SAP CPI MCP Server
Allows monitoring and managing SAP Cloud Integration (CPI) through its OData APIs, including message processing logs, design-time content, runtime deployment, and admin tasks.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SAP CPI MCP Servershow me failed messages from the last hour"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
SAP CPI MCP Server
A Model Context Protocol server that lets an MCP client (Claude Desktop, Claude Code, etc.) monitor and manage SAP Cloud Integration (CPI / Integration Suite) through its OData v1 APIs — the same surface documented as the "Cloud Integration" package on the SAP Business Accelerator Hub.
It runs locally over stdio or as an HTTP service you can deploy to SAP BTP Cloud Foundry.
42 tools: curated tools for the common workflows, plus generic escape-hatch tools
(cpi_query, cpi_get_entity, cpi_invoke_function, cpi_write) that reach any of the
~130 entity sets and 35 operations the API exposes.
What it can do (tools)
Monitoring — Message Processing Logs (MPL)
Tool | Purpose |
| Search/filter MPLs by status, flow, time window |
| Full MPL entry for a MessageGuid |
| Detailed error/exception text for a failed message |
| Custom header properties (business keys) |
| Per-step run trace within a message |
| Persisted payloads for a message |
| Failures grouped by integration flow (health dashboard) |
| Cancel a processing/retrying message |
Design-time content
Tool | Purpose |
| Packages |
| Package CRUD |
| Copy a standard/Discover package into the workspace |
| Integration flows |
| Download flow as base64 zip |
| Externalized parameters |
| Scripts/XSDs/WSDLs inside a flow |
Runtime & deployment
Tool | Purpose |
| Deployed artifacts + status |
| Deploy iFlow / mapping / script / value-mapping / adapter |
| Undeploy a running artifact |
| Async deploy task status |
| Runtime endpoint URLs of deployed flows |
Admin (security material, config, queues, B2B, logs)
Tool | Purpose |
| User Credential security material |
| OAuth2 client credentials |
| Keystore certificates / key pairs |
| Number ranges |
| Data stores + entries |
| Global/local variables |
| JMS queues (Enterprise plan; 501 on trial) |
| Partner Directory partners |
| System log files |
Generic — full API coverage
Tool | Purpose |
| Discover every entity set & function import |
| Read any entity set with |
| Read one record by (single or composite) key |
| Invoke any function import |
| Create/update/delete any entity (DELETE needs |
⚠️ = write/destructive tool — requires ALLOW_WRITE=true (see below).
Related MCP server: SF-MCP
Write safety
Read tools always work. Write / deploy / delete tools only run when ALLOW_WRITE=true is set
in your .env. In addition, every write action requires an explicit confirm=true: calling a
write tool without it returns an "Are you sure you want to …?" prompt and makes no changes.
Re-run the same tool with confirm=true to proceed. This gives a two-step confirmation for all
create/update/delete/deploy operations.
ALLOW_WRITE=false # default — read-only
ALLOW_WRITE=true # enable the ⚠️ toolsSecuring the HTTP endpoint with OAuth 2.0 (XSUAA)
For the hosted (Cloud Foundry) endpoint, authentication is handled by src/auth.js:
OAuth 2.0 (recommended) — bind an XSUAA instance and the server requires a valid JWT:
cf create-service xsuaa application sap-cpi-mcp-xsuaa -c xs-security.json cf bind-service sap-cpi-mcp-server sap-cpi-mcp-xsuaa cf restage sap-cpi-mcp-server cf create-service-key sap-cpi-mcp-xsuaa claude-connector # -> clientid/secret/url for the clientThe server verifies the JWT signature against XSUAA's JWKS (
<uaa>/token_keys) and checks the audience. A client obtains a token viaclient_credentials(orauthorization_code) from<uaa>/oauth/tokenand calls/mcpwithAuthorization: Bearer <jwt>.Static token (dev/fallback) — if no XSUAA is bound but
MCP_AUTH_TOKENis set, that static bearer token is required instead.Open — if neither is configured, the endpoint is unauthenticated (local/PoC only).
Auth mode is auto-detected: XSUAA binding → OAuth; else MCP_AUTH_TOKEN → static; else open.
The local stdio transport is unaffected by all of this.
1. Get CPI API credentials (one-time)
The OData API is served by the Process Integration Runtime service.
In your BTP subaccount → Instances and Subscriptions → create an instance of Process Integration Runtime with plan
api.Under Roles, grant the roles you need, e.g.:
MessageProcessingLogRead(read MPLs)IntegrationContentRead(read packages / design artifacts / deployed artifacts)MonitoringDataReadFor the ⚠️ write tools (deploy/undeploy/create/delete): add the write/deploy roles too, e.g.
WorkspacePackagesEdit,WorkspaceArtifactsDeploy,MessageProcessingLogCustomHeaderRead, and the relevant security-material roles.
Create a Service Key on that instance. From the key you get:
url→ yourCPI_BASE_URLis<url>/api/v1tokenurl→ yourCPI_TOKEN_URL(it already ends in/oauth/token)clientid→CPI_CLIENT_IDclientsecret→CPI_CLIENT_SECRET
2. Run locally (stdio) with Claude Desktop / Claude Code
npm install
cp .env.example .env # then edit .env with your service-key valuesAdd to your MCP client config (Claude Desktop claude_desktop_config.json):
{
"mcpServers": {
"sap-cpi": {
"command": "node",
"args": ["C:/path/to/sap-cpi-mcp-server/src/index.js"],
"env": {
"CPI_BASE_URL": "https://your-tenant.it-cpiXXX.cfapps.eu10.hana.ondemand.com/api/v1",
"CPI_TOKEN_URL": "https://your-subdomain.authentication.eu10.hana.ondemand.com/oauth/token",
"CPI_CLIENT_ID": "your-client-id",
"CPI_CLIENT_SECRET": "your-client-secret"
}
}
}
}For Claude Code:
claude mcp add sap-cpi -- node C:/path/to/sap-cpi-mcp-server/src/index.js3. Deploy to SAP BTP Cloud Foundry (HTTP)
cf login -a https://api.cf.<region>.hana.ondemand.com
cf target -o <org> -s <space>
# Edit manifest.yml OR set secrets as environment variables:
cf push --no-start
cf set-env sap-cpi-mcp-server CPI_BASE_URL "https://.../api/v1"
cf set-env sap-cpi-mcp-server CPI_TOKEN_URL "https://.../oauth/token"
cf set-env sap-cpi-mcp-server CPI_CLIENT_ID "..."
cf set-env sap-cpi-mcp-server CPI_CLIENT_SECRET "..."
cf set-env sap-cpi-mcp-server MCP_AUTH_TOKEN "a-long-random-secret" # optional gate
cf start sap-cpi-mcp-serverThe MCP endpoint will be:
https://sap-cpi-mcp-server.cfapps.<region>.hana.ondemand.com/mcpConnect an HTTP-capable MCP client:
{
"mcpServers": {
"sap-cpi": {
"type": "http",
"url": "https://sap-cpi-mcp-server.cfapps.<region>.hana.ondemand.com/mcp",
"headers": { "Authorization": "Bearer <MCP_AUTH_TOKEN>" }
}
}
}Security note:
MCP_AUTH_TOKENis a simple shared-secret gate for getting started. For production, front the app with the SAP Application Router + XSUAA for proper OAuth2/JWT protection, and bind credentials via a service instance rather than plain env vars.
4. Example prompts once connected
"Show me all failed messages in the last 4 hours."
"Give me a failure summary for the last 24 hours grouped by integration flow."
"Get the error details for MessageGuid
AGh....""List integration flows in package
MyIntegrationPackageand tell me which are deployed.""Is the
OrderReplicationflow deployed and started? If not, why?"
Notes on the CPI OData API
Collection base:
.../api/v1MPLs:
/MessageProcessingLogs— filter with$filter, sort with$orderby=LogEnd desc.Error text:
/MessageProcessingLogs('<guid>')/ErrorInformation/$value(plain text).Packages:
/IntegrationPackages, flows:/IntegrationDesigntimeArtifacts.Deployed:
/IntegrationRuntimeArtifacts.Time filters use OData datetime literals:
LogEnd gt datetime'2024-01-01T00:00:00'.
Requires Node.js 18+ (uses the built-in fetch).
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/premsaidaggolu/sap-cpi-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server