SAP MCP Server
Integrates with the Cloud Foundry API v3 for managing applications, services, and other resources on SAP BTP, Cloud Foundry environment.
Allows interaction with SAP ABAP systems, including running remote-enabled function modules and BAPIs, reading tables, and executing ADT SQL queries, as well as SAP BTP services such as Cloud Identity Services, Identity Provisioning, Cloud Transport Management, Forms Service by Adobe, Cloud Information Service, and Integration Suite.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SAP MCP Serverread data from table MARA where MATNR = '12345'"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
sap-mcp-server
English | ζ₯ζ¬θͺ
Securely operate SAP ABAP and BTP services from MCP-compatible AI clients.
Connect to SAP ABAP and BTP services from general MCP-compatible AI clients such as Claude Code, Codex, and Gemini CLI. Distributed as a single self-contained binary (Node.js SEA) for Linux and Windows.
This tool is not standalone: it requires a backend service deployed on SAP BTP, Cloud Foundry. Through strong, multi-layered security it accesses on-premise / RISE SAP environments.
π Security
Security is enforced in multiple layers (defense in depth), so AI-driven access to SAP stays controlled and auditable.
Layer | Control |
Access scope | Restrict access to Full or Reference-only (read-only). |
Landscape | Per-landscape access control for DEV / QAS / PRD. |
Authentication | Connects only over a secure, authenticated channel; SAP credentials are never held by the client. |
Secret handling | Connection secrets are kept local only and are never committed or embedded in the binary. |
Security pattern: role-based authorization
Two scopes β mcp (Full) and mcp_readonly (Reference-only) β are enforced in layers (the reference backend implements this; bring-your-own backends are encouraged to follow it):
Scope gate (app level) β every MCP route is mounted behind "require
mcpormcp_readonly"; a token with neither scope is rejected (403) before any handler runs.Environment gate (per destination) β each destination is tagged
DEV/QAS/PRD.mcp_readonlymay reach onlyDEV/QAS(PRD and untagged are denied β fail-closed).mcpreaches all.Method gate (REST relays) β
mcp_readonlymay issue onlyGETon the BTP service relays.Hard-deny β PII tools (IAS / IPS) and CLI execution are
mcp-only, regardless of environment.
Tool | Full ( | Read-only ( |
| all | DEV/QAS destinations only |
| all envs | DEV/QAS only |
| all envs | DEV/QAS only |
| all envs | DEV/QAS only |
| all envs | DEV/QAS only |
| DEV-role destinations only | denied |
| DEV-role destinations only | denied |
| all envs | denied |
| all envs | denied |
| all envs, any method |
|
| all envs | denied |
Operational controls (defense in depth): (1) MCP key issuance, (2) scope mcp / mcp_readonly, (3) key revoke, (4) audit log of every call, (5) per-destination environment tag.
Related MCP server: SAP OData to MCP Server
Capabilities
SAP ABAP
Run any remote-enabled Function Module / BAPI without cumbersome web service configuration.
Function Modules (RFC / BAPI)
Table read (RFC_READ_TABLE-equivalent)
ADT SQL / Open SQL / DDIC preview
Add-on development β read / write / activate / delete reports and function modules (SE37) via ADT
Transport management β create / release transport requests (CTS)
SAP BTP services
Cloud Identity Services (IAS) Admin / SCIM
Identity Provisioning (IPS) Jobs / JobLogs
Cloud Foundry API v3
Build Work Zone (Content API)
Cloud Transport Management (cTMS) v2
Forms Service by Adobe
Cloud Information Service (CIS Central)
Integration Suite (CPI) Audit / Monitoring
Install
Download the platform binary from GitHub Releases.
curl -fsSL https://github.com/HUGO-Domon/sap-mcp-server/releases/latest/download/install-sap-mcp.sh | bashBinaries may be unsigned. See docs/ for Windows SmartScreen / macOS Gatekeeper notes. Each asset ships with a
*.sha256checksum.
Configuration
The binary reads a connections.json describing one or more backend connections. It is read by the
binary itself (independent of the AI client), in this lookup order:
$SAP_MCP_CONFIG β ~/.config/sap-mcp-server/connections.json β next to the executable.
connections.json format
{
"defaultConnection": "primary",
"connections": {
"primary": {
"defaultDestination": "AC1",
"relayUrl": "https://your-backend.example.com",
"relayBasePath": "/api/tableread/mcp",
"clientId": "sb-xxxxxxxx",
"clientSecret": "xxxxxxxx",
"tokenUrl": "https://<subdomain>.authentication.<region>.hana.ondemand.com/oauth/token"
}
}
}Field | Required | Description |
| optional | Connection used when a tool call omits |
| optional | SAP destination (SID / Destination name) used when a tool call omits |
| required | Base URL of the backend (the backend host itself, not the approuter). No trailing slash. |
| required* | Path where the backend mounts the MCP relay. It must match your backend. The provided reference backend mounts it at |
| required | OAuth2 |
| required | XSUAA token endpoint (ends with |
β Most common failure β "cannot connect / tools return 404". If
relayBasePathis omitted it defaults to/api/mcp, which does not match the reference backend (mounted at/api/tableread/mcp), so every relay call 404s. Always setrelayBasePathto your backend's actual MCP mount path.
Getting the values (recommended)
Ask your backend administrator to issue you an MCP key. In the reference backend's MCP admin app, open your approved request and click "Get credentials". The dialog shows every field and provides:
Copy all β copies the complete
connections.jsonto the clipboard, andDownload connections.json β saves a ready-to-use file.
relayUrl, relayBasePath, clientId, clientSecret, and tokenUrl are already filled in; you only
set defaultDestination (and optionally the connection name) in the dialog before copying/downloading.
Credentials are shown once. If you miss them, ask the admin to rotate the key.
Create / update the file
mkdir -p ~/.config/sap-mcp-server
# New install β move the downloaded file into place:
mv ~/Downloads/connections.json ~/.config/sap-mcp-server/connections.json
chmod 600 ~/.config/sap-mcp-server/connections.jsonTo add another landscape, add a second entry under connections (e.g. "dev", "prd"), then either
set defaultConnection or pass the connection argument per tool call. Keep secrets local only β
never commit connections.json.
Client Configuration
Register the binary in your AI client, then restart the client (or reconnect its MCP servers) so it
reloads. The MCP server name is arbitrary; sap-mcp-server is used below.
Claude Code (CLI)
install-sap-mcp.sh auto-registers the server in ~/.claude.json. To register manually:
claude mcp add sap-mcp-server -- /path/to/sap-mcp-server-linuxβ¦or edit ~/.claude.json directly:
{ "mcpServers": { "sap-mcp-server": { "command": "/path/to/sap-mcp-server-linux", "args": [] } } }Verify with /mcp inside Claude Code β it should list sap-mcp-server as connected. After you
update the binary or connections.json, run /mcp β reconnect (or restart Claude Code) to pick up
the change.
Claude Desktop
Windows:
%APPDATA%\Claude\claude_desktop_config.jsonmacOS:
~/Library/Application Support/Claude/claude_desktop_config.json
{ "mcpServers": { "sap-mcp-server": { "command": "C:\\path\\to\\sap-mcp-server-win.exe", "args": [] } } }Restart Claude Desktop after editing.
Gemini CLI (~/.gemini/settings.json)
{ "mcpServers": { "sap-mcp-server": { "command": "/path/to/sap-mcp-server-linux", "args": [] } } }Restart the Gemini CLI session after editing. (The binary still reads connections.json from the lookup
order above β the client config only points at the binary.)
Build (developers)
npm ci
npm run build:bundle # esbuild β CJS bundle
npm run build:bin:linux # Node SEA blob + postject β single binaryBackend
Actual SAP communication and the security controls above are performed by a backend that this server connects to over a secure channel. A compatible backend is required (Bring Your Own Backend).
The REST contract a backend must satisfy is defined in docs/BACKEND-CONTRACT.md.
A reference backend is not included in this repository. A production-ready backend (setup, connection configuration, and operation) is provided separately under a consulting engagement. Contact: contact@hugoconsulting.com
Security Policy
Please report vulnerabilities via SECURITY.md.
License
Apache License 2.0. "SAP" and SAP product names are trademarks of SAP SE. This project is not affiliated with, endorsed by, or sponsored by SAP SE. See NOTICE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/hugoconsulting/sap-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server