Buchhaltungsbutler MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Buchhaltungsbutler MCPShow me my unpaid invoices from last month."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ohneben's Buchhaltungsbutler MCP
Manage your BuchhaltungsButler bookkeeping in plain language from AI assistants like Claude, Cursor, and any other MCP client.
This Model Context Protocol server exposes the BuchhaltungsButler API v1 β all 48 endpoints, auto-generated from the official OpenAPI spec into MCP tools. Every tool is safety-categorized (read-only / write / destructive) so your assistant knows what an action does before it calls it. Runs over stdio (Claude Desktop and other local launchers) or Streamable HTTP (hosted in Docker).
Why you'll want this
Some MCP servers just forward an API. This one is built to be safe to hand to an LLM and easy to run for real:
What you get | Why it matters |
All 48 endpoints, auto-generated from the official spec | Full coverage of receipts, transactions, postings, invoices and master data β nothing hand-picked or left behind. |
Every tool is safety-categorized π’ / π‘ / π΄ | A banner at the top of each tool description tells the model exactly what it does β fetch, create, update, revert or delete β before it acts. |
Machine-readable MCP annotations ( | Hosts that honor annotations (Claude included) can auto-trust reads and demand confirmation before anything destructive. |
Two transports: stdio and Streamable HTTP | Use it locally in Claude Desktop, or run one always-on server that any number of MCP clients reach over HTTP. |
Docker + docker-compose, health check, auto-restart | Production-style deployment out of the box: |
Optional bearer-token auth on the HTTP endpoint | Put the server behind a shared secret the moment it's reachable beyond localhost. |
Built-in rate limiting | Self-throttles under BuchhaltungsButler's 100 requests/customer/minute cap so you never trip it. |
Your secrets never reach the model | Credentials live in the server's environment and are injected on every request β the assistant only ever sees tool inputs and API responses. |
How it compares
At the time of writing this appears to be the only dedicated BuchhaltungsButler MCP server. You could instead point a generic OpenAPIβMCP wrapper at the spec β here's what that leaves on the table:
Capability | This project | Generic OpenAPIβMCP wrapper* |
All 48 BuchhaltungsButler endpoints as tools | β | β |
Per-tool π’ / π‘ / π΄ safety category + banner | β | β |
| β | β |
| β | β |
Built-in rate limiting (stays under BB's 100/customer/min) | β | β |
| β | β |
Streamable-HTTP transport | β | β |
Docker + docker-compose, health check, auto-restart | β | β |
Optional bearer-token auth on the endpoint | β | β |
Credentials injected server-side, never sent to the model | β | β |
License | MIT | varies |
*Generic OpenAPIβMCP wrappers turn any Swagger/OpenAPI spec into MCP tools. They can reach the same endpoints, but treat every operation identically β no safety categories, no deployment story, and no guardrails tuned for live accounting data. "β" = varies by tool / not guaranteed. Snapshot from July 2026.
Related MCP server: YNAB Assistant
What you can do
Once it's connected, ask your assistant things like:
"List all inbound receipts from last month that are still unpaid."
"Create a draft invoice for ACME GmbH: 10 hours of consulting at β¬120 each."
"Book this bank transaction against posting account 4400."
"Upload this PDF receipt and assign it to the matching transaction."
"Show me my creditors, and add a new one for our hosting provider."
Tools are generated automatically from the official API and grouped into π’ read-only, π‘ write, and π΄ destructive β so a well-behaved host can treat each group differently.
How it works
Claude / Cursor / any MCP client ββMCPβββΊ this server ββHTTPSβββΊ BuchhaltungsButler API (cloud)The server parses the bundled OpenAPI spec into MCP tools (resolving $ref batch
payloads and stripping HTML from descriptions), tags each with its safety category,
and injects your Basic-auth credentials and api_key on every outgoing request.
Your credentials stay in the server's environment β the model never sees or handles
them.
Requirements
A BuchhaltungsButler account with API access β an API Client + API Secret (Settings β API) and a customer
api_key(see Get your API credentials).Docker (Docker Desktop on macOS/Windows) for the quick start below β or Node.js β₯ 18 to run from source.
Quick start (Docker)
1. Add your credentials. Copy the example config and fill it in:
cp .env.example .env
# edit .env β set BB_API_CLIENT, BB_API_SECRET, BB_API_KEY
# β set MCP_AUTH_TOKEN to a long random string if reachable beyond localhost2. Start the server:
docker compose up -d --build3. Confirm it's running:
curl -s http://localhost:3000/health # β {"status":"ok","server":"buchhaltungsbutler-mcp"}4. Connect your MCP client. Remote endpoints are added in Claude as a custom
connector (Settings β Connectors), or bridged locally with
mcp-remote. Add this under mcpServers
in your client config, then fully quit and reopen the app:
{
"mcpServers": {
"buchhaltungsbutler": {
"command": "npx",
"args": [
"mcp-remote",
"http://localhost:3000/mcp",
"--header", "Authorization: Bearer YOUR_MCP_AUTH_TOKEN"
]
}
}
}(Drop the --header line if you left MCP_AUTH_TOKEN empty.)
Prefer a prebuilt image?
Every push to main publishes a ready-to-run image to the GitHub Container
Registry, so you can skip the local build entirely:
docker run -d --name buchhaltungsbutler-mcp -p 3000:3000 --env-file .env \
ghcr.io/ohneben/buchhaltungsbutler-mcp:latestGet your API credentials
BuchhaltungsButler uses two layers of authentication (see the official docs):
HTTP Basic auth β an API Client + API Secret, your global API credentials. Find or create them in BuchhaltungsButler under Settings β API.
api_keyβ identifies which customer account a request acts on. It lives in that customer's company-data settings.
Put all three in .env. The server injects them on every request, so your assistant
never sees them. A single tool call may optionally pass its own api_key to target a
different customer.
Configuration
Everything is set in .env (copied from .env.example):
Variable | Required | Default | Description |
| β | β | API Client (Basic-auth username) |
| β | β | API Secret (Basic-auth password) |
| β | β | Default customer |
| β |
|
|
| β |
| HTTP listen port |
| β |
| HTTP bind address |
| β |
| HTTP MCP route |
| β | (off) | Require |
| β |
| Client-side requests/minute cap |
| β | (from spec) | Override the API base URL |
After changing .env, reload with docker compose up -d --force-recreate.
Tool safety categories
Each tool's description starts with one of these banners and carries the matching MCP annotations:
Banner | Count |
|
| Meaning |
π’ READ-ONLY | 12 |
|
| Fetches data only. Safe. |
π‘ WRITE Β· creates data | 22 |
|
| Creates records (not idempotent β may duplicate). |
π‘ WRITE Β· updates data | 4 |
|
| Modifies existing master data in place. |
π‘ WRITE Β· links/unlinks | 4 |
|
| Assigns/unassigns receipt β transaction. Reversible. |
π‘ WRITE Β· reverts state | 4 |
|
| Un-confirms postings / restores receipts. Reversible. |
π΄ DESTRUCTIVE Β· deletes | 2 |
|
| Deletes a record. Confirm first. |
Hosts that respect annotations (Claude included) can require confirmation for
destructiveHint tools and trust readOnlyHint tools automatically.
Run
npm run list-tools(no credentials needed) to print the full catalog at any time.
Tool | Endpoint |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tool | Endpoint |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tool | Endpoint | Sub-category |
|
| update |
|
| update |
|
| update |
|
| update |
|
| link |
|
| link |
|
| link |
|
| link |
|
| revert |
|
| revert |
|
| revert |
|
| revert |
Tool | Endpoint | Note |
|
| Restorable via |
|
| Not restorable |
Run from source (stdio, no Docker)
Prefer the classic stdio mode for Claude Desktop? Build it locally:
npm install
npm run buildThen point Claude Desktop at the compiled entrypoint in claude_desktop_config.json:
{
"mcpServers": {
"buchhaltungsbutler": {
"command": "node",
"args": ["/ABSOLUTE/PATH/Buchhaltungsbutler MCP/dist/index.js"],
"env": {
"MCP_TRANSPORT": "stdio",
"BB_API_CLIENT": "your-api-client",
"BB_API_SECRET": "your-api-secret",
"BB_API_KEY": "your-customer-api-key"
}
}
}
}Or run the container over stdio instead:
{
"mcpServers": {
"buchhaltungsbutler": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "MCP_TRANSPORT=stdio",
"-e", "BB_API_CLIENT", "-e", "BB_API_SECRET", "-e", "BB_API_KEY",
"buchhaltungsbutler-mcp:latest"
],
"env": {
"BB_API_CLIENT": "your-api-client",
"BB_API_SECRET": "your-api-secret",
"BB_API_KEY": "your-customer-api-key"
}
}
}
}(Build the image first: docker build -t buchhaltungsbutler-mcp:latest .)
Keeping the spec current
The bundled spec.json is the official BuchhaltungsButler v1 OpenAPI spec β the
source of truth for the tools. To refresh against a newer API version:
curl -s https://app.buchhaltungsbutler.de/docs/api/v1.de.json -o spec.json
npm run buildNew paths are picked up automatically; add them to PATH_CATEGORY in
src/categories.ts so they get the correct safety category (unmapped paths fall back
to the safe-but-conservative create category).
Development
npm install
npm run build # compile TypeScript β dist/
npm test # run the Vitest suite
npm run list-tools # print the categorized tool catalog (no credentials needed)CI builds and tests every push across Node 20 and 22; pushes to main also publish a
Docker image to the GitHub Container Registry.
Notes & conventions
Dates:
YYYY-MM-DD. Amounts: dot decimal separator (e.g.-12.30).File uploads (
receipts_upload,receipts_add,receipts_addBatch): pass the file as a base64 string in thefilefield.Paging: most
gettools acceptlimitandoffset.Batch tools take arrays of objects; item schemas are resolved from the spec definitions and shown to the model.
Rate limit: BuchhaltungsButler allows 100 requests/customer/minute; the server self-throttles at
BB_RATE_LIMIT(default 90) to stay safely under it.
Security
Your API credentials live only in
.env, which is git-ignored. Never commit real secrets. If any leak, rotate them in BuchhaltungsButler β Settings β API.The HTTP endpoint is unauthenticated by default (fine on localhost). To expose it beyond your machine, set
MCP_AUTH_TOKENand send it as anAuthorization: Bearer <token>header β ideally behind TLS.
See SECURITY.md for the full policy and how to report a vulnerability.
Credits & license
An unofficial community integration for BuchhaltungsButler; not affiliated with or endorsed by BuchhaltungsButler. Built on the Model Context Protocol. Licensed under the MIT License.
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ohneben/Buchhaltungsbutler-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server