How do I scope the Stripe MCP safely?

Use a Stripe restricted API key rather than a secret key. Restricted keys let you grant read/write per resource — e.g. read-only on customers, no access to balance transactions. The MCP respects whatever scopes the key carries.

Does it support Stripe Connect?

Yes. For platforms using Connect, the MCP supports account impersonation headers so an agent can operate on behalf of a connected account without swapping credentials mid-flow.

Can I use it in test mode before production?

Yes — use a test-mode restricted key (starts with `rk_test_`) and the MCP operates entirely against Stripe's test environment. Ideal for building agent workflows without real money moving.

Is there a risk of the agent processing unintended refunds?

Only if you give it write access and run it unattended. The safe pattern is per-call approval for refunds, scoped keys that cannot touch payouts, and running destructive operations in test mode first.

Stripe

Name: Stripe
Availability: InStock
Author: Stripe

Official

Manage payments, customers, and subscriptions through Stripe.

Score 87(?)StripeMIT 1.5kVerified Apr 19, 2026Top MCPs for Commerce & Payments →

Install View on GitHub

Install Stripe

— pick your client, copy, paste.

claude_desktop_config.jsonjson

{
  "mcpServers": {
    "stripe": {
      "command": "npx",
      "args": [
        "-y",
        "@stripe/mcp"
      ],
      "env": {
        "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
      }
    }
  }
}

Paste under mcpServers. Fully quit and reopen Claude after editing.

CLI or .mcp.jsonshell

# export STRIPE_SECRET_KEY=sk_test_your_key
claude mcp add stripe -- npx -y @stripe/mcp

Run from your repo. Commit .mcp.json to share with your team.

.cursor/mcp.jsonjson

{
  "mcpServers": {
    "stripe": {
      "command": "npx",
      "args": [
        "-y",
        "@stripe/mcp"
      ],
      "env": {
        "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
      }
    }
  }
}

Global path: ~/.cursor/mcp.json. Reload window after editing.

.vscode/mcp.jsonjsonc

{
  "servers": {
    "stripe": {
      "command": "npx",
      "args": [
        "-y",
        "@stripe/mcp"
      ],
      "env": {
        "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
      }
    }
  }
}

VS Code uses the "servers" key (not "mcpServers").

~/.codeium/windsurf/mcp_config.jsonjson

{
  "mcpServers": {
    "stripe": {
      "command": "npx",
      "args": [
        "-y",
        "@stripe/mcp"
      ],
      "env": {
        "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
      }
    }
  }
}

Open via Cascade → hammer icon → Configure.

cline_mcp_settings.jsonjson

{
  "mcpServers": {
    "stripe": {
      "command": "npx",
      "args": [
        "-y",
        "@stripe/mcp"
      ],
      "env": {
        "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
      }
    }
  }
}

Open via the Cline sidebar → MCP Servers → Edit.

~/.continue/config.jsonjson

{
  "experimental": {
    "modelContextProtocolServers": [
      {
        "transport": {
          "type": "stdio",
          "command": "npx",
          "args": [
            "-y",
            "@stripe/mcp"
          ],
          "env": {
            "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
          }
        }
      }
    ]
  }
}

Continue uses modelContextProtocolServers with a transport block.

~/.codex/config.tomlshell

# ~/.codex/config.toml
[mcp_servers.stripe]
command = "npx"
args = [
  "-y",
  "@stripe/mcp",
]
env = { STRIPE_SECRET_KEY = "${STRIPE_SECRET_KEY}" }

Codex uses TOML. Each server is a [mcp_servers.<name>] subtable.

~/.config/zed/settings.jsonjsonc

{
  "context_servers": {
    "stripe": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "@stripe/mcp"
        ]
      },
      "env": {
        "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
      }
    }
  }
}

Zed calls them "context_servers". Settings live-reload on save.

ChatGPT → Settings → Connectors → Developer modejson

{
  "name": "Stripe",
  "transport": "stdio",
  "command": "npx",
  "args": [
    "-y",
    "@stripe/mcp"
  ],
  "env": {
    "STRIPE_SECRET_KEY": "${STRIPE_SECRET_KEY}"
  }
}

Enable Developer mode (paid plans) and enter these values in the UI.

Quick answer

What it does

Exposes the Stripe REST API as MCP tools: customer CRUD, subscription management, invoice creation, payment inspection, refund processing, and payout reconciliation.

Best for

Support agent lookups
Billing state inspection
Automated refunds with approval
Subscription drift audits

Not for

Unattended payout initiation
Fraud-review workflows requiring compliance trail

Setup recipe

1
Install
Copy the install snippet for your client from the Install section above.
2
Set required secrets
Set STRIPE_SECRET_KEY in your shell environment before launching your MCP client.
3
Try a minimum working prompt
Verify test-mode setup with a safe read
Using my test-mode Stripe key, list my 10 most recent customers with fields: id, email, created. Confirm the key is test-mode before returning results.
Tested with: Claude Desktop, Cursor.

Tools & permissions

Tools list pending verification. The server exposes tools over MCP; we haven’t yet parsed its capability manifest into this page. Check the GitHub repo for the authoritative list.

Security & scope

Access scope: Network
Sandbox: Authenticates with a Stripe secret key (sk_live_... or sk_test_...). API access scope matches the key permissions.
Gotchas: The MCP does not distinguish between live-mode and test-mode keys — mistakes on a live key affect real charges. Always develop with sk_test_ first.
Restricted API keys (Stripe lets you scope keys by resource) are strongly recommended over root secret keys for agent use.

Agent prompt pack

— copy into Claude, Cursor, or ChatGPT.

Paste into Claude, Cursor, or ChatGPT. Edit the [brackets] before sending.

Recommend the best MCP servers for [task: e.g. commerce & payments work] in [client: Claude].

Constraints:
- Prefer tools that are [official | open-source | read-only] — pick what matters for my use case.
- Exclude MCPs that require [e.g. a paid plan, OAuth-only flows, remote-only transport].
- Return at most 3 picks, ranked.

For each pick include:
1. One-sentence rationale.
2. The ready-to-paste install snippet for my client.
3. Any required secrets I need to create before installing.

Cross-check the top-mcps.com listing: https://top-mcps.com/top-mcps-for-commerce-payments

Compare Stripe against a real alternative. Swap the second MCP in [brackets] if you want a different match.

Compare Stripe MCP vs [Shopify MCP] for the following job: [describe the job, e.g. "let an agent create GitHub issues on bug triage"].

Judge them on:
- Setup time and complexity (what a new user hits first).
- Auth model (none / API key / OAuth 2.1) and credential risk.
- Transport (stdio / Streamable HTTP / SSE) and where the server runs.
- Required secrets and the blast radius if they leak.
- Operational risk in an unattended agent loop.
- Which one is "good enough" for a weekend prototype vs. production.

End with one sentence: which should I pick for my scenario, which is: [my scenario].

References:
- https://top-mcps.com/mcp/stripe
- top-mcps.com listing for Shopify

Asks the agent to install and verify. Works inside Claude Code, Cursor Agent, Codex CLI.

Install the Stripe MCP server for my [client: Claude] at the default config path for that client.

Use the exact install snippet published at https://top-mcps.com/mcp/stripe (fetch https://top-mcps.com/mcp/stripe.json for the canonical server.json if you can read URLs).

Before finishing:
1. Create the required secrets (STRIPE_SECRET_KEY) and put them in the appropriate env block — do not hard-code them.
2. Restart or reload the client so it picks up the new server.
3. Verify the server is connected (green / running state) and at least one tool is listed.
4. If anything fails, read the client's MCP logs and report the exact error — do not silently retry.

Confirm when done and list the tools the server now exposes.

Frequently asked questions

What changed

— 2 updates tracked.

Apr 19, 2026
Refreshed install snippets and fact sheet; verified for 2026.
Mar 10, 2025
Initial directory listing.

More Commerce & Payments MCPs

Other tools in the same category worth evaluating.

Shopify

Official

Read products, orders, and inventory from your Shopify store.

shopifyecommerceproductsorders

10 minMedium

Exploring Top MCPs for Commerce & Payments? See all Commerce & Payments MCPs →