Stripe's official Agent Toolkit ships an MCP server so an AI client can work with the Stripe API — create customers, products, prices, payment links, invoices and look up data. This is a developer tool; the whole game is using restricted, test-mode keys. Here's the safe setup.
Start in test mode
Use a test-mode secret key (sk_test_...) and a restricted key scoped to only what you need. Never hand an AI a live secret key with full write access — it can create real charges and objects. Treat this like wiring an API into code you haven't fully reviewed.
Option A — local via npx
{
"mcpServers": {
"stripe": {
"command": "npx",
"args": ["-y", "@stripe/mcp", "--tools=all", "--api-key=sk_test_your_key"]
}
}
}
Pass the key via env instead of the command line where your client supports it, to keep it out of process lists. Narrow --tools to just what you need.
Option B — remote server
Stripe hosts a remote MCP at https://mcp.stripe.com you can add as an OAuth/URL connector. Restart the client after editing; see MCP config file location.
Verify
In test mode, ask: "Create a test product 'Pro plan' at $20/mo and a payment link for it." A test payment link back confirms it works — and nothing real was charged.
Common problems
Invalid API Key— wrong/rotated key, or live vs test mismatch.permissionerrors — your restricted key lacks that capability (good — add only if needed).- No tools in client — Node 18+ for
npx; see Cursor MCP not working.
Security — this touches money
Default to test mode + restricted, least-privilege keys, keep a human in the loop for anything that creates charges or moves money, and never put a live key in shared config. See MCP security best practices and how to vet an MCP server.
Going further
Stripe pairs with a database and Sentry server for billing-ops debugging. Browse the finance category or curated loadouts.