The GrowthPath Cin7 Core MCP Server gives approved AI assistants a secure way to understand and investigate configured Cin7 Core environments.
It combines curated Cin7 Core knowledge with read-only tools for orders, products, customers, suppliers, stock, purchasing and support diagnostics. This helps authorised teams answer operational questions faster without giving an AI assistant broad access to the live ERP.
What is an MCP server?
The Model Context Protocol (MCP) is a standard way for AI assistants to discover and use approved data sources and tools. Instead of pasting business data into a chat, an authorised assistant can call a narrowly defined tool, receive a bounded result and keep the action within the configured access controls.
GrowthPath’s MCP server is designed specifically for Cin7 Core.
Built on the GrowthPath Application Server
The MCP server searches the GrowthPath Application Server’s cache of Cin7 Core JSON documents. The cache is held in PostgreSQL and supports powerful searches across nested JSON data.
This approach has several advantages over repeatedly querying the raw Cin7 Core API:
- Fast access to cached Cin7 Core data
- Rich searching of nested JSON fields
- Bounded and validated query tools
- Support for multiple configured Cin7 Core instances
- Less pressure on Cin7 Core API limits
- A consistent foundation for support and diagnostic workflows
The MCP server is intended for focused investigation. Broader reporting, trends, rankings and cross-system analysis belong in the separate Cin7 Core Analytics Engine.
What can it help with?
An approved AI assistant can use the MCP server for read-only tasks such as:
- Finding recent sales and order summaries
- Investigating a delayed or stuck order
- Looking up a product by SKU
- Checking stock availability by product, location, bin or batch
- Reviewing product movements
- Looking up customer and supplier context
- Finding purchase orders that need attention
- Reviewing summarised integration job logs
- Running allowlisted aggregate reports
- Preparing a dry-run plan for an approved operational workflow
The server also provides discovery tools so an assistant can first determine which Cin7 Core instances, object types, filters and diagnostic tools are available.
Read-only by design
The current release prioritises safe investigation and planning. Exposed business-data tools are read-only, and operational workflows are limited to validation and dry-run planning.
Controls include:
- OAuth bearer authentication for compatible desktop agents
- Optional manually configured API tokens for clients that cannot use OAuth
- Active-user and group-based authorisation
- Runtime namespace and Cin7 Core instance scoping
- Per-token rate limits and pre-authentication throttling
- Allowlisted object types, filters, reports and diagnostic harnesses
- Bounded result sizes
- Summarised job-log access
- Audit records for controlled diagnostic runs
Tokens and OAuth credentials should only be stored in an approved credential manager or client configuration. They should never be pasted into ordinary chat messages, logs or source code.
Works with modern AI assistants
MCP-enabled desktop and web assistants can connect using the server URL supplied for an approved GrowthPath deployment. OAuth with browser-based sign-in is the preferred setup when the client supports it.
Each deployment is scoped to its authorised users and configured Cin7 Core instances. An assistant can only discover and query the data and tools enabled for that deployment.
Faster support without unrestricted access
The Cin7 Core MCP Server is designed to reduce repeated manual lookups while retaining clear authentication, scoping and audit controls. It gives support teams and authorised users a practical way to investigate operational questions with AI while keeping access narrow, explainable and read-only.
For protocol details, authentication requirements and the current tool catalogue, see the Cin7 Core MCP Server technical documentation.
