Navigation

Getting Started

IntroductionQuick Start

Business Setup

What's Business?Launch a BusinessWebApp DeploymentUpdates and ModulesCustom DomainCredits & Top-upsAI Agent

Money

DashNex CreditsDashNex Pay (MoR)Stripe StandardFind Your OrdersTransactionsBalancesPayoutsConversionTransfers

WebApp Modules

OverviewProductsOffersCheckoutsCouponsEmbeddable CheckoutLifecycle EventsDunningPayment MethodsContactsOpt-in FormsEmail BroadcastsEmail LibraryAutomationsTransactionalPages ManagerMenu ControllerMedia LibraryinstraCHATAppearanceAgent SettingsAgent SourcesAgent Q&AConversationsMCPUpcoming Modules

Developers

DashNex CLIDashNex Code
WebApp Modules

MCP

Connect AI clients to your WebApp using the Model Context Protocol — let AI agents read your data and take actions on your behalf, securely and on your terms.

What is MCP?

MCP (Model Context Protocol) is an open standard that lets AI assistants — like Claude, Cursor, or any other MCP-aware client — connect to external systems and use the tools and data those systems expose.

The MCP module turns your DashNex WebApp into one of those systems. Once connected, your AI client can list contacts, look up offers, draft emails, query products, and run any other action the installed modules expose.

You stay in control: every action is performed through an API key you create, scoped to your account's permissions. Revoke the key any time and the connection stops working immediately.

MCP is an optional module. It isn't enabled by default — the WebApp owner needs to install the MCP module from the Business Account dashboard and redeploy the WebApp before any of the steps below will work. See Updates and Modules for how to install modules.

Creating an API Key

MCP requests are authenticated with an API key tied to your user account. To create one:

  1. Open your WebApp and go to your Account settings.
  2. Switch to the Agents tab.
  3. Click Create Key, give it a recognisable name (for example “Claude Desktop”), and confirm.
  4. Copy the full key from the dialog and store it somewhere safe.

Keys are shown only once. The full key value is displayed in the create dialog and never again — only a masked prefix (mcp_sk_xxxxx...xxxx) is visible afterwards. If you lose the key, regenerate it (see below) or create a new one.

Keys Inherit Your Current Roles

A key gives the AI client the same permissions you have at the moment it's used. If your roles change (for example, you're promoted to admin or your access is reduced), every key you've created automatically reflects those new permissions on the next request — no need to regenerate them.

Connecting Your AI Client

Any MCP-compatible AI client can connect to your WebApp. You only need two things: the server URL and your API key.

Server URL

Your WebApp exposes a single MCP endpoint:

https://your-webapp-domain/api/mcp

Replace your-webapp-domain with your actual WebApp domain.

Authentication

Send your API key as a bearer token in the Authorization header:

Authorization: Bearer mcp_sk_your_key_here

Refer to your AI client's documentation for where to enter these values — most clients have an “MCP servers” or “Custom integrations” section in their settings.

What Tools Are Available?

The set of tools your AI client can use depends on two things:

  • Which modules are installed on your WebApp — every module can contribute its own tools (for example, the Contacts module exposes contact-related actions; the Offers module exposes offer-related ones).
  • Your roles — each tool declares which role is required to see and use it. Your key only exposes the subset you're allowed to use.

Tools by Role

Modules group their tools into three tiers, matching the standard DashNex role model:

  • Public tools — available to every request, even without a key. Used for connectivity checks and other non-sensitive operations.
  • User tools — available to anyone with a valid key (every key creator has the user role by default). These cover read and write actions tied to your own account's data — looking up offers you own, drafting your emails, and so on.
  • Admin tools — only available when the key was created by a user with the admin role. These cover WebApp-wide actions such as managing other users, changing system settings, or performing destructive operations across all data.

Because keys inherit your current roles, the tier of tools a key sees changes automatically as your role changes — no need to regenerate the key when you're promoted or demoted.

You don't need to maintain a list yourself — once your AI client connects, it discovers the available tools automatically and makes them usable by the AI. Adding a new module to your WebApp also makes its tools available over MCP without any extra configuration.

Managing Your Keys

From the Account → Agents tab you can:

  • View all your keys with their name, masked prefix, creation date, and the last time each was used.
  • Regenerate a key — issues a new secret value for the same key entry. The old value stops working immediately, so update your AI client with the new key right away.
  • Delete a key — permanently invalidates it. Use this if a key is no longer needed or if you suspect it was leaked.

Security Notes

  • Treat keys like passwords. Anyone with your key can act on your WebApp with your permissions until the key is deleted or regenerated.
  • Keys are stored hashed. Even DashNex cannot recover the plaintext value after creation — only you can, in the moment the key is shown.
  • Rotate when in doubt. If you believe a key has been exposed (committed to a repo, sent in chat, etc.), regenerate or delete it immediately.

Related

  • AI Agent — Overview of AI features across your WebApp
  • instraCHAT — Customer-facing AI chat agents trained on your knowledge base
  • Custom Domain — Set up the domain you'll use in your MCP endpoint URL