Carbon MCP server

Connect Claude, ChatGPT, Cursor, or any MCP client to Carbon. It gets 1,187 tools across 15 modules — sales orders, production jobs, inventory, purchasing, quality — and you drive them in plain language.

POSThttps://app.carbon.ms/api/mcp

FIG.01 · OVERVIEW

What is MCP?

MCP is an open standard from Anthropic. It gives AI assistants one consistent way to reach outside systems, so any MCP client can work with Carbon without custom integration code.

Hosts

The assistants you already use — Claude (web, Desktop, Code), Cursor, VS Code, Codex.

Clients

The MCP transport inside the host. Carbon speaks Streamable HTTP.

Server

Carbon's remote MCP server — backed by your ERP, secured by a scoped API key.

Carbon runs a remote server, so there's nothing to install. Every client points at the same /api/mcp endpoint, and new tools become available without any update on your side.

FIG.02 · USE CASES

What you can ask

Things you can ask it to do:

Show all open sales orders due to ship this week.

Create a job for 50 units of SKU-1042 on the CNC work center.

Which purchase orders are past their promised receipt date?

What's the on-hand quantity and reorder point for BRACKET-200 across locations?

Draft a quote for Acme for 200 aluminum housings.

List every job behind schedule and who's assigned.

The more specific the ask, the better the result:

Too broad“Sort out my late orders.”

Specific“Release every sales order stuck in Needs Approval for 3+ days.”

FIG.03 · QUICKSTART

Quickstart

Pick your client, follow the three steps, and you're talking to your ERP. About a minute.

01Carbon · Settings → API Keys

Create an API key

Settings → API Keys → New. The modal hands you a ready-to-paste snippet — you only see the key once.

02Terminal · Claude Code

Run the command

Paste it in, swapping in the key the modal gave you:

claude mcp add --transport http \
  carbon https://app.carbon.ms/api/mcp \
  --header "Authorization: Bearer crbn_…"

03Claude Code

Verify

Ask it to search Carbon. If it lists tools, you’re connected to your ERP.

Connector clients authorize in the browser — nothing to paste. CLI and config clients use a scoped key from Settings → API Keys (Authorization: Bearer crbn_…). stdio-only clients bridge through the mcp-remote shim.

FIG.04 · ARCHITECTURE

How tool discovery works

Carbon doesn't pour 1,187 tools into the model at once. Three meta-tools let assistants discover what they need, just in time.

DISCOVERY LOOP

Search → describe → call. Auth context is injected automatically.

READ

search_tools

Find tools by query, module, or classification.

→

READ

describe_tool

Get parameters & schema for one tool.

→

WRITE

call_tool

Execute it with arguments and get the result.

You ask for an outcome; the assistant chains the calls itself. Here's the real sequence behind one request.

WORKFLOW — "CHASE DOWN EVERYTHING SHIPPING LATE THIS WEEK"

One sentence from you → three tool calls → a summary back.

search_toolsREAD

Finds the sales-order and shipment tools.

sales_getSalesOrdersREAD

Filters to orders due this week that are still open.

production_getJobsREAD

Flags the linked jobs running behind schedule.

Summary

Returns the list and the delays — for your review.

FIG.05 · REFERENCE

Tools

1,187 tools across 15 modules. Filter by module, or search the full catalog.

DESTRUCTIVEaccount_deleteUserAttributeValuedelete user attribute value2 params

READaccount_getAccountget account1 params

READaccount_getAttributesget attributes1 params

READaccount_getPrivateAttributesget private attributes0 params

READaccount_getPublicAttributesget public attributes0 params

READaccount_getAllAttributeCategoriesget all attribute categories0 params

READaccount_getAttributeCategoryWithValuesget attribute category with values1 params

WRITEaccount_updateAvatarupdate avatar1 params

WRITEaccount_updatePublicAccountupdate public account5 params

WRITEaccount_upsertUserAttributeValueupsert user attribute value4 params

READaccounting_getTrialBalanceget trial balance2 params

READaccounting_getFinancialStatementBalancesget financial statement balances2 params

READaccounting_getCompaniesInGroupget companies in group0 params

DESTRUCTIVEaccounting_deleteAccountdelete account1 params

DESTRUCTIVEaccounting_deletePaymentTermdelete payment term1 params

READaccounting_getAccountget account1 params

READaccounting_getAccountsget accounts3 params

READaccounting_getAccountsListget accounts list3 params

READaccounting_getGroupAccountsget group accounts0 params

READaccounting_getBaseCurrencyget base currency0 params

READaccounting_getChartOfAccountsget chart of accounts3 params

READaccounting_getCurrencyget currency1 params

READaccounting_getCurrencyByCodeget currency by code1 params

READaccounting_getCurrenciesget currencies3 params

READaccounting_getCurrenciesListget currencies list0 params

READaccounting_getCurrentAccountingPeriodget current accounting period1 params

READaccounting_getOrCreateAccountingPeriodget or create accounting period1 params

READaccounting_getDefaultAccountsget default accounts0 params

READaccounting_getFiscalYearSettingsget fiscal year settings0 params

READaccounting_getPaymentTermget payment term1 params

FIG.06 · SECURITY

Authentication

Connect with OAuth — no secrets to copy. Carbon's MCP server speaks OAuth 2.1, so your client registers itself and you authorize in the browser. A scoped API key is there if you'd rather (CI, headless).

OAuth 2.1

PKCE + dynamic client registration. Your client self-registers; you sign in, pick your company, and click Authorize — nothing to copy or paste.

Permissions

The connection inherits exactly your Carbon access (scope mcp:tools). Cross-company access is impossible.

API keys

Prefer a key for CI or headless use? Create a scoped key in Settings → API Keys and send it as Authorization: Bearer crbn_….

Access tokens last an hour and refresh automatically.

FIG.07 · SAFETY

Safety

Every tool is classified so you always know what's safe and what mutates data.

READ

Always safe — no data changes.

WRITE

Creates or updates records.

DESTRUCTIVE

Deletes data — keep human confirmation on.

A key only ever sees what its user could see in Carbon. Cross-company access is impossible.

FIG.08 · FAQ

FAQ

Not for connector clients — add the URL and authorize in your browser. Keys are for CLI/config clients and headless or CI use.

Yes. A connector inherits the role and company of whoever authorizes it; an API key carries its own scopes. The assistant can only do what that identity can.

Key clients: the key is missing, malformed, expired, or deleted — recreate it in Settings → API Keys and update the Authorization header. Connector clients: re-authorize the connection from your client.

Each key in Settings → API Keys shows its scopes, rate limit, expiry, and who created it. Delete a key to revoke it; use a separate key per client so revoking one doesn't break the rest.

Any MCP client that speaks HTTP. Claude.ai, Claude Desktop, and ChatGPT authorize over OAuth; Claude Code, Cursor, VS Code, and Codex send a key header; stdio-only clients bridge through mcp-remote.

By design. Three discovery meta-tools — search_tools, describe_tool, and call_tool — let the model find and load only the tools a task needs, keeping its context lean.

Build something with Carbon

Bring your manufacturing system into every AI assistant.

Talk to sales