MCP API — AI-driven ERP

Drive your ERP from Claude, ChatGPT or Cursor with the MCP AI API

eyeot's native MCP server exposes your management software to an AI agent without a single line of integration code. Connect Claude Desktop, Cursor or a ChatGPT agent to the MCP endpoint: the agent instantly gains access to more than 1,500 ERP actions (customers, quotes, invoices, stock, tickets, HR, intelligence) as typed tools. Every call stays bounded by your organization's authentication, RBAC permissions and audit trail.

For small and mid-sized businesses that want to automate business tasks end to end through an AI assistant (Claude, ChatGPT, Cursor) or a service agent, with no heavy integration project: create a customer, prepare a quote, detect a stock-out or consolidate reporting, while keeping traceability and access control.

What you can do

Native MCP server

A JSON-RPC 2.0 endpoint (POST /api/v1/mcp) exposes about thirty readable tools for common use cases, plus two meta-tools (eyeot_help, eyeot_call) that cover the long tail of more than 1,500 ERP actions. Compatible with Claude Desktop, Cursor and ChatGPT agents.

Three agent authentication modes

A service API key (eyk_) for recurring automations, or OAuth 2.1 Auth Code + PKCE and Device Grant (eya_/eyr_) so an agent can act on behalf of a human user — including on Claude Desktop or a browserless CLI.

Anti-duplicate idempotency

An Idempotency-Key header (UUID) protects every creation against double writes after a retry. The 24-hour cache per organization returns the original response on replay; the same key with a different body returns a 409 Conflict.

Dry-run mode (preview)

The X-Dry-Run: true header runs validation and business logic, then rolls everything back. The response details what would have been created, modified or deleted, along with the webhooks and notifications that would fire — so the agent can show the effects before confirming.

RBAC permissions on every call

Each MCP tool checks the actor's permission: an agent scoped to crm:read cannot write. The license guard allows reads (GET) even without an active subscription and returns an enriched 402 (activate_url) on writes.

Global search and resources

A flat cross-cutting search resolves a fuzzy name into an exact identifier, and five direct read resources (customers, quotes, invoices, products, tickets) can be referenced by the agent to explore your data.

Full audit of agent actions

Every call is recorded in the audit log with the actor type and the key used; OAuth actions carry the via:oauth tag. Administrators can find AI activity and filter the log by actor.

Compliance & trust

Traceability and the zero-hallucination rule

All of an agent's actions are written to the audit log (actor, key) and visible to administrators. The protocol requires the agent never to cite an organization, user, role or identifier without having read it through a tool call in the session.

Multi-organization isolation and GDPR

An API key is scoped to a single organization, and an agent never receives a global platform key. The server can also orchestrate a GDPR request (right of access) that aggregates a customer's profile, quotes, invoices, documents and logs into a signed export.

Works with your other modules

  • CRM — customers, opportunities and quotes
  • Billing — customer invoices and Factur-X PDFs
  • Stock — products and stock-out alerts
  • IT Service — ITSM tickets
  • Intelligence — cross-module scores (customer health, revenue)
  • HR — employees and leave

Frequently asked questions

How do I connect my ERP to ChatGPT or Claude?
Install the eyeot-mcp package (pip install eyeot-mcp), then run eyeot-mcp login for Device Grant consent, or add the MCP server https://erp.eyeot.fr/api/v1/mcp with an API key. It works with Claude Desktop, Cursor and ChatGPT agents. No integration development is required.
Can the AI create duplicates on a retry?
No. Every mutating creation uses an Idempotency-Key header: a replay with the same key returns the original response instead of recreating the object. The agent can also preview an action in dry-run (X-Dry-Run) to check the effects before actually executing it.
Can the AI agent exceed a user's permissions?
No. RBAC permissions are checked on every tool call: an agent scoped to read cannot write, and a key is limited to a single organization. If the subscription has expired, reads remain possible but writes return a payment-required message.
Can I see what the AI did in the ERP?
Yes. Every agent action is recorded in the audit log with the actor type and the key used; actions performed on behalf of a human via OAuth carry a dedicated marker. Administrators can filter the log by actor to oversee the activity.
Do I need to build a custom integration?
No. The server follows the Model Context Protocol standard and provides typed tools the agent understands directly, without having to interpret an API specification. A ready-to-use pip package is enough to connect Claude Desktop, Cursor or an agent.
Does my data stay isolated across my organizations?
Yes. An API key is scoped to a specific organization, and an agent never receives a global platform key. To operate across several organizations, you issue one key per organization, which guarantees multi-tenant isolation.

Go further

IntegrationsCross-module intelligenceCRMERPFactur-X

Try eyeot for free

eyeot is a French all-in-one ERP for small and mid-sized businesses, hosted in France and GDPR-compliant. Free for individuals (1 user, every module); simple team packs for companies.

Create my free accountSee pricing