Provides tools for interacting with WooCommerce REST API, enabling management of products (search, list), orders (create, retrieve, list with filters), and e-commerce operations through the WooCommerce platform.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP WooCommerce Serversearch for blue t-shirts in size medium"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP WooCommerce Server
A Model Context Protocol (MCP) server that provides tools to interact with WooCommerce REST API.
Features
Search Products: Search for products by name or SKU
List Products: Retrieve all products with pagination
Create Orders: Create new orders with line items
Get Orders: Retrieve specific orders by ID
List Orders: List orders with optional filters
🔐 Authentication: API Key-based authentication for secure access
Setup
Clone this repository
Copy
.env.exampleto.envand fill in your WooCommerce API credentials:WOO_URL=https://yourstore.com WOO_CONSUMER_KEY=your_consumer_key WOO_CONSUMER_SECRET=your_consumer_secret MCP_API_KEY=your_secure_api_key_hereGet your WooCommerce API credentials:
Go to WooCommerce > Settings > Advanced > REST API
Create a new key with read/write permissions
Copy the Consumer Key and Consumer Secret
Generate a secure API key for MCP authentication:
# Generate a random API key (Linux/Mac) openssl rand -hex 32 # Or use Python python -c "import secrets; print(secrets.token_hex(32))"
Security
Authentication
The server implements API Key authentication to protect against unauthorized access. When MCP_API_KEY is configured, all requests must include the API key in the Authorization header.
Without Authentication (Development Only)
If MCP_API_KEY is not set, the server runs without authentication for development purposes.
With Authentication (Production Recommended)
When MCP_API_KEY is set, clients must include:
Authorization: Bearer YOUR_API_KEY_HERESecurity Best Practices
Always set in production environments
Use strong, randomly generated API keys (32+ characters)
Rotate API keys regularly
Use HTTPS in production
Limit network access to trusted sources only
Monitor access logs for suspicious activity
Running Locally
With Docker Compose
docker-compose up --buildThe server will start on http://localhost:8200/mcp with modular architecture.
With Python
pip install -r requirements.txt
python -m src.serverArchitecture
The project uses a modular architecture with the following structure:
src/server.py- FastAPI application with MCP integration and authenticationsrc/tools.py- MCP tools implementation (5 tools for WooCommerce operations)src/config.py- Environment configuration and validationsrc/woo_client.py- WooCommerce API client wrappersrc/models.py- Pydantic models for structured datatest/client_authenticated.py- Full-featured authenticated MCP client (recommended)test/client_example.py- Basic MCP client using official libraries (limited auth support)test/list_tools.py- Simple tool listing script
Client Compatibility Matrix
Component | With API Key (Production) | Without API Key (Development) | Notes |
| ✅ Fully Supported | ❌ Requires API key | Recommended client with full auth support |
Curl Scripts ( | ✅ Fully Supported | ❌ Requires API key | Manual testing with proper auth headers |
| ✅ Fully Supported | ❌ Requires API key | Authentication validation script |
| ❌ Limited support¹ | ✅ Works | Uses official MCP libraries |
| ❌ Limited support¹ | ✅ Works | Uses official MCP libraries |
¹ Limited support: May fail with authentication errors when API key is required
API Endpoints
The server exposes the following MCP tools:
search_products(query: str, per_page: int = 10)- Search productslist_products(per_page: int = 20, page: int = 1)- List all productscreate_order(customer_id: int, line_items: List[Dict], billing: Dict, shipping: Optional[Dict])- Create orderget_order(order_id: int)- Get specific orderlist_orders(customer_id: Optional[int], status: Optional[str], per_page: int = 10)- List orders
WooCommerce API Requirements
WooCommerce 3.5+
WordPress 4.4+
Pretty permalinks enabled
REST API enabled (default)
Testing the MCP Server
Using the Example Clients
The project includes example MCP clients to test the server:
Authenticated Client (Recommended)
python test/client_authenticated.pyThis is the recommended client for testing. It provides:
✅ Full API key authentication support
✅ Proper SSE response parsing
✅ Complete tool testing (list_products, search_products, etc.)
✅ Detailed output with product information
✅ Error handling and session management
Simple Tool Lister
python test/list_tools.pyThis script connects to the MCP server and lists all available tools with their descriptions and parameters.
Basic Example Client (Limited)
python test/client_example.pyThis client uses official MCP libraries but has limitations:
❌ Limited authentication support (may fail with API key auth)
❌ May encounter connection errors with authenticated servers
✅ Good for understanding MCP protocol structure
Testing Scripts
The project includes curl scripts for easy testing:
# Update the AUTH_HEADER in the scripts with your API key
# Then run:
./test/curl_list_products.sh
./test/curl_search_products.sh pulseras
./test/curl_create_order.shThese scripts demonstrate proper authentication and SSE response handling.
Authentication Testing
# Run authentication tests
./test/test_auth.shThis script validates that authentication is working correctly by testing different scenarios.
Data Ingestion Examples
The project includes example scripts for ingesting product data from the MCP server:
Bash Script (Recommended for Automation)
# Run the ingestion script
./ingestion_example.shThis script demonstrates the correct format for MCP requests and handles SSE responses.
Python Script
# Activate virtual environment and run
source .venv/bin/activate
python ingestion_example.pyThis Python client shows how to programmatically ingest data with proper error handling.
MCP Request Format
When building your own ingestion scripts, use this format to avoid 406 errors:
# 1. Initialize session (required)
curl -X POST http://localhost:8200/mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{"jsonrpc": "2.0", "id": 1, "method": "initialize", "params": {"protocolVersion": "2024-11-05", "capabilities": {}, "clientInfo": {"name": "ingestion-client", "version": "1.0.0"}}}'
# 2. Call tools with session ID
curl -X POST http://localhost:8200/mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Mcp-Session-Id: YOUR_SESSION_ID" \
-d '{"jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": {"name": "list_products", "arguments": {"per_page": 50}}}'Important Headers:
Content-Type: application/jsonAccept: application/json, text/event-streamAuthorization: Bearer YOUR_API_KEYMcp-Session-Id: YOUR_SESSION_ID(after initialization)
This server cannot be installed
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.