A serverless Monzo → Claude connector on Cloudflare Workers
There are already a few Monzo MCP servers (partymola, BfdCampos, an npm one), and they're good — but they're all local stdio servers you run on your own machine. This is the first remote/serverless one I've found: it lives on a Cloudflare Worker, so you authenticate once and it follows you to every Claude surface, with nothing to keep running.
Documentation
Monzo → Claude Connector

A remote MCP server, running on a Cloudflare Worker, that gives Claude read-only access to your Monzo account over OAuth.
Once connected in claude.ai, you can ask things like "what's my Monzo balance?", "list my recent transactions", or "how much is in my savings pots?" in any chat — web, desktop, or phone. Authenticate once; it follows you everywhere. No laptop, no local server, nothing to keep running.
Not affiliated with Monzo. This is a personal-use tool built on Monzo's public developer API. Use at your own risk, and read Security model before deploying.
What it exposes
| Tool | Description |
|---|---|
get_accounts | Open accounts (personal, joint, Flex, rewards) with ids/sort codes |
get_balance | Balance, total incl. pots, and spent-today — one account or all |
list_transactions | Recent transactions (last 90 days), filterable by date |
get_transaction | Full detail on a single transaction |
list_pots | Savings pots and their balances |
Read-only by design: no payments, transfers, or pot movements — the tools simply don't exist, so no amount of prompt injection can move money.
Architecture
Claude (claude.ai) ──OAuth──> This Worker ──OAuth──> Monzo API
│
workers-oauth-provider (KV) + McpAgent (Durable Object)
@cloudflare/workers-oauth-provideris the OAuth server Claude authenticates to — it handles dynamic client registration,/authorize,/token, and grant storage in KV.src/monzo-handler.tsbridges that to Monzo's OAuth (authorize → magic-link email → in-app approval → callback).src/mcp.tsis theMcpAgent— one Durable Object per connected user, holding that user's Monzo tokens and refreshing them automatically via the refresh token.src/monzo.tsis the thin Monzo API client.
Security model
Worth understanding before you deploy — the design isolates users by construction:
- No standing bank credential in the Worker. The only Worker-level secrets
are the Monzo OAuth
client_id/client_secret, which can exchange authorization codes but cannot read any account data by themselves. - Tokens live per-grant, not per-Worker. When a user completes the OAuth
dance, their Monzo tokens are stored encrypted inside their grant
(
completeAuthorization({ props: ...tokens })). Every MCP request is resolved through the caller's bearer token to their grant, their Durable Object, their Monzo account. There is no request that reaches another user's data. - Unauthenticated requests get 401. The
/mcpendpoint only answers to bearer tokens the Worker itself issued. - Monzo adds its own gates. Developer-portal OAuth clients only authorize the client owner (plus explicitly added collaborators), and every login requires approval in the Monzo app on the account holder's phone (SCA).
- Scopes are read-only and the payment/transfer endpoints are never called.
Residual risks are the usual ones for any connector: protect the deployed secrets, and treat your claude.ai session like the credential it is.
Setup
-
Register a Monzo OAuth client at https://developers.monzo.com — Confidentiality: Confidential (required for refresh tokens). Redirect URL:
https://<your-worker>.workers.dev/callback. -
Fill secrets in
.dev.vars(gitignored) for local dev:MONZO_CLIENT_ID=oauth2client_... MONZO_CLIENT_SECRET=mnzconf... COOKIE_ENCRYPTION_KEY=<openssl rand -hex 32> -
Create the KV namespace and paste the returned id into
wrangler.jsonc(replacing<YOUR_OAUTH_KV_NAMESPACE_ID>):npx wrangler kv namespace create OAUTH_KV -
Deploy and push secrets:
npx wrangler deploy npx wrangler secret put MONZO_CLIENT_ID npx wrangler secret put MONZO_CLIENT_SECRET npx wrangler secret put COOKIE_ENCRYPTION_KEY -
Add the connector in claude.ai → Settings → Connectors → Add custom connector →
https://<your-worker>.workers.dev/mcp→ authorize. You'll be bounced through Monzo's login (magic-link email + approve in the Monzo app), then Claude shows the five tools.
Works in Claude Code too:
claude mcp add --transport http monzo https://<your-worker>.workers.dev/mcp
Notes & limitations
- Monzo only exposes the last 90 days of transactions unless you re-authenticate immediately after approving access; this connector accepts that rolling window.
- Monzo developer clients are single-user unless Monzo approves your app for production — fine for the personal-use case this is built for.
- Secrets live in
.dev.vars(local) and Wrangler secrets (prod) — never in git. The.gitignoreenforces this.
License
MIT — do what you like, no warranty. Monzo, Claude, and Cloudflare names and logos belong to their respective owners.