe read-only smoke test:
TOSS_API_KEY=... TOSS_SECRET_KEY=... npm run smoke:readonlyOptional account-scoped checks can use TOSS_ACCOUNT_SEQ, but the default smoke path only calls read-only tools that do not create, modify, or cancel orders: auth_status, accounts, and market_calendar. If TOSS_API_KEY or TOSS_SECRET_KEY is missing, the command exits successfully with a SKIP message and makes no Toss API request. Output is passed through the same redaction helpers used by the MCP server.
Timeout/retry policy
This server applies a configurable request timeout to OAuth, read-only calls, and order calls. It intentionally does not add broad automatic retries: read-only retry policy should be based on observed Toss API behavior, and order POST retries are disabled unless official idempotency guarantees are documented. The only automatic retry remains the existing one-time token refresh/retry for a 401 invalid-token response.
Release checklist
Before publishing or tagging a release:
Verify package ownership and name availability; do not publish the unscoped
tossinvest-openapi-mcpname.Run
npm test,npm run lint,npm run audit:prod, andnpm pack --dry-run.Confirm the dry-run tarball includes only runtime files (
dist/JavaScript/declarations without source maps),scripts/smoke-readonly.mjs,README.md,LICENSE,.env.example, and package metadata.Re-scan docs for secrets, account numbers, local paths, private workflow notes, or investment advice/automation claims.
Publish only after explicit maintainer approval.
Publication hygiene
.gitignoreexcludes.env,.env.*, logs, coverage,node_modules, and build output..npmignoreexcludes local env files, logs, coverage, internal handoff/QA notes, and local run artifacts.package.jsonfilesonly publishesdist, public docs,.env.example, and changelog/security/license files.
Disclaimer
This software is not investment advice and does not implement trading strategy, rebalancing, optimization, or automated trading loops. Order tools can place real financial orders only when explicitly enabled and used with valid Toss credentials; use at your own risk.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/EthanKlocked/tossinvest-openapi-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server