Binpocket
/// API & MCPv1

Operate your workspace programmatically.

A REST API and a Model Context Protocol server give Claude — or any client — typed access to your Binpocket workspace. Read inventory, create purchase orders, ask Poppy. All scoped per key.

Quickstart Download AI context packMCP setup

/// 01

Overview

Two surfaces, one workspace. Hit the REST API directly when you need raw CRUD, or wire the MCP server to Claude so it can act on your data without leaving the chat. Both share the same scoped API keys.

REST API

JSON over HTTPS at /api/v1. Bearer-authenticated. Same data model as the app.

MCP server

Native tools for Claude Code, Claude Desktop, and any MCP client. Stdio transport.

Poppy on tap

Ask grounded business questions and get answers that quote your own data.

/// 02

Quickstart

  1. 1

    Create an API key

    Open Settings → API keys, pick a name (e.g. "MCP server"), select the scopes you want to grant, and copy the bpk_live_… secret. It's shown exactly once.

  2. 2

    Smoke-test the API

    Hit /api/v1/me with your key to verify the tenant + scopes.

    curl https://binpocket.com/api/v1/me \
  -H "Authorization: Bearer bpk_live_<YOUR_KEY>"
  3. 3

    Wire the MCP server

    No git, no npm install. Download the single-file bundle from binpocket.com and register it with Claude Code.

    # Zero-install path — single file, no git, no npm
curl -O https://binpocket.com/mcp/binpocket-mcp.js
BINPOCKET_API_KEY=bpk_live_xxx \
  claude mcp add binpocket -- node $(pwd)/binpocket-mcp.js

    Want to use a different AI? Fetch the prompt pack and paste it into the chat.

    # Or: feed any AI the prompt pack
curl https://binpocket.com/mcp/context.md

/// 03

Authentication

Every request must include a Bearer token in the Authorization header.

Authorization: Bearer bpk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Keys are issued as bpk_live_<32 hex chars>. 41 chars total.
  • Only the SHA-256 hash is stored. The raw value can never be retrieved.
  • Each request bumps lastUsedAt — useful to spot stale keys.
  • Revoke instantly from /settings/integrations/api-keys. Revoked keys return 401 key_revoked.

/// 04

Scopes

Each key carries one or more scopes. A scope unlocks a single permission on a single resource — never more. Combine multiple scopes on the same key when needed.

/// Resource/// Read scope/// Write scope
productsproducts:readproducts:write
customerscustomers:readcustomers:write
supplierssuppliers:readsuppliers:write
partnerspartners:readpartners:write
warehouseswarehouses:readwarehouses:write
purchasespurchases:readpurchases:write
salessales:readsales:write
inventoryinventory:readinventory:write
paymentspayments:readpayments:write
reportsreports:read
poppypoppy:ask
auditaudit:read

/// 05

Endpoints

All endpoints live under /api/v1 and return JSON. Money is integer cents. Currencies are ISO 4217. Dates are ISO 8601.

/// Method/// Path/// Required scope
GET/api/v1/meany
GET/api/v1/morning-routinereports:read
GET/api/v1/kpi/snapshotreports:read
GET/api/v1/reports?kind=…reports:read
GET/api/v1/productsproducts:read
POST/api/v1/productsproducts:write
GET/api/v1/customerscustomers:read
POST/api/v1/customerscustomers:write
GET/api/v1/supplierssuppliers:read
POST/api/v1/supplierssuppliers:write
GET/api/v1/purchasespurchases:read
GET/api/v1/purchases/[id]purchases:read
POST/api/v1/purchasespurchases:write
POST/api/v1/purchases/[id]/statuspurchases:write
PATCH/api/v1/products/[id]products:write
PATCH/api/v1/customers/[id]customers:write
PATCH/api/v1/suppliers/[id]suppliers:write
GET/api/v1/salessales:read
GET/api/v1/sales/[id]sales:read
POST/api/v1/salessales:write
POST/api/v1/sales/[id]/statussales:write
GET/api/v1/paymentspayments:read
POST/api/v1/paymentspayments:write
POST/api/v1/stock/adjustinventory:write
GET/api/v1/forecast/salesreports:read
GET/api/v1/forecast/inventoryreports:read
GET/api/v1/recommendreports:read
GET/api/v1/audit-logaudit:read
POST/api/v1/poppy/askpoppy:ask

/// 06

MCP server

The MCP server wraps every REST endpoint as a typed tool. Configure it once, then ask Claude to operate your workspace in natural language.

Download MCP binaryDownload AI context pack

Available tools

whoamimorning_routinekpi_snapshotreport_overviewreport_top_productsreport_top_customersreport_top_suppliersreport_inventory_valuationreport_reorder_alertsreport_cashflowreport_commissions_statsreport_profitabilityforecast_salesforecast_inventoryrecommend_actionslist_productscreate_productlist_customerscreate_customerlist_supplierscreate_supplierlist_purchasesget_purchase_ordercreate_purchase_orderlist_salesget_sales_ordercreate_sales_orderlist_audit_logask_poppychange_purchase_order_statuschange_sales_order_statusupdate_productupdate_customerupdate_suppliercreate_paymentadjust_stock

Register with Claude Code

BINPOCKET_API_KEY=bpk_live_xxx claude mcp add binpocket \
  -- node /abs/path/to/Binpocket/mcp/dist/index.js

Claude Desktop

Add the following block to your claude_desktop_config.json.

{
  "mcpServers": {
    "binpocket": {
      "command": "node",
      "args": ["/abs/path/to/Binpocket/mcp/dist/index.js"],
      "env": {
        "BINPOCKET_URL": "https://binpocket.com",
        "BINPOCKET_API_KEY": "bpk_live_..."
      }
    }
  }
}

/// 07

Examples

List products by SKU

curl https://binpocket.com/api/v1/products?q=AF-60 \
  -H "Authorization: Bearer bpk_live_xxx"

Create a customer

curl -X POST https://binpocket.com/api/v1/customers \
  -H "Authorization: Bearer bpk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ACME SARL",
    "email": "[email protected]",
    "country": "FR",
    "currency": "EUR",
    "taxRate": 20
  }'

Create a sales order with per-unit Nayax codes

curl -X POST https://binpocket.com/api/v1/sales \
  -H "Authorization: Bearer bpk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "customerId": "cmo5rgtdn002pjs04sjj8znbd",
    "currency": "EUR",
    "taxRate": 20,
    "lines": [{
      "productId": "cmo5rgtdn0042js04sjj8znbe",
      "qty": 4,
      "unitPriceCents": 12000,
      "nayaxCodes": ["AF-60-01", "AF-60-02", "AF-60-03", "AF-60-04"]
    }]
  }'

Ask Poppy

curl -X POST https://binpocket.com/api/v1/poppy/ask \
  -H "Authorization: Bearer bpk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{ "question": "Which customer drove the most margin this quarter?" }'

/// 08

Security

Hash-only storage

We never store the raw key. Verification compares SHA-256 hashes in constant time.

Least privilege by design

Pick scopes per integration. A read-only key cannot create or mutate anything.

Audit-logged writes

Every record created via an API key is tagged with the key's id in the workspace audit log.

Tenant isolation

Keys are scoped to a single workspace. Cross-tenant access is structurally impossible.

/// 09

FAQ

Can I use the API without the MCP server?
Yes. The REST API is independent — curl, fetch, requests, anything that speaks HTTPS.
Is there a rate limit?
Per-tenant fair-use limits apply. Hard limits will be published before they're enforced.
Can the MCP server run remotely?
Yes. It only needs network access to your Binpocket URL and the API key. Run it on any machine that hosts your MCP-aware LLM.
How do I rotate a key?
Issue a new key, swap it in the consuming client, then revoke the old one. The two keys can coexist during the swap.