paypay-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@paypay-mcpCreate a QR code for ¥1500"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
paypay-mcp
Model Context Protocol server for the PayPay Open Payment API.
Works with Claude Desktop, Claude Code, Cursor, Windsurf, Zed, ChatGPT Apps SDK, and any other MCP-compatible client. Tool descriptions are provided in English and Japanese.
Status
v0.1.x — production-capable, not yet battle-tested at scale.
The server runs cleanly against PayPay's production Open Payment API once PAYPAY_ENV=production is set with approved merchant credentials. It has not yet processed meaningful real-world volume. If you are routing real payments through it, pin the version and review the source first.
Tools
Tool | Description |
| Create a dynamic PayPay QR code. Returns the payment URL, deeplink, and a rendered PNG. |
| Fetch the current status of a payment. |
| Poll until a payment reaches a terminal state. |
| Invalidate a QR code before payment. |
| Full or partial refund. |
| Cancel a payment when its state is unclear (timeout or error). |
Prompts
accept_single_payment, refund_last_payment, debug_stuck_payment.
Resources
URI | Description |
| Endpoint map, auth scheme, and status vocabulary for the PayPay OPA API. |
| Payment lifecycle and the cancel-vs-refund decision rule. |
| Non-secret view of the active config (env, merchantId, baseUrl, transport). |
Install
One-click:
Or via npm:
npm install -g paypay-mcpConfiguration
Credentials come from the PayPay Developer Dashboard.
Variable | Required | Description |
| yes | OPA API Key ID |
| yes | OPA API Key Secret |
| yes | Merchant ID |
| no |
|
| no | Set to |
| no | Set to |
| no |
|
| no | Port when |
| no | Bind address. Default |
| no | Bearer token required on inbound HTTP requests when set. Mandatory for non-loopback binds. |
| no | Comma-separated CORS allowlist. Default: none. |
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"paypay": {
"command": "npx",
"args": ["-y", "paypay-mcp"],
"env": {
"PAYPAY_API_KEY": "a_...",
"PAYPAY_API_SECRET": "...",
"PAYPAY_MERCHANT_ID": "...",
"PAYPAY_ENV": "sandbox"
}
}
}
}Claude Code
claude mcp add paypay -e PAYPAY_API_KEY=... -e PAYPAY_API_SECRET=... -e PAYPAY_MERCHANT_ID=... -- npx -y paypay-mcpCursor
Add to ~/.cursor/mcp.json with the same shape as Claude Desktop.
Remote hosting
Run in HTTP mode. Public binds require MCP_AUTH_TOKEN; the server refuses to start otherwise.
MCP_TRANSPORT=http \
MCP_HTTP_HOST=0.0.0.0 \
MCP_AUTH_TOKEN="$(openssl rand -hex 32)" \
MCP_HTTP_ALLOWED_ORIGINS="https://claude.ai,https://your-app.example.com" \
PAYPAY_ENV=sandbox \
PAYPAY_API_KEY=... PAYPAY_API_SECRET=... PAYPAY_MERCHANT_ID=... \
npx paypay-mcpEndpoint: POST http(s)://<host>:3000/mcp (Streamable HTTP transport). Clients send Authorization: Bearer <MCP_AUTH_TOKEN>. CORS is closed by default.
For local testing the auth token can be omitted; the server binds to 127.0.0.1 and only accepts loopback connections.
Environments
Sandbox is the default. Production requires PayPay merchant onboarding (business verification and a contract) and must be enabled by explicitly setting PAYPAY_ENV=production.
Constraints
Amounts are integer JPY.
A payment can be canceled until 00:14:59 JST the day after the payment attempt. After that, use a refund.
A single order can receive multiple partial refunds, each with a unique
merchantRefundId, up to the merchant-configured cap.TLS 1.2+ required (Node 20+).
Development
git clone https://github.com/mrslbt/paypay-mcp.git
cd paypay-mcp
npm install
cp .env.example .env
npm run dev
npm test
npm run smoke
npm run buildRoadmap
v0.2: PreAuth + Capture, ContinuousPayments, DirectDebit, AccountLink QR, webhook signature verification, reconciliation tools.
v0.3: Native Payment (App Invoke + user JWT auth), Visa-partnership endpoints, OpenTelemetry tracing.
Safety
This server can move real money through the PayPay OPA API. Key safeguards:
Refund and cancel tools are disabled by default.
refund_paymentandcancel_paymentare only registered whenPAYPAY_ENABLE_REFUNDS=trueorPAYPAY_ENABLE_CANCELS=true. Only enable them in trusted agent contexts where tool inputs cannot be influenced by untrusted content.Sandbox is the default. Production requires an explicit
PAYPAY_ENV=production, plus completed PayPay merchant onboarding. Always test against sandbox first.Unique merchantPaymentId and merchantRefundId per call. PayPay deduplicates by these IDs, so reusing one will either fail or target an older payment. Generate a fresh ID for each new payment or refund.
Even with these gates on, review any money-moving request before approving the tool call. Treat tool inputs derived from model output as untrusted.
Disclaimer
This is an unofficial, community-built MCP server. Not affiliated with, endorsed by, or sponsored by PayPay Corporation. PayPay is a registered trademark of its respective owners. Use at your own risk. The author accepts no liability for funds lost through misuse, prompt injection, or bugs.
License
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mrslbt/paypay-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server