Labsco
Aiven-Open logo

Whop MCP

from Aiven-Open

Whop provides Model Context Protocol (MCP) servers to manage your servers and accelerate app development with AI assistance.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedPaid serviceNeeds API keys

This domain and project may be available for acquisition. [emailΒ protected]

Independent reference guide - updated May 3, 2026

Find the right Whop MCP path

Use this index when you already know the job: choosing a server, connecting a client, authorizing API access, building checkout, reducing risk, or fixing a broken MCP setup.

  • 01SummaryAnswer the core Whop MCP questions before you configure anything.

  • 02ServersCompare Docs MCP, remote API MCP, and the local @whop/mcp package.

  • 03SetupConnect Claude, Cursor, VS Code, Windsurf, and ChatGPT-style clients.

  • 04AuthChoose Company API keys, App API keys, OAuth, and bearer-token patterns.

  • 05CheckoutCreate safer checkout workflows with configurations, sessions, embeds, and affiliates.

  • 06API mapUnderstand the Whop API MCP tool families before approving live calls.

  • 07SandboxTest payment and membership flows before touching production data.

  • 08SafetySet guardrails for write-capable tools, permissions, and secrets.

  • 09TroubleshootingFix missing servers, stale auth, 401/403 errors, and tool overload.

  • 10AlternativesCompare official Whop MCP with hosted gateways and scrapers.

  • 11Related guidesOpen deeper setup, API key, checkout, and troubleshooting guides.

  • 12FAQResolve common Whop MCP setup, API, and checkout questions.

TL;DR

Question Short answer What is Whop MCP? Whop MCP lets MCP-compatible AI clients read Whop docs or call Whop API tools through the Model Context Protocol. Is there one server? No. Whop documents a Docs MCP at https://docs.whop.com/mcp and an API MCP at https://mcp.whop.com/mcp or https://mcp.whop.com/sse. Which endpoint should I use? Use the Docs MCP when building against documentation. Use the API MCP when the agent needs live Whop data or API actions. Where does checkout fit? Checkout is part of the Whop API surface. The API MCP can expose checkout configuration tools when your API key has the required permissions. What is the main risk? The API MCP can mutate live store data. Treat it like a real integration with credentials, permissions, and approval gates.

Brand note: this page is about Whop, the commerce and developer platform. It is not about WHOOP fitness devices or health data.

The two Whop MCP servers

The most common confusion is that "Whop MCP" can mean three related things: the read-only documentation server, the remote API server, or the local npm package that runs the API server as a subprocess. They are not interchangeable.

Whop Docs MCP Whop API MCP remote @whop/mcp local URL or install https://docs.whop.com/mcp https://mcp.whop.com/mcp or https://mcp.whop.com/sse npx -y @whop/mcp Auth No API key for documentation lookup. API key prompt in the client. WHOP_API_KEY environment variable. Live store data No. Yes, subject to key permissions. Yes, subject to key permissions. Write actions No. Yes, subject to key permissions. Yes, subject to key permissions. Best for Looking up Whop docs while building. Calling the live Whop API from Claude, Cursor, VS Code, Windsurf, or another MCP client. Advanced local setup, filtering tools, dynamic tools, code mode, or local sandbox-style testing. Source Whop AI and MCP docs mcp.whop.com npm package

Whop Docs MCP

The Docs MCP gives an AI agent access to Whop developer documentation so it can look up API behavior, SDK usage, checkout details, and configuration examples. It is the right server when the agent is helping you build an app or write code and does not need to touch your live Whop data.

{
 "mcpServers": {
 "whop-docs": {
 "url": "https://docs.whop.com/mcp"
 }
 }
}

The broader documentation index is also available at docs.whop.com/llms.txt, which is useful when you want an agent to discover the docs before answering.

Whop API MCP remote

The API MCP is the server for live actions. Whop documents two remote transports: HTTP Streaming at https://mcp.whop.com/mcp and SSE at https://mcp.whop.com/sse. Use this when the agent needs to list products, inspect payments, create checkout configurations, review memberships, or call another Whop API endpoint.

@whop/mcp npm package

The npm package is the official local Whop API MCP server. It supports normal explicit tools, --tools=dynamic for large API surfaces, and --tools=code for a docs search tool plus Deno-sandboxed code execution against the TypeScript client. It also supports --client=cursor, --client=claude, --client=claude-code, and --client=openai-agents compatibility tuning.

export WHOP_API_KEY="your_api_key_here"
export WHOP_WEBHOOK_SECRET="optional_webhook_secret"
export WHOP_APP_ID="optional_app_id"
npx -y @whop/mcp@latest --client=cursor --tools=dynamic

When to use which

Building a Whop app

Use Docs MCP for implementation help and API MCP when the agent needs to test live API calls. Keep the two servers named separately in your client.

Running store operations

Use API MCP only. Start with listing and auditing tasks before approving anything that changes products, plans, payments, memberships, or checkout data.

Large API exploration

Use local @whop/mcp --tools=dynamic so the client can discover endpoint schemas instead of loading every tool at once.

Multi-step developer tasks

Use local @whop/mcp --tools=code when the agent needs to write small scripts against the Whop SDK and chain multiple API calls.

Authentication and API keys

Whop documents three credential paths for API usage. Choose the one that matches who owns the data and whose permissions should apply.

Company API key

Use this for your own company data. Create it in the Whop developer dashboard and grant only the permissions the MCP workflow needs.

App API key

Use this when you are building an installed Whop app that accesses companies that installed your app. The key is available in the app's environment variables.

OAuth tokens

Use OAuth 2.1 with PKCE when the action should happen on behalf of an individual Whop user rather than your company or app.

Bearer header

Authenticated API calls use Authorization: Bearer <token>. The public API base URL is https://api.whop.com/api/v1.

Permission examples

Whop permissions are scoped by endpoint. For example, checkout configuration creation requires checkout_configuration:create, plan:create, access_pass:create, access_pass:update, and checkout_configuration:basic:read. Payment refunds require payment-management permission plus supporting read scopes. Do not give an MCP workflow broad write access if it only needs to list records.

Read the full Whop API keys for MCP guide.

Checkout via Whop MCP

Checkout is the most valuable long-tail use case because it connects MCP setup to real developer work. A Whop agent can help create a checkout configuration, inspect checkout configuration IDs, prepare embed code, or attach metadata and affiliate attribution when the selected MCP server exposes the relevant API endpoint and your key has permission.

Anatomy of Whop checkout

Primitive What it means Common fields Plan The priced unit a customer buys, usually identified by a plan_ ID. Price, billing period, currency, product/access pass relationship. Checkout configuration A reusable checkout setup, usually identified by a ch_ ID, that can return a purchase_url shaped like /checkout/plan_xxxx?session=ch_xxxxxxxxxxxxxxx. plan, affiliate_code, metadata, redirect_url, mode, payment method settings. Checkout session A session-style checkout object, often used when attaching metadata to a future payment or membership. Plan, metadata, redirect URL, affiliate code. Embedded checkout A React or HTML checkout embedded into your own site. planId, sessionId, returnUrl, affiliateCode, environment, callbacks.

Prompts that map to checkout API work

Create a configurationCreate a one-time 10 USD checkout configuration for company biz_xxxxxxxxxxx with metadata order_id=order_12345. Return the purchase_url. Show the exact arguments before calling a write tool.

List configurationsList checkout configurations for company biz_xxxxxxxxxxx. Include ID, plan ID, mode, affiliate_code, metadata keys, and purchase_url. Do not modify anything.

Add affiliate attributionDraft the checkout configuration arguments for plan plan_xxxxxxxxxxx with affiliate_code=username and redirect_url=https://example.com/thanks. Do not create it yet.

Prepare embed codeGenerate a minimal React WhopCheckoutEmbed for plan plan_xxxxxxxxxxx with returnUrl and affiliateCode. Keep it copied from the official package shape.

Embedded checkout examples

Whop documents the React package @whop/checkout and the WhopCheckoutEmbed component. Use the official checkout docs as the source of truth before shipping customer-facing checkout code.

import { WhopCheckoutEmbed } from "@whop/checkout/react";

export default function Checkout() {
 return (
 
 );
}

Affiliate attribution

Whop's affiliate guide documents links with ?a=<username> and a default 30-day attribution cookie window. API and embed surfaces also expose affiliate_code or affiliateCode. Use clean links for official docs and disclose affiliate links separately when monetizing this site.

Read the full Whop checkout via MCP guide.

What you can do with Whop API MCP

Exact tools vary by package version, client, transport, and filtering flags. The official npm package currently exposes a broad Whop API surface, including read and write tools. Use the Whop MCP tools reference to map the surface before approving calls.

Apps and platform

Apps, app builds, access tokens, account links, webhooks, files, companies, authorized users, users, and app infrastructure.

Products and plans

Products, plans, experiences, checkout configurations, promo codes, invoices, setup intents, and payment methods.

Payments

Payments, refunds, disputes, dispute evidence, dispute alerts, resolution center cases, payment retries, voiding, and fees.

Memberships

Memberships, members, entries, cancellations, pauses, resumes, access checks, leads, reviews, and shipments.

Courses

Courses, chapters, lessons, course students, course lesson interactions, assessments, progress, and content operations.

Community

Chat channels, messages, reactions, support channels, forums, forum posts, direct channels, notifications, and moderation workflows.

Marketing

Affiliates, affiliate overrides, ad campaigns, ad groups, ads, conversions, promo codes, and growth reporting.

Finance

Ledger accounts, payout accounts, payout methods, transfers, withdrawals, topups, fee markups, verifications, and company token transactions.

Stats and discovery

Stats describe, metric queries, raw queries, and SQL-style analysis when exposed by the active server/tool mode.

Sandbox mode

Use sandbox first when you are testing checkout, payment, or membership flows. Whop documents a sandbox dashboard and sandbox API base URL at https://sandbox-api.whop.com/api/v1. The remote mcp.whop.com page does not currently advertise a separate sandbox MCP URL, so the conservative path is to run @whop/mcp locally with a sandbox API key.

export WHOP_API_KEY="your_sandbox_api_key"
npx -y @whop/mcp@latest --tools=dynamic

Safety and security

A write-capable MCP server with a real Whop API key can change products, create checkout configurations, refund payments, cancel memberships, send messages, or perform other business actions depending on scopes. Treat it like any production integration.

  • Use least-privilege keys. Grant only the scopes needed for the workflow.

  • Start in sandbox. Test checkout and payment behavior away from live customers.

  • Separate docs from API access. Use Docs MCP for docs questions and API MCP only when live actions are needed.

  • Read approval dialogs. Inspect the tool name and arguments, not just the agent's summary.

  • Filter tools. Use --tools=dynamic, --operation=read, --resource=..., or exclusion flags to reduce the available tool surface.

  • Do not commit secrets. Use environment variables, prompted inputs, or client secret storage.

  • Pin and review dependencies. Whop documents @latest and mcp-remote@latest for convenience, but production workflows should review package changes before upgrading.

Whop MCP vs hosted gateways

The official Whop server is the right default when you want a direct Whop API or documentation connection. Hosted gateways make sense when you want scheduling, no-code orchestration, multi-app workflows, or a client that does not support MCP directly.

Option Best for Watch out for Official Whop API MCP Direct Whop API access from MCP clients. API key scope and write action approval. Whop Docs MCP Documentation lookup while building apps. It does not call live store data. Zapier MCP for Whop No-code workflows and cross-app automation. Task pricing, platform permissions, and action coverage. Pipedream MCP for Whop Hosted developer workflows and event automation. Credential storage and workflow execution behavior. Composio Whop toolkit Multi-tool agent routing across SaaS apps. Gateway abstraction and exact tool coverage. Apify Whop scraper Public marketplace scraping. It is not the authenticated Whop API MCP and does not access private store data.

Use these narrower guides when you already know which client or workflow you are setting up.

  • Whop MCP Claude setup Claude Desktop and Claude Web setup notes, verification prompts, and safety checks.

  • Whop MCP Cursor setup Project-level and global Cursor configuration for Whop Docs MCP and API MCP.

  • Whop MCP VS Code setup GitHub Copilot MCP configuration, prompted secrets, and workspace setup.

  • Whop MCP API key guide Company API keys, App API keys, OAuth tokens, and permission selection.

  • Whop MCP checkout docs Checkout configuration, checkout sessions, embedded checkout, and affiliate attribution.

  • Whop MCP troubleshooting Fix client visibility, auth, permissions, tool overload, and startup failures.

  • Whop API keys for MCP Company keys, App keys, OAuth, permissions, prompted secrets, and safe rotation.

  • Whop checkout via MCP Checkout configurations, sessions, embedded checkout, affiliate attribution, and approval prompts.

  • Whop MCP tools reference Map checkout, payments, memberships, products, finance, courses, community, and platform tools before approving calls.

Official sources

Use these as the source of truth when details change:

  • Whop AI and MCP guide

  • Whop Remote MCP Server

  • Whop API getting started

  • Whop API authentication

  • Whop permissions guide

  • Whop embedded checkout

  • Create checkout configuration

  • Whop affiliates guide

  • Whop sandbox guide

  • @whop/mcp npm package

  • Model Context Protocol specification

  • Cursor MCP docs

  • VS Code MCP docs

  • Windsurf MCP docs

  • Claude Code MCP docs