gomag-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@gomag-mcpshow me orders placed today"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
gomag-mcp
A production-ready Model Context Protocol (MCP) server for the Gomag Public API, giving AI assistants like Claude direct, audited access to your Gomag e-commerce store.
Gomag is a Romanian e-commerce platform. This server exposes its entire public REST API as 48 typed MCP tools across 10 categories — from product and order management to shipping (AWB), invoicing, and loyalty points.
Features
48 MCP tools covering every Gomag Public API endpoint
Full structured audit logging — every tool call produces an immutable JSON Lines record (file + stderr)
Sensitive-field redaction — passwords, tokens, and API keys are masked in logs
Rate-limit awareness — tracks Gomag's Leaky Bucket headers and backs off automatically on 429
Exponential back-off retry for transient 429 / 5xx failures (configurable retries and factor)
Connection pooling via
httpx.AsyncClient(keep-alive, max connections)Fully async — non-blocking from transport to tool handler
Two MCP resources —
gomag://healthandgomag://rate-limitfor observabilityZero secrets in code — all credentials come from environment variables
Related MCP server: CS-Cart MCP Server
Requirements
Python ≥ 3.10
A Gomag store with Public API access enabled
Your API Key and Shop URL from the Gomag admin panel
Installation
From source (recommended while in beta)
git clone https://github.com/florinel-chis/gomag-mcp.git
cd gomag-mcp
# Create and activate a virtual environment
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
# Install
pip install -e .Using pip (once published)
pip install gomag-mcpConfiguration
All configuration is via environment variables (prefix GOMAG_). Copy .env.example to .env and fill in your credentials:
cp .env.example .envRequired
Variable | Description |
| Your Gomag API key ( |
| Your shop URL, e.g. |
Optional
Variable | Default | Description |
|
| Gomag API base URL |
|
| Custom User-Agent (must not be |
|
| HTTP timeout in seconds |
|
| Retry attempts for 429 / 5xx responses |
|
| Exponential back-off multiplier (seconds) |
|
| Path to the rotating JSON Lines audit log |
|
| Max log file size before rotation (10 MB) |
|
| Number of rotated backup files to keep |
|
| Also emit audit events to stderr |
Integration
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"gomag": {
"command": "gomag-mcp",
"env": {
"GOMAG_API_KEY": "your_api_key_here",
"GOMAG_API_SHOP": "https://yourshop.gomag.ro"
}
}
}
}Claude CLI (claude)
# Run once to register
claude mcp add gomag -- gomag-mcp
# Or with environment variables inline
GOMAG_API_KEY=xxx GOMAG_API_SHOP=https://yourshop.gomag.ro gomag-mcpRun manually
# With .env file in current directory
gomag-mcp
# Or explicit env vars
GOMAG_API_KEY=xxx GOMAG_API_SHOP=https://yourshop.gomag.ro gomag-mcpAvailable Tools
Products (/api/v1/product/)
Tool | Method | Endpoint | Description |
| GET |
| List products — filter by id, sku, category, brand, updated date, promo tag, language |
| POST |
| Create products — supports multi-language names/descriptions and product variants |
| POST |
| Patch existing products by id or sku |
| POST |
| Bulk-update price, special price, and stock levels |
| POST |
| Delete products by id or sku |
Categories (/api/v1/category/)
Tool | Method | Endpoint | Description |
| GET |
| List categories — filter by id, parent, language |
| POST |
| Create categories with multi-language names |
| POST |
| Patch existing categories |
| POST |
| Delete empty categories |
Orders (/api/v1/order/)
Tool | Method | Endpoint | Description |
| GET |
| List orders — filter by id, number, status, date range, email, phone |
| GET |
| Get all available order status types |
| POST |
| Create an order with billing, shipping, products, and discounts |
| POST |
| Change order status with optional customer notification |
| POST |
| Attach a public or private note to an order |
| POST |
| Attach a file (by URL) to an order |
Customers (/api/v1/customer/)
Tool | Method | Endpoint | Description |
| GET |
| List customers — filter by id, email, phone, modified date |
| GET |
| Products a customer has previously ordered |
| POST |
| Register a new customer account |
| POST |
| Update customer details |
| POST |
| Authenticate a customer |
| POST |
| Change customer password |
| POST |
| Trigger password recovery email |
| POST |
| Submit GDPR account-deletion request |
Shipping / AWB (/api/v1/awb/)
AWB = Air Waybill — the tracking/shipping label used by Romanian courier services.
Tool | Method | Endpoint | Description |
| GET |
| List configured courier/carrier integrations |
| GET |
| List AWB records — filter by order, tracking number, carrier |
| POST |
| Manually register an AWB tracking number |
| POST |
| Auto-generate an AWB via the carrier API |
| POST |
| Delete an AWB record |
| POST |
| Generate a printable shipping label |
| POST |
| Update AWB delivery status |
Invoices (/api/v1/invoice/)
Tool | Method | Endpoint | Description |
| POST |
| Register an invoice for an order |
| POST |
| Auto-generate invoice using store settings |
| POST |
| Cancel (void) an invoice |
Attributes (/api/v1/attribute/)
Tool | Method | Endpoint | Description |
| GET |
| List product attributes |
| POST |
| Create attributes with multi-language names and values |
| POST |
| Patch existing attributes |
Reviews (/api/v1/review/)
Tool | Method | Endpoint | Description |
| GET |
| List reviews — filter by product, customer, approval status |
| POST |
| Submit a product review (1–5 stars) |
Wishlist (/api/v1/wishlist/)
Tool | Method | Endpoint | Description |
| GET |
| List a customer's saved products |
| POST |
| Add a product to a customer's wishlist |
| POST |
| Remove a product from a wishlist |
Store Reference Data
Tool | Method | Endpoint | Description |
| GET |
| List configured currencies |
| GET |
| List payment methods |
| GET |
| List brands/manufacturers |
| GET |
| Filterable attributes for a category |
| GET |
| Promotional banners |
| POST |
| Customer loyalty points balance |
| POST |
| Create a shopping cart discount rule |
MCP Resources
Two read-only resources are exposed for observability:
URI | Description |
| Server status, configured shop URL, and current rate-limit snapshot |
| Live rate-limit counters from the most recent API response |
Audit Logging
Every tool call — success or failure — writes one JSON Lines record to gomag_audit.jsonl (and optionally stderr). The file rotates automatically at 10 MB (5 backups kept by default).
Log record schema
{
"timestamp": "2026-03-27T10:00:00.123456+00:00",
"level": "AUDIT",
"event_type": "tool_call",
"request_id": "550e8400-e29b-41d4-a716-446655440000",
"tool_name": "product_list",
"parameters": { "page": 1, "limit": 10 },
"api_method": "GET",
"api_path": "/api/v1/product/read/json",
"http_status": 200,
"duration_ms": 123.456,
"success": true,
"error_message": null,
"rate_limit_remaining_read": 45,
"rate_limit_remaining_write": 10
}On error, event_type is "tool_error", success is false, and error_message contains the exception text.
Sensitive field redaction
The following parameter names are always replaced with ***REDACTED*** in audit records, regardless of case:
password · confirmpassword · apikey · api_key · token · secret · authorization
Rate Limiting
The Gomag API implements a Leaky Bucket algorithm applied per shop across all API access.
Response headers (present on every response until the limit is reached):
Header | Description |
| Read request processing rate (req/s, default 1) |
| Maximum read requests in a burst |
| Read requests remaining before throttling |
| Write request processing rate (req/s, default 1) |
| Maximum write requests in a burst |
| Write requests remaining before throttling |
This server:
Parses all six headers after every request
Exposes the latest values via
gomag://rate-limitOn a 429 response, waits at least 1 second before the first retry, then uses exponential back-off for subsequent retries
On 5xx responses, uses pure exponential back-off (
factor × 2^attempt)
Gomag API Reference
The Gomag Public API is documented within the included Postman collection (Gomag Public API.postman_collection.json). Key details:
Authentication
All requests require the ApiShop header. Write operations (POST) additionally require the Apikey header.
ApiShop: https://yourshop.gomag.ro # every request
Apikey: your_api_key_here # POST requests only
User-Agent: <custom value> # must not be PostmanRuntime/…Both values are obtained from your Gomag admin panel under Settings → API.
Request format
HTTP method | Parameters |
| URL query string |
|
|
Base URL
https://api.gomag.roResponse format
All endpoints return JSON. Paginated list endpoints include:
{
"total": 1250,
"page": 1,
"pages": 13,
"items": [ ... ]
}Multi-language fields
Products, categories, and attributes support localised names. Language codes follow ISO 639-1 (ro, en, hu, etc.) and are configured per shop:
{
"name": {
"ro": "Geacă softshell",
"en": "Softshell jacket"
}
}Security
Password handling
The following tools accept plaintext passwords in their parameters:
Tool | Sensitive parameters |
|
|
|
|
|
|
Important notes:
Passwords are transmitted to the Gomag API over HTTPS. Never call these tools over an unencrypted connection.
Passwords are never written to audit logs — only the
emailfield is logged for these calls.Do not pass plaintext passwords to an AI assistant in contexts where chat history is persisted or shared.
Audit log security
The audit log file (
gomag_audit.jsonl) contains API call metadata. Restrict file permissions appropriately.The startup log prints the absolute path to the audit file — check this to confirm where logs are written.
.envfiles and*.jsonllog files are excluded from git via.gitignore.
Development
Running tests
pip install -e ".[dev]"
pytestTests use respx to mock HTTP responses — no live credentials required.
Project layout
src/gomag_mcp/
├── __init__.py # package version
├── __main__.py # enables `python -m gomag_mcp`
├── server.py # FastMCP entry point, lifespan, resources
├── config.py # Pydantic settings (GOMAG_* env vars)
├── audit.py # Structured JSON audit logger
├── client.py # Async HTTP client (retry, rate-limit, pooling)
├── context.py # Shared AppContext (avoids circular imports)
└── tools/
├── product.py # 5 tools
├── category.py # 4 tools
├── order.py # 6 tools
├── customer.py # 8 tools
├── awb.py # 7 tools
├── invoice.py # 3 tools
├── attribute.py # 3 tools
├── review.py # 2 tools
├── wishlist.py # 3 tools
└── misc.py # 7 toolsAdding a new tool
Find (or create) the appropriate module in
src/gomag_mcp/tools/Add a function inside the
register(mcp)function decorated with@mcp.tool()Call
get_context()to access the sharedGomagClientandAuditLoggerWrap the API call with
async with ctx.audit.tool_call(...)— all logging is automatic
@mcp.tool()
async def my_new_tool(param: str) -> dict[str, Any]:
"""Clear docstring — this becomes the tool description visible to Claude."""
ctx = get_context()
params = {"param": param}
async with ctx.audit.tool_call("my_new_tool", params, "GET", "/api/v1/...") as ar:
result = await ctx.client.get("/api/v1/...", params=params)
ar.update(result)
return result["data"]License
MIT © 2026 florinel-chis
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/florinel-chis/gomag-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server