Independent reference guide - updated May 3, 2026

Whop MCP Server: The Complete Setup, Docs & Checkout API Guide

Set up Whop MCP for Claude, Cursor, VS Code, Windsurf, and Claude Code. Compare Whop Docs MCP vs Whop API MCP, use the official mcp.whop.com server, and understand checkout/API access before giving an AI client write-capable credentials.

Whop provides Model Context Protocol servers for two different jobs: a documentation server that helps agents read Whop developer docs, and an API server that can call live Whop API endpoints with your API key. This page is an independent Whop MCP reference, not an official Whop Inc. property.

If you are starting from zero, begin with the official Whop AI and MCP guide and mcp.whop.com. Use read-only prompts first, then move into checkout, payments, memberships, and other write actions only after you understand the API key permissions involved.

TL;DR

QuestionShort answer
What is Whop MCP?Whop MCP lets MCP-compatible AI clients read Whop docs or call Whop API tools through the Model Context Protocol.
Is there one server?No. Whop documents a Docs MCP at https://docs.whop.com/mcp and an API MCP at https://mcp.whop.com/mcp or https://mcp.whop.com/sse.
Which endpoint should I use?Use the Docs MCP when building against documentation. Use the API MCP when the agent needs live Whop data or API actions.
Where does checkout fit?Checkout is part of the Whop API surface. The API MCP can expose checkout configuration tools when your API key has the required permissions.
What is the main risk?The API MCP can mutate live store data. Treat it like a real integration with credentials, permissions, and approval gates.

Brand note: this page is about Whop, the commerce and developer platform. It is not about WHOOP fitness devices or health data.

The two Whop MCP servers

The most common confusion is that "Whop MCP" can mean three related things: the read-only documentation server, the remote API server, or the local npm package that runs the API server as a subprocess. They are not interchangeable.

Whop Docs MCPWhop API MCP remote@whop/mcp local
URL or installhttps://docs.whop.com/mcphttps://mcp.whop.com/mcp or https://mcp.whop.com/ssenpx -y @whop/mcp
AuthNo API key for documentation lookup.API key prompt in the client.WHOP_API_KEY environment variable.
Live store dataNo.Yes, subject to key permissions.Yes, subject to key permissions.
Write actionsNo.Yes, subject to key permissions.Yes, subject to key permissions.
Best forLooking up Whop docs while building.Calling the live Whop API from Claude, Cursor, VS Code, Windsurf, or another MCP client.Advanced local setup, filtering tools, dynamic tools, code mode, or local sandbox-style testing.
SourceWhop AI and MCP docsmcp.whop.comnpm package

Whop Docs MCP

The Docs MCP gives an AI agent access to Whop developer documentation so it can look up API behavior, SDK usage, checkout details, and configuration examples. It is the right server when the agent is helping you build an app or write code and does not need to touch your live Whop data.

{
  "mcpServers": {
    "whop-docs": {
      "url": "https://docs.whop.com/mcp"
    }
  }
}

The broader documentation index is also available at docs.whop.com/llms.txt, which is useful when you want an agent to discover the docs before answering.

Whop API MCP remote

The API MCP is the server for live actions. Whop documents two remote transports: HTTP Streaming at https://mcp.whop.com/mcp and SSE at https://mcp.whop.com/sse. Use this when the agent needs to list products, inspect payments, create checkout configurations, review memberships, or call another Whop API endpoint.

@whop/mcp npm package

The npm package is the official local Whop API MCP server. It supports normal explicit tools, --tools=dynamic for large API surfaces, and --tools=code for a docs search tool plus Deno-sandboxed code execution against the TypeScript client. It also supports --client=cursor, --client=claude, --client=claude-code, and --client=openai-agents compatibility tuning.

export WHOP_API_KEY="your_api_key_here"
export WHOP_WEBHOOK_SECRET="optional_webhook_secret"
export WHOP_APP_ID="optional_app_id"
npx -y @whop/mcp@latest --client=cursor --tools=dynamic

When to use which

Building a Whop app

Use Docs MCP for implementation help and API MCP when the agent needs to test live API calls. Keep the two servers named separately in your client.

Running store operations

Use API MCP only. Start with listing and auditing tasks before approving anything that changes products, plans, payments, memberships, or checkout data.

Large API exploration

Use local @whop/mcp --tools=dynamic so the client can discover endpoint schemas instead of loading every tool at once.

Multi-step developer tasks

Use local @whop/mcp --tools=code when the agent needs to write small scripts against the Whop SDK and chain multiple API calls.

Setup by client

Use separate server names for docs and API access. That makes approval dialogs easier to read and reduces the chance that a documentation question turns into a live API call.

Claude Web

Open Claude Web, go to Settings, choose Connectors, add a custom connector, and use the Whop API MCP URL:

https://mcp.whop.com/sse

When the connector asks for authorization, provide the Whop API key that matches the data and permissions you want the agent to access.

Claude Desktop

Edit claude_desktop_config.json. On macOS, check ~/Library/Application Support/Claude/claude_desktop_config.json. On Windows, check %APPDATA%\Claude\claude_desktop_config.json. Whop's remote setup uses mcp-remote to bridge the SSE endpoint into Claude Desktop.

{
  "mcpServers": {
    "whop_sdk_api": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://mcp.whop.com/sse"]
    }
  }
}

Quit Claude Desktop fully and reopen it. Check the tools icon before asking for any Whop action.

Claude Code

For the remote API server, add the SSE transport and authenticate on first use:

claude mcp add --transport sse whop https://mcp.whop.com/sse

For local stdio with the npm package:

claude mcp add --transport stdio whop_sdk_api \
  --env WHOP_API_KEY="your_api_key_here" \
  --env WHOP_WEBHOOK_SECRET="optional_webhook_secret" \
  --env WHOP_APP_ID="optional_app_id" \
  -- npx -y @whop/mcp
Cursor

Use ~/.cursor/mcp.json for a global install or .cursor/mcp.json for a project install. Add the docs server when you want documentation lookup:

{
  "mcpServers": {
    "whop-docs": {
      "url": "https://docs.whop.com/mcp"
    }
  }
}

Add the API server when you want live Whop API actions:

{
  "mcpServers": {
    "whop_sdk_api": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://mcp.whop.com/sse"]
    }
  }
}

If Cursor warns about too many tools, use the local npm package with --tools=dynamic or filter the tool surface.

VS Code with GitHub Copilot

Open the command palette and run MCP: Open User Configuration, or create .vscode/mcp.json for a workspace. Newer VS Code MCP configuration uses a top-level servers object and supports prompted inputs for secrets.

{
  "inputs": [
    {
      "id": "whop-api-key",
      "type": "promptString",
      "description": "Whop API key",
      "password": true
    }
  ],
  "servers": {
    "whop_sdk_api": {
      "command": "npx",
      "args": ["-y", "@whop/mcp"],
      "env": {
        "WHOP_API_KEY": "${input:whop-api-key}"
      }
    }
  }
}
Windsurf

Use ~/.codeium/windsurf/mcp_config.json. Whop's remote setup uses mcp-remote with the SSE endpoint:

{
  "mcpServers": {
    "whop_sdk_api": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://mcp.whop.com/sse"]
    }
  }
}

Windsurf also supports environment interpolation, so avoid pasting permanent API keys into a public project file.

ChatGPT, Codex, and other clients

Use a client that supports MCP directly when possible. For clients without arbitrary MCP server support, use a hosted gateway such as Zapier, Pipedream, or Composio, and be explicit that the gateway stores and executes the integration.

First safe test prompt

After setup, run a non-destructive prompt first:

List the available Whop MCP tools. Do not call any tool that creates, updates, deletes, refunds, cancels, retries, or sends data.

Authentication and API keys

Whop documents three credential paths for API usage. Choose the one that matches who owns the data and whose permissions should apply.

Company API key

Use this for your own company data. Create it in the Whop developer dashboard and grant only the permissions the MCP workflow needs.

App API key

Use this when you are building an installed Whop app that accesses companies that installed your app. The key is available in the app's environment variables.

OAuth tokens

Use OAuth 2.1 with PKCE when the action should happen on behalf of an individual Whop user rather than your company or app.

Bearer header

Authenticated API calls use Authorization: Bearer <token>. The public API base URL is https://api.whop.com/api/v1.

Permission examples

Whop permissions are scoped by endpoint. For example, checkout configuration creation requires checkout_configuration:create, plan:create, access_pass:create, access_pass:update, and checkout_configuration:basic:read. Payment refunds require payment-management permission plus supporting read scopes. Do not give an MCP workflow broad write access if it only needs to list records.

Read the full Whop API keys for MCP guide.

Checkout via Whop MCP

Checkout is the most valuable long-tail use case because it connects MCP setup to real developer work. A Whop agent can help create a checkout configuration, inspect checkout configuration IDs, prepare embed code, or attach metadata and affiliate attribution when the selected MCP server exposes the relevant API endpoint and your key has permission.

Anatomy of Whop checkout

PrimitiveWhat it meansCommon fields
PlanThe priced unit a customer buys, usually identified by a plan_ ID.Price, billing period, currency, product/access pass relationship.
Checkout configurationA reusable checkout setup, usually identified by a ch_ ID, that can return a purchase_url shaped like /checkout/plan_xxxx?session=ch_xxxxxxxxxxxxxxx.plan, affiliate_code, metadata, redirect_url, mode, payment method settings.
Checkout sessionA session-style checkout object, often used when attaching metadata to a future payment or membership.Plan, metadata, redirect URL, affiliate code.
Embedded checkoutA React or HTML checkout embedded into your own site.planId, sessionId, returnUrl, affiliateCode, environment, callbacks.

Prompts that map to checkout API work

Create a configurationCreate a one-time 10 USD checkout configuration for company biz_xxxxxxxxxxx with metadata order_id=order_12345. Return the purchase_url. Show the exact arguments before calling a write tool.
List configurationsList checkout configurations for company biz_xxxxxxxxxxx. Include ID, plan ID, mode, affiliate_code, metadata keys, and purchase_url. Do not modify anything.
Add affiliate attributionDraft the checkout configuration arguments for plan plan_xxxxxxxxxxx with affiliate_code=username and redirect_url=https://example.com/thanks. Do not create it yet.
Prepare embed codeGenerate a minimal React WhopCheckoutEmbed for plan plan_xxxxxxxxxxx with returnUrl and affiliateCode. Keep it copied from the official package shape.

Embedded checkout examples

Whop documents the React package @whop/checkout and the WhopCheckoutEmbed component. Use the official checkout docs as the source of truth before shipping customer-facing checkout code.

import { WhopCheckoutEmbed } from "@whop/checkout/react";

export default function Checkout() {
  return (
    <WhopCheckoutEmbed
      planId="plan_XXXXXXXXX"
      returnUrl="https://yoursite.com/checkout/complete"
      affiliateCode="username"
    />
  );
}

Affiliate attribution

Whop's affiliate guide documents links with ?a=<username> and a default 30-day attribution cookie window. API and embed surfaces also expose affiliate_code or affiliateCode. Use clean links for official docs and disclose affiliate links separately when monetizing this site.

Read the full Whop checkout via MCP guide.

What you can do with Whop API MCP

Exact tools vary by package version, client, transport, and filtering flags. The official npm package currently exposes a broad Whop API surface, including read and write tools. Use the Whop MCP tools reference to map the surface before approving calls.

Apps and platform

Apps, app builds, access tokens, account links, webhooks, files, companies, authorized users, users, and app infrastructure.

Products and plans

Products, plans, experiences, checkout configurations, promo codes, invoices, setup intents, and payment methods.

Payments

Payments, refunds, disputes, dispute evidence, dispute alerts, resolution center cases, payment retries, voiding, and fees.

Memberships

Memberships, members, entries, cancellations, pauses, resumes, access checks, leads, reviews, and shipments.

Courses

Courses, chapters, lessons, course students, course lesson interactions, assessments, progress, and content operations.

Community

Chat channels, messages, reactions, support channels, forums, forum posts, direct channels, notifications, and moderation workflows.

Marketing

Affiliates, affiliate overrides, ad campaigns, ad groups, ads, conversions, promo codes, and growth reporting.

Finance

Ledger accounts, payout accounts, payout methods, transfers, withdrawals, topups, fee markups, verifications, and company token transactions.

Stats and discovery

Stats describe, metric queries, raw queries, and SQL-style analysis when exposed by the active server/tool mode.

Sandbox mode

Use sandbox first when you are testing checkout, payment, or membership flows. Whop documents a sandbox dashboard and sandbox API base URL at https://sandbox-api.whop.com/api/v1. The remote mcp.whop.com page does not currently advertise a separate sandbox MCP URL, so the conservative path is to run @whop/mcp locally with a sandbox API key.

export WHOP_API_KEY="your_sandbox_api_key"
npx -y @whop/mcp@latest --tools=dynamic

Safety and security

A write-capable MCP server with a real Whop API key can change products, create checkout configurations, refund payments, cancel memberships, send messages, or perform other business actions depending on scopes. Treat it like any production integration.

  1. Use least-privilege keys. Grant only the scopes needed for the workflow.
  2. Start in sandbox. Test checkout and payment behavior away from live customers.
  3. Separate docs from API access. Use Docs MCP for docs questions and API MCP only when live actions are needed.
  4. Read approval dialogs. Inspect the tool name and arguments, not just the agent's summary.
  5. Filter tools. Use --tools=dynamic, --operation=read, --resource=..., or exclusion flags to reduce the available tool surface.
  6. Do not commit secrets. Use environment variables, prompted inputs, or client secret storage.
  7. Pin and review dependencies. Whop documents @latest and mcp-remote@latest for convenience, but production workflows should review package changes before upgrading.

Troubleshooting

The MCP server does not appear

Check JSON syntax, full-quit the client, and confirm Node.js 18 or newer is available to the application. GUI apps on macOS sometimes launch with a different PATH than your terminal.

The remote API MCP auth flow is stuck

Whop's remote page recommends clearing the MCP auth cache and restarting the client. Remove the ~/.mcp-auth folder with your operating system's file manager or another safe deletion method, then reopen the MCP client.

Whop returns 401 or 403

A 401 usually means the token is missing or invalid. A 403 usually means the key does not have the permission required by the endpoint. Re-check the key type and the endpoint's documented scopes.

The wrong tool gets called

Use a more specific prompt, split docs and API servers, and filter unnecessary tools. Include the target resource, date range, action type, and whether writes are allowed.

Cursor warns about too many tools

Use @whop/mcp --tools=dynamic or filter with resource/operation flags. Large APIs can overwhelm clients when every endpoint is exposed as a separate tool.

Whop MCP vs hosted gateways

The official Whop server is the right default when you want a direct Whop API or documentation connection. Hosted gateways make sense when you want scheduling, no-code orchestration, multi-app workflows, or a client that does not support MCP directly.

OptionBest forWatch out for
Official Whop API MCPDirect Whop API access from MCP clients.API key scope and write action approval.
Whop Docs MCPDocumentation lookup while building apps.It does not call live store data.
Zapier MCP for WhopNo-code workflows and cross-app automation.Task pricing, platform permissions, and action coverage.
Pipedream MCP for WhopHosted developer workflows and event automation.Credential storage and workflow execution behavior.
Composio Whop toolkitMulti-tool agent routing across SaaS apps.Gateway abstraction and exact tool coverage.
Apify Whop scraperPublic marketplace scraping.It is not the authenticated Whop API MCP and does not access private store data.

FAQ

What is the Whop MCP server?

The Whop MCP server connects MCP-compatible AI clients to Whop documentation or Whop API tools. The Docs MCP helps agents read documentation. The API MCP can call live Whop API endpoints with your API key.

Is there one Whop MCP or two?

There are two official server targets in Whop's docs: https://docs.whop.com/mcp for documentation and https://mcp.whop.com/mcp or https://mcp.whop.com/sse for API actions.

What is mcp.whop.com?

It is the official remote Whop API MCP server landing page. It documents setup for Claude Web, Claude Desktop, Cursor, and Windsurf using the remote SSE endpoint.

What is @whop/mcp?

It is the official npm package for running the Whop API MCP locally. It supports explicit tools, dynamic endpoint discovery, code mode, client compatibility flags, filtering, and HTTP transport.

Which Whop API key should I use?

Use a Company API key for your own company data, an App API key for an installed Whop app, and OAuth tokens when acting on behalf of an individual user. Use the smallest permission set that works.

Can Whop MCP create a checkout?

Yes, when the active API MCP exposes checkout configuration tools and your key has the required checkout, plan, and access-pass permissions. Ask the agent to show arguments before approving a write call.

Does Whop MCP support affiliate tracking?

Whop checkout APIs and embeds support affiliate attribution through fields such as affiliate_code and affiliateCode. Whop's affiliate guide also documents referral links with ?a=<username>.

How do I add Whop MCP to Claude Desktop?

Add an mcp-remote server entry pointing to https://mcp.whop.com/sse in claude_desktop_config.json, then fully restart Claude Desktop.

How do I add Whop MCP to Cursor?

Add https://docs.whop.com/mcp for docs lookup, or use mcp-remote@latest with https://mcp.whop.com/sse for API access. Use global or project-level mcp.json.

Is it safe to give MCP write access to my Whop store?

It can be safe with the right controls, but it is not casual access. Use sandbox first, limit key permissions, filter tools, and review every write-capable tool call before approving it.

Does Whop MCP work with ChatGPT?

Use a direct MCP client where possible. For clients without arbitrary MCP support, route through a hosted gateway and review how that gateway stores credentials and executes actions.

Official sources

Use these as the source of truth when details change: