Tebra MCP Server

tebra-mcp-server

MCP server for Tebra (formerly Kareo) practice management. Connects your existing Tebra account to Claude and other MCP-compatible AI agents, exposing 33 SOAP tools and 12 FHIR clinical tools for patients, encounters, appointments, billing, documents, insurance, and clinical data. No data is accessible without valid Tebra API credentials.

Quick Start

npx tebra-mcp-server

Prerequisites

• Node.js 18+
• Tebra SOAP API credentials (generated in Tebra PM admin under Settings > API)
• (Optional) Tebra FHIR API credentials for clinical data access

Environment Variables

SOAP API (required)

FHIR API (optional -- enables 12 clinical data tools)

FHIR credentials are obtained from the Tebra Developer Portal under API > FHIR Access. The server uses OAuth2 client credentials flow with automatic token caching and refresh.

Installation

Claude Code

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "tebra": {
      "command": "npx",
      "args": ["-y", "tebra-mcp-server"],
      "env": {
        "TEBRA_SOAP_USER": "user@practice.com",
        "TEBRA_SOAP_PASSWORD": "your-password",
        "TEBRA_CUSTOMER_KEY": "your-customer-key",
        "TEBRA_FHIR_CLIENT_ID": "optional-fhir-client-id",
        "TEBRA_FHIR_CLIENT_SECRET": "optional-fhir-client-secret"
      }
    }
  }
}

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "tebra": {
      "command": "npx",
      "args": ["-y", "tebra-mcp-server"],
      "env": {
        "TEBRA_SOAP_USER": "user@practice.com",
        "TEBRA_SOAP_PASSWORD": "your-password",
        "TEBRA_CUSTOMER_KEY": "your-customer-key"
      }
    }
  }
}

Cursor / VS Code

Add to your MCP settings:

{
  "mcpServers": {
    "tebra": {
      "command": "npx",
      "args": ["-y", "tebra-mcp-server"],
      "env": {
        "TEBRA_SOAP_USER": "user@practice.com",
        "TEBRA_SOAP_PASSWORD": "your-password",
        "TEBRA_CUSTOMER_KEY": "your-customer-key"
      }
    }
  }
}

Available Tools (45 total)

Patient Management

Appointments

Encounters & Billing

Insurance & Authorizations

Practice Configuration

Documents

Financial Analysis

External Vendor & System

FHIR Clinical Data (requires FHIR credentials)

These tools access clinical data via the Tebra FHIR R4 API. They require separate FHIR credentials (see Environment Variables above). If FHIR credentials are not configured, these tools will not be registered.

Rate Limits

The SOAP client enforces a minimum interval between calls per action, mirroring the throttling thresholds in the Tebra API Technical Guide. When a tool is called more frequently than its limit allows, the client sleeps just long enough to satisfy the interval before sending the request — calls are delayed, never dropped.

On top of client-side throttling, every SOAP call retries up to 3 times with exponential backoff (1s, 2s, 4s) before surfacing an error. Use tebra_get_throttles to query Tebra's server-side rate limit counters in real time.

Example Workflows

Scheduling Flow

1. tebra_get_providers          -- Get provider IDs
2. tebra_get_service_locations  -- Get location IDs
3. tebra_get_appointment_reasons -- Get reason/type IDs
4. tebra_create_appointment     -- Create with provider, location, reason IDs
5. tebra_get_appointment_detail -- Verify creation

Encounter Approval Flow

1. tebra_create_encounter            -- Create superbill (status: Draft)
2. tebra_update_encounter_status     -- Move to Review
3. tebra_update_encounter_status     -- Move to Approved (triggers billing)
   OR
3. tebra_update_encounter_status     -- Reject back to Draft with reason

Payment Posting Flow

1. tebra_search_patients    -- Find patient
2. tebra_get_charges        -- Find outstanding charges
3. tebra_create_payment     -- Post payment to patient account
4. tebra_get_payments       -- Verify payment posted

Patient Onboarding (allure-md.com)

1. tebra_search_patients              -- Check for existing patient
2. tebra_create_patient               -- Create if not found
3. tebra_update_patient_external_id   -- Link Supabase client ID
4. tebra_create_appointment           -- Schedule first visit

Clinical Context for Note Creation (EPIC Notes)

1. tebra_get_appointments             -- Get today's schedule
2. tebra_get_appointment_detail       -- Get appointment context
3. tebra_get_patient                  -- Full patient demographics
4. tebra_get_patient_authorizations   -- Check auth status
5. tebra_fhir_get_allergies           -- Allergies
6. tebra_fhir_get_medications         -- Current medications
7. tebra_fhir_get_conditions          -- Problem list
8. tebra_fhir_get_vitals              -- Recent vitals

Tool Dependency Chains

Some tools require IDs obtained from other tools. Key dependencies:

tebra_create_appointment
  requires: providerId   (from tebra_get_providers)
  requires: locationId   (from tebra_get_service_locations)
  requires: reasonId     (from tebra_get_appointment_reasons)
  optional: patientId    (from tebra_search_patients or tebra_create_patient)

tebra_create_encounter
  requires: patientId    (from tebra_search_patients)
  requires: providerId   (from tebra_get_providers)
  optional: authId       (from tebra_get_patient_authorizations)

tebra_create_payment
  requires: patientId    (from tebra_search_patients)

tebra_update_encounter_status
  requires: encounterId  (from tebra_create_encounter or tebra_get_encounter)

tebra_create_document
  requires: patientId    (from tebra_search_patients)

tebra_update_patient_external_id
  requires: patientId    (from tebra_search_patients or tebra_create_patient)

All FHIR tools
  require: patientId     (from tebra_search_patients)

Integration Services

Pre-built integration modules are available in src/integrations/ for two projects:

• epic-notes-integration.ts -- Schedule pre-seeding, appointment context for note creation, signed note push-back to Tebra. Copy to your EPIC Notes project at src/lib/services/tebra-integration.ts.

• fal-integration.ts -- Patient sync from allure-md.com registration, Stripe payment posting, Supabase-to-Tebra ID linking. Copy to your FAL project at src/lib/services/tebra-integration.ts.

Both modules define an McpToolCaller interface and work with any MCP client implementation.

API Reference

The server wraps two Tebra APIs:

SOAP API v2.1 (33 tools)

• Endpoint: https://webservice.kareo.com/services/soap/2.1/KareoServices.svc
• Auth: RequestHeader with User, Password, CustomerKey
• All requests include retry with exponential backoff (3 attempts at 1s, 2s, 4s)

FHIR R4 API (12 tools)

• Endpoint: https://fhir.kareo.com/r4 (configurable)
• Auth: OAuth2 client credentials flow
• Token caching with automatic refresh before expiry

Development

git clone https://github.com/jamesrosing/tebra-mcp-server.git
cd tebra-mcp-server
npm install

npm run dev    # tsx — runs src/index.ts directly without a build step
npm run build  # tsc — compiles to dist/
npm test       # node:test via tsx — runs the SOAP client regression suite
npm start      # node dist/index.js — runs the compiled output

Changelog

0.2.5 (2026-04-28)

• fix(soap): every GET request body now includes a sibling <kar:Filter /> after <kar:Fields>. Tebra's WSDL marks Filter as minOccurs="0", but their server-side GetFilteredX(...) methods dereference the filter parameter without null-checking and throw NullReferenceException when it's absent. Tools patched: practices, providers, service-locations, procedure-codes, transactions, payments, charges, encounters, patients (search + get-by-id), bulk-patients, appointments. Without 0.2.5, every GET call fails with a server-side NullRef.
• Added regression test asserting <kar:Filter /> is emitted in WSDL-required order (Fields before Filter).

0.2.4 (2026-04-28)

• fix(soap): <RequestHeader> children now serialize in WSDL-required order (CustomerKey → Password → User). The previous CustomerKey → User → Password order caused silent authorization failures even with valid credentials. Confirmed in writing by Tebra customer care.

0.2.3 (2026-04-28)

• fix(soap): SOAPAction HTTP header now includes the KareoServices/ WCF contract segment that Kareo's dispatcher requires. Versions 0.2.2 and earlier sent ${SOAP_NAMESPACE}${operation}, which the dispatcher rejected with HTTP 500 (ContractFilter mismatch at the EndpointDispatcher). Header value is now also explicitly quoted per RFC 3902 §3.2.
• Added a regression test asserting the exact header value (npm test).

0.2.2 (2026-04-27)

• fix(soap): RequestHeader (User/Password/CustomerKey) is now placed inside the request body where Tebra's WSDL expects it, rather than in the SOAP envelope header.

0.2.1 (2026-04-26)

• Published to the MCP Registry under com.jamesrosingmd/tebra (verified-domain namespace).

0.2.0

• Initial public release.

Upgrade urgently from 0.2.4 or earlier. All prior releases hit at least one of the three wire-format bugs above, and only 0.2.5 satisfies all three of Tebra's WSDL/runtime requirements end-to-end.

License

MIT License

Copyright (c) 2026 James H. Rosing, MD, FACS

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.