xendit-mcp
Provides read-only access to Xendit's payment platform, enabling AI agents to look up payments, disbursements, refunds, and virtual account transactions for payment investigation and reconciliation workflows.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@xendit-mcpshow me the invoice for INV-2024-00123"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
xendit-mcp (read-only)
Minimal, read-only MCP server for Xendit. Built for the CareNow Issue Resolver agent — looks up payments, disbursements, refunds, and VA transactions. Never moves money.
Unofficial. Not affiliated with or endorsed by Xendit.
Why read-only?
Agents should not be able to call create_disbursement, create_refund, or expire_invoice — even via prompt injection from a Xendit-side field. This server exposes only GET endpoints. For defense in depth, also use a Xendit API key scoped to *_READ permissions.
Install & run
No clone required. Install directly from GitHub via npx:
{
"mcpServers": {
"xendit": {
"command": "npx",
"args": ["-y", "github:indratjhai/xendit-mcp"],
"env": {
"XENDIT_API_KEY": "xnd_development_..."
}
}
}
}On first run, npm clones the repo, installs deps, and runs npm run build via the prepare script. After that it launches from the cached install.
Pin a specific commit for reproducibility:
"args": ["-y", "github:indratjhai/xendit-mcp#<commit-sha>"]Local development
git clone https://github.com/indratjhai/xendit-mcp.git
cd xendit-mcp
npm install
cp .env.example .env # fill in XENDIT_API_KEY
npm run devAPI key
Go to https://dashboard.xendit.co/settings/developers#api-keys
Create a key with READ-only permissions:
BALANCE_READINVOICE_READTRANSACTION_READDISBURSEMENT_READREFUND_READPAYMENT_REQUEST_READ
Use a
xnd_development_...test key while developing.
Tools
Tool | Purpose |
| Account balance by type (CASH / HOLDING / TAX) |
| Filter by external_id, status, date range |
| Invoice by ID |
| Core tool — filter by reference_id, type, channel, date |
| Transaction by ID |
| Disbursement by ID |
| Disbursement by your reference |
| Filter by payment_request_id / invoice_id / reference_id |
| Refund by ID |
| New Payments API — filter by reference_id |
| Payment request by ID |
| Virtual account — for Wrong VA investigations |
| VA payment by payment_id |
What's not here (by design)
create_invoice,expire_invoicecreate_disbursementcreate_refundcreate_payment_requestAny POST / PATCH / DELETE
If a workflow needs a mutation, it should be done manually in the Xendit dashboard or via a separate approval flow that a human reviews — not from an agent session.
Security notes
API key read from
XENDIT_API_KEYenv var. Never logged, never sent to tool output.Network egress is hardcoded to
https://api.xendit.co— no other hosts.Path-component IDs are validated against
^[a-zA-Z0-9_-]+$and URL-encoded.All tool inputs are zod-validated.
Only runtime deps:
@modelcontextprotocol/sdk,zod.
License
MIT
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/indratjhai/xendit-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server