Skip to main content
The Operators MCP connects to your live Supercycle data, it can read and write to your store.

Authentication

The Operators MCP uses OAuth authentication:
  • You log in with your existing Shopify credentials
  • No API keys to manage or rotate
  • Access is scoped to your store only, no other merchant’s data is accessible
  • Sessions can be revoked from Integrations

Approval flows

The Operators MCP uses MCP safety annotations to protect your data:
  • Read operations: Auto-approved for seamless searching and viewing of cycles, inventory, charges, and customers.
  • Write operations: Request user confirmation before creating, updating, or deleting data.
Your AI tool will prompt you for approval before making any changes to your store.

Data access

  • The MCP only operates within your store’s data
  • You have the same data access as your Supercycle admin account
  • No data is shared with external systems unless you explicitly configure integrations
  • All operations are performed through the Supercycle API with standard rate limits and validation

Best practices

  • Review write operations - Always read the confirmation prompt before approving changes from your AI tool
  • Revoke sessions when needed - If a team member leaves or access should be removed, revoke their session from Integrations