Whop MCP
Whop provides Model Context Protocol (MCP) servers to manage your servers and accelerate app development with AI assistance.
Independent reference guide - updated May 3, 2026
Whop MCP Server: The Complete Setup, Docs & Checkout API Guide
Set up Whop MCP for Claude, Cursor, VS Code, Windsurf, and Claude Code. Compare Whop Docs MCP vs Whop API MCP, use the official mcp.whop.com server, and understand checkout/API access before giving an AI client write-capable credentials.
Whop provides Model Context Protocol servers for two different jobs: a documentation server that helps agents read Whop developer docs, and an API server that can call live Whop API endpoints with your API key. This page is an independent Whop MCP reference, not an official Whop Inc. property.
If you are starting from zero, begin with the official Whop AI and MCP guide and mcp.whop.com. Use read-only prompts first, then move into checkout, payments, memberships, and other write actions only after you understand the API key permissions involved.
Contents
Find the right Whop MCP path
Use this index when you already know the job: choosing a server, connecting a client, authorizing API access, building checkout, reducing risk, or fixing a broken MCP setup.
- 01SummaryAnswer the core Whop MCP questions before you configure anything.
- 02ServersCompare Docs MCP, remote API MCP, and the local
@whop/mcppackage. - 03SetupConnect Claude, Cursor, VS Code, Windsurf, and ChatGPT-style clients.
- 04AuthChoose Company API keys, App API keys, OAuth, and bearer-token patterns.
- 05CheckoutCreate safer checkout workflows with configurations, sessions, embeds, and affiliates.
- 06API mapUnderstand the Whop API MCP tool families before approving live calls.
- 07SandboxTest payment and membership flows before touching production data.
- 08SafetySet guardrails for write-capable tools, permissions, and secrets.
- 09TroubleshootingFix missing servers, stale auth, 401/403 errors, and tool overload.
- 10AlternativesCompare official Whop MCP with hosted gateways and scrapers.
- 11Related guidesOpen deeper setup, API key, checkout, and troubleshooting guides.
- 12FAQResolve common Whop MCP setup, API, and checkout questions.
TL;DR
| Question | Short answer |
|---|---|
| What is Whop MCP? | Whop MCP lets MCP-compatible AI clients read Whop docs or call Whop API tools through the Model Context Protocol. |
| Is there one server? | No. Whop documents a Docs MCP at https://docs.whop.com/mcp and an API MCP at https://mcp.whop.com/mcp or https://mcp.whop.com/sse. |
| Which endpoint should I use? | Use the Docs MCP when building against documentation. Use the API MCP when the agent needs live Whop data or API actions. |
| Where does checkout fit? | Checkout is part of the Whop API surface. The API MCP can expose checkout configuration tools when your API key has the required permissions. |
| What is the main risk? | The API MCP can mutate live store data. Treat it like a real integration with credentials, permissions, and approval gates. |
Brand note: this page is about Whop, the commerce and developer platform. It is not about WHOOP fitness devices or health data.
The two Whop MCP servers
The most common confusion is that "Whop MCP" can mean three related things: the read-only documentation server, the remote API server, or the local npm package that runs the API server as a subprocess. They are not interchangeable.
| Whop Docs MCP | Whop API MCP remote | @whop/mcp local | |
|---|---|---|---|
| URL or install | https://docs.whop.com/mcp | https://mcp.whop.com/mcp or https://mcp.whop.com/sse | npx -y @whop/mcp |
| Auth | No API key for documentation lookup. | API key prompt in the client. | WHOP_API_KEY environment variable. |
| Live store data | No. | Yes, subject to key permissions. | Yes, subject to key permissions. |
| Write actions | No. | Yes, subject to key permissions. | Yes, subject to key permissions. |
| Best for | Looking up Whop docs while building. | Calling the live Whop API from Claude, Cursor, VS Code, Windsurf, or another MCP client. | Advanced local setup, filtering tools, dynamic tools, code mode, or local sandbox-style testing. |
| Source | Whop AI and MCP docs | mcp.whop.com | npm package |
Whop Docs MCP
The Docs MCP gives an AI agent access to Whop developer documentation so it can look up API behavior, SDK usage, checkout details, and configuration examples. It is the right server when the agent is helping you build an app or write code and does not need to touch your live Whop data.
{
"mcpServers": {
"whop-docs": {
"url": "https://docs.whop.com/mcp"
}
}
}
The broader documentation index is also available at docs.whop.com/llms.txt, which is useful when you want an agent to discover the docs before answering.
Whop API MCP remote
The API MCP is the server for live actions. Whop documents two remote transports: HTTP Streaming at https://mcp.whop.com/mcp and SSE at https://mcp.whop.com/sse. Use this when the agent needs to list products, inspect payments, create checkout configurations, review memberships, or call another Whop API endpoint.
@whop/mcp npm package
The npm package is the official local Whop API MCP server. It supports normal explicit tools, --tools=dynamic for large API surfaces, and --tools=code for a docs search tool plus Deno-sandboxed code execution against the TypeScript client. It also supports --client=cursor, --client=claude, --client=claude-code, and --client=openai-agents compatibility tuning.
export WHOP_API_KEY="your_api_key_here"
export WHOP_WEBHOOK_SECRET="optional_webhook_secret"
export WHOP_APP_ID="optional_app_id"
npx -y @whop/mcp@latest --client=cursor --tools=dynamic
When to use which
Building a Whop app
Use Docs MCP for implementation help and API MCP when the agent needs to test live API calls. Keep the two servers named separately in your client.
Running store operations
Use API MCP only. Start with listing and auditing tasks before approving anything that changes products, plans, payments, memberships, or checkout data.
Large API exploration
Use local @whop/mcp --tools=dynamic so the client can discover endpoint schemas instead of loading every tool at once.
Multi-step developer tasks
Use local @whop/mcp --tools=code when the agent needs to write small scripts against the Whop SDK and chain multiple API calls.
Setup by client
Use separate server names for docs and API access. That makes approval dialogs easier to read and reduces the chance that a documentation question turns into a live API call.
Claude Web
Open Claude Web, go to Settings, choose Connectors, add a custom connector, and use the Whop API MCP URL:
https://mcp.whop.com/sse
When the connector asks for authorization, provide the Whop API key that matches the data and permissions you want the agent to access.
Claude Desktop
Edit claude_desktop_config.json. On macOS, check ~/Library/Application Support/Claude/claude_desktop_config.json. On Windows, check %APPDATA%\Claude\claude_desktop_config.json. Whop's remote setup uses mcp-remote to bridge the SSE endpoint into Claude Desktop.
{
"mcpServers": {
"whop_sdk_api": {
"command": "npx",
"args": ["-y", "mcp-remote@latest", "https://mcp.whop.com/sse"]
}
}
}
Quit Claude Desktop fully and reopen it. Check the tools icon before asking for any Whop action.
Claude Code
For the remote API server, add the SSE transport and authenticate on first use:
claude mcp add --transport sse whop https://mcp.whop.com/sse
For local stdio with the npm package:
claude mcp add --transport stdio whop_sdk_api \
--env WHOP_API_KEY="your_api_key_here" \
--env WHOP_WEBHOOK_SECRET="optional_webhook_secret" \
--env WHOP_APP_ID="optional_app_id" \
-- npx -y @whop/mcp
Cursor
Use ~/.cursor/mcp.json for a global install or .cursor/mcp.json for a project install. Add the docs server when you want documentation lookup:
Add the API server when you want live Whop API actions:
If Cursor warns about too many tools, use the local npm package with --tools=dynamic or filter the tool surface.
VS Code with GitHub Copilot
Open the command palette and run MCP: Open User Configuration, or create .vscode/mcp.json for a workspace. Newer VS Code MCP configuration uses a top-level servers object and supports prompted inputs for secrets.
{
"inputs": [
{
"id": "whop-api-key",
"type": "promptString",
"description": "Whop API key",
"password": true
}
],
"servers": {
"whop_sdk_api": {
"command": "npx",
"args": ["-y", "@whop/mcp"],
"env": {
"WHOP_API_KEY": "${input:whop-api-key}"
}
}
}
}
Windsurf
Use ~/.codeium/windsurf/mcp_config.json. Whop's remote setup uses mcp-remote with the SSE endpoint:
Windsurf also supports environment interpolation, so avoid pasting permanent API keys into a public project file.
ChatGPT, Codex, and other clients
Use a client that supports MCP directly when possible. For clients without arbitrary MCP server support, use a hosted gateway such as Zapier, Pipedream, or Composio, and be explicit that the gateway stores and executes the integration.
First safe test prompt
After setup, run a non-destructive prompt first:
List the available Whop MCP tools. Do not call any tool that creates, updates, deletes, refunds, cancels, retries, or sends data.
Authentication and API keys
Whop documents three credential paths for API usage. Choose the one that matches who owns the data and whose permissions should apply.
Company API key
Use this for your own company data. Create it in the Whop developer dashboard and grant only the permissions the MCP workflow needs.
App API key
Use this when you are building an installed Whop app that accesses companies that installed your app. The key is available in the app's environment variables.
OAuth tokens
Use OAuth 2.1 with PKCE when the action should happen on behalf of an individual Whop user rather than your company or app.
Bearer header
Authenticated API calls use Authorization: Bearer <token>. The public API base URL is https://api.whop.com/api/v1.
Permission examples
Whop permissions are scoped by endpoint. For example, checkout configuration creation requires checkout_configuration:create, plan:create, access_pass:create, access_pass:update, and checkout_configuration:basic:read. Payment refunds require payment-management permission plus supporting read scopes. Do not give an MCP workflow broad write access if it only needs to list records.
Read the full Whop API keys for MCP guide.
Checkout via Whop MCP
Checkout is the most valuable long-tail use case because it connects MCP setup to real developer work. A Whop agent can help create a checkout configuration, inspect checkout configuration IDs, prepare embed code, or attach metadata and affiliate attribution when the selected MCP server exposes the relevant API endpoint and your key has permission.
Anatomy of Whop checkout
| Primitive | What it means | Common fields |
|---|---|---|
| Plan | The priced unit a customer buys, usually identified by a plan_ ID. | Price, billing period, currency, product/access pass relationship. |
| Checkout configuration | A reusable checkout setup, usually identified by a ch_ ID, that can return a purchase_url shaped like /checkout/plan_xxxx?session=ch_xxxxxxxxxxxxxxx. | plan, affiliate_code, metadata, redirect_url, mode, payment method settings. |
| Checkout session | A session-style checkout object, often used when attaching metadata to a future payment or membership. | Plan, metadata, redirect URL, affiliate code. |
| Embedded checkout | A React or HTML checkout embedded into your own site. | planId, sessionId, returnUrl, affiliateCode, environment, callbacks. |
Prompts that map to checkout API work
Create a configurationCreate a one-time 10 USD checkout configuration for company biz_xxxxxxxxxxx with metadata order_id=order_12345. Return the purchase_url. Show the exact arguments before calling a write tool.
List configurationsList checkout configurations for company biz_xxxxxxxxxxx. Include ID, plan ID, mode, affiliate_code, metadata keys, and purchase_url. Do not modify anything.
Add affiliate attributionDraft the checkout configuration arguments for plan plan_xxxxxxxxxxx with affiliate_code=username and redirect_url=https://example.com/thanks. Do not create it yet.
Prepare embed codeGenerate a minimal React WhopCheckoutEmbed for plan plan_xxxxxxxxxxx with returnUrl and affiliateCode. Keep it copied from the official package shape.
Embedded checkout examples
Whop documents the React package @whop/checkout and the WhopCheckoutEmbed component. Use the official checkout docs as the source of truth before shipping customer-facing checkout code.
import { WhopCheckoutEmbed } from "@whop/checkout/react";
export default function Checkout() {
return (
<WhopCheckoutEmbed
planId="plan_XXXXXXXXX"
returnUrl="https://yoursite.com/checkout/complete"
affiliateCode="username"
/>
);
}
Affiliate attribution
Whop's affiliate guide documents links with ?a=<username> and a default 30-day attribution cookie window. API and embed surfaces also expose affiliate_code or affiliateCode. Use clean links for official docs and disclose affiliate links separately when monetizing this site.
Read the full Whop checkout via MCP guide.
What you can do with Whop API MCP
Exact tools vary by package version, client, transport, and filtering flags. The official npm package currently exposes a broad Whop API surface, including read and write tools. Use the Whop MCP tools reference to map the surface before approving calls.
Apps and platform
Apps, app builds, access tokens, account links, webhooks, files, companies, authorized users, users, and app infrastructure.
Products and plans
Products, plans, experiences, checkout configurations, promo codes, invoices, setup intents, and payment methods.
Payments
Payments, refunds, disputes, dispute evidence, dispute alerts, resolution center cases, payment retries, voiding, and fees.
Memberships
Memberships, members, entries, cancellations, pauses, resumes, access checks, leads, reviews, and shipments.
Courses
Courses, chapters, lessons, course students, course lesson interactions, assessments, progress, and content operations.
Community
Chat channels, messages, reactions, support channels, forums, forum posts, direct channels, notifications, and moderation workflows.
Marketing
Affiliates, affiliate overrides, ad campaigns, ad groups, ads, conversions, promo codes, and growth reporting.
Finance
Ledger accounts, payout accounts, payout methods, transfers, withdrawals, topups, fee markups, verifications, and company token transactions.
Stats and discovery
Stats describe, metric queries, raw queries, and SQL-style analysis when exposed by the active server/tool mode.
Sandbox mode
Use sandbox first when you are testing checkout, payment, or membership flows. Whop documents a sandbox dashboard and sandbox API base URL at https://sandbox-api.whop.com/api/v1. The remote mcp.whop.com page does not currently advertise a separate sandbox MCP URL, so the conservative path is to run @whop/mcp locally with a sandbox API key.
export WHOP_API_KEY="your_sandbox_api_key"
npx -y @whop/mcp@latest --tools=dynamic
Safety and security
A write-capable MCP server with a real Whop API key can change products, create checkout configurations, refund payments, cancel memberships, send messages, or perform other business actions depending on scopes. Treat it like any production integration.
- Use least-privilege keys. Grant only the scopes needed for the workflow.
- Start in sandbox. Test checkout and payment behavior away from live customers.
- Separate docs from API access. Use Docs MCP for docs questions and API MCP only when live actions are needed.
- Read approval dialogs. Inspect the tool name and arguments, not just the agent's summary.
- Filter tools. Use
--tools=dynamic,--operation=read,--resource=..., or exclusion flags to reduce the available tool surface. - Do not commit secrets. Use environment variables, prompted inputs, or client secret storage.
- Pin and review dependencies. Whop documents
@latestandmcp-remote@latestfor convenience, but production workflows should review package changes before upgrading.
Troubleshooting
The MCP server does not appear
Check JSON syntax, full-quit the client, and confirm Node.js 18 or newer is available to the application. GUI apps on macOS sometimes launch with a different PATH than your terminal.
The remote API MCP auth flow is stuck
Whop's remote page recommends clearing the MCP auth cache and restarting the client. Remove the ~/.mcp-auth folder with your operating system's file manager or another safe deletion method, then reopen the MCP client.
Whop returns 401 or 403
A 401 usually means the token is missing or invalid. A 403 usually means the key does not have the permission required by the endpoint. Re-check the key type and the endpoint's documented scopes.
The wrong tool gets called
Use a more specific prompt, split docs and API servers, and filter unnecessary tools. Include the target resource, date range, action type, and whether writes are allowed.
Cursor warns about too many tools
Use @whop/mcp --tools=dynamic or filter with resource/operation flags. Large APIs can overwhelm clients when every endpoint is exposed as a separate tool.
Whop MCP vs hosted gateways
The official Whop server is the right default when you want a direct Whop API or documentation connection. Hosted gateways make sense when you want scheduling, no-code orchestration, multi-app workflows, or a client that does not support MCP directly.
| Option | Best for | Watch out for |
|---|---|---|
| Official Whop API MCP | Direct Whop API access from MCP clients. | API key scope and write action approval. |
| Whop Docs MCP | Documentation lookup while building apps. | It does not call live store data. |
| Zapier MCP for Whop | No-code workflows and cross-app automation. | Task pricing, platform permissions, and action coverage. |
| Pipedream MCP for Whop | Hosted developer workflows and event automation. | Credential storage and workflow execution behavior. |
| Composio Whop toolkit | Multi-tool agent routing across SaaS apps. | Gateway abstraction and exact tool coverage. |
| Apify Whop scraper | Public marketplace scraping. | It is not the authenticated Whop API MCP and does not access private store data. |
Related guides
Use these narrower guides when you already know which client or workflow you are setting up.
- Whop MCP Claude setup
Claude Desktop and Claude Web setup notes, verification prompts, and safety checks. - Whop MCP Cursor setup
Project-level and global Cursor configuration for Whop Docs MCP and API MCP. - Whop MCP VS Code setup
GitHub Copilot MCP configuration, prompted secrets, and workspace setup. - Whop MCP API key guide
Company API keys, App API keys, OAuth tokens, and permission selection. - Whop MCP checkout docs
Checkout configuration, checkout sessions, embedded checkout, and affiliate attribution. - Whop MCP troubleshooting
Fix client visibility, auth, permissions, tool overload, and startup failures. - Whop API keys for MCP
Company keys, App keys, OAuth, permissions, prompted secrets, and safe rotation. - Whop checkout via MCP
Checkout configurations, sessions, embedded checkout, affiliate attribution, and approval prompts. - Whop MCP tools reference
Map checkout, payments, memberships, products, finance, courses, community, and platform tools before approving calls.
FAQ
What is the Whop MCP server?
The Whop MCP server connects MCP-compatible AI clients to Whop documentation or Whop API tools. The Docs MCP helps agents read documentation. The API MCP can call live Whop API endpoints with your API key.
Is there one Whop MCP or two?
There are two official server targets in Whop's docs: https://docs.whop.com/mcp for documentation and https://mcp.whop.com/mcp or https://mcp.whop.com/sse for API actions.
What is mcp.whop.com?
It is the official remote Whop API MCP server landing page. It documents setup for Claude Web, Claude Desktop, Cursor, and Windsurf using the remote SSE endpoint.
What is @whop/mcp?
It is the official npm package for running the Whop API MCP locally. It supports explicit tools, dynamic endpoint discovery, code mode, client compatibility flags, filtering, and HTTP transport.
Which Whop API key should I use?
Use a Company API key for your own company data, an App API key for an installed Whop app, and OAuth tokens when acting on behalf of an individual user. Use the smallest permission set that works.
Can Whop MCP create a checkout?
Yes, when the active API MCP exposes checkout configuration tools and your key has the required checkout, plan, and access-pass permissions. Ask the agent to show arguments before approving a write call.
Does Whop MCP support affiliate tracking?
Whop checkout APIs and embeds support affiliate attribution through fields such as affiliate_code and affiliateCode. Whop's affiliate guide also documents referral links with ?a=<username>.
How do I add Whop MCP to Claude Desktop?
Add an mcp-remote server entry pointing to https://mcp.whop.com/sse in claude_desktop_config.json, then fully restart Claude Desktop.
How do I add Whop MCP to Cursor?
Add https://docs.whop.com/mcp for docs lookup, or use mcp-remote@latest with https://mcp.whop.com/sse for API access. Use global or project-level mcp.json.
Is it safe to give MCP write access to my Whop store?
It can be safe with the right controls, but it is not casual access. Use sandbox first, limit key permissions, filter tools, and review every write-capable tool call before approving it.
Does Whop MCP work with ChatGPT?
Use a direct MCP client where possible. For clients without arbitrary MCP support, route through a hosted gateway and review how that gateway stores credentials and executes actions.
Official sources
Use these as the source of truth when details change:
- Whop AI and MCP guide
- Whop Remote MCP Server
- Whop API getting started
- Whop API authentication
- Whop permissions guide
- Whop embedded checkout
- Create checkout configuration
- Whop affiliates guide
- Whop sandbox guide
- @whop/mcp npm package
- Model Context Protocol specification
- Cursor MCP docs
- VS Code MCP docs
- Windsurf MCP docs
- Claude Code MCP docs
Related Servers
Gdrive Cloudflare worker
Remote MCP server for Google Drive and Sheets running on Cloudflare Workers with full OAuth 2.0 support.
Modal MCP Server
Interact with Modal volumes and deploy Modal applications from within Cursor.
Cisco Hyperfabric MCP
An MCP server that enables LLMs to interact with Cisco Intersight APIs.
SiteBay
Manage your SiteBay WordPress hosting platform. Handle sites, execute server commands, and manage staging environments via natural language.
Aviation Weather
Provides aviation weather information for flight planning from aviationweather.gov.
Cloudglue
Connects Cloudglue to AI assistants, turning video collections into structured data for LLMs. Requires a Cloudglue API Key.
Heroku Platform
Interact with Heroku Platform resources securely using the Heroku CLI. Requires the Heroku CLI and a valid API key.
GDPR Compliance Toolkit
Generate GDPR-compliant privacy policies, data processing agreements, cookie consent text, and DPIA templates for EU businesses.
Snowflake Cortex AI
A server for Snowflake providing tools for its Cortex AI features, including Search, Analyst, and Complete.
Financial Data
Provides access to real-time and historical stock data from the Alpha Vantage API.