How do I install Yookassa?

Yookassa is a local plugin. Install it using npm package: @theyahia/yookassa-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Yookassa safe to use?

Yookassa scored 5/10 (moderate risk) in MCP Marketplace's automated security scan. It has 4 high or critical findings to review. It's listed, but review the security report on this page before installing.

What credentials does Yookassa need?

Yookassa requires the following credentials or environment variables: YOOKASSA_SHOP_ID. You can find setup instructions on the server detail page.

What AI apps work with Yookassa?

Yookassa uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Yookassa MCP Server

by TheYahia

Developer ToolsModerate5.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP server for YooKassa payment API — payments, refunds, receipts (54-FZ). 10 tools. First MCP for

About

MCP server for YooKassa payment API — payments, refunds, receipts (54-FZ). 10 tools. First MCP for

Security Report

5.0

Moderate5.0Moderate Risk

Valid MCP server (2 strong, 4 medium validity signals). 4 known CVEs in dependencies (1 critical, 3 high severity) Package registry verified. Imported from the Official MCP Registry.

9 files analyzed · 5 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

API key for the serviceRequired

Environment variable: YOOKASSA_SHOP_ID

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-theyahia-yookassa-mcp": {
      "env": {
        "YOOKASSA_SHOP_ID": "your-yookassa-shop-id-here"
      },
      "args": [
        "-y",
        "@theyahia/yookassa-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

@theyahia/yookassa-mcp

MCP server for YooKassa API -- payments, refunds, receipts (54-FZ), payouts, webhooks, recurring, SBP, marketplace splits. 20 tools.

Part of Russian API MCP series by @theYahia.

Quick Start

Claude Desktop

{
  "mcpServers": {
    "yookassa": {
      "command": "npx",
      "args": ["-y", "@theyahia/yookassa-mcp"],
      "env": {
        "YOOKASSA_SHOP_ID": "your-shop-id",
        "YOOKASSA_SECRET_KEY": "your-secret-key"
      }
    }
  }
}

Claude Code

claude mcp add yookassa -e YOOKASSA_SHOP_ID=your-id -e YOOKASSA_SECRET_KEY=your-key -- npx -y @theyahia/yookassa-mcp

VS Code / Cursor

{
  "servers": {
    "yookassa": {
      "command": "npx",
      "args": ["-y", "@theyahia/yookassa-mcp"],
      "env": {
        "YOOKASSA_SHOP_ID": "your-shop-id",
        "YOOKASSA_SECRET_KEY": "your-secret-key"
      }
    }
  }
}

Windsurf

{
  "mcpServers": {
    "yookassa": {
      "command": "npx",
      "args": ["-y", "@theyahia/yookassa-mcp"],
      "env": {
        "YOOKASSA_SHOP_ID": "your-shop-id",
        "YOOKASSA_SECRET_KEY": "your-secret-key"
      }
    }
  }
}

Streamable HTTP (remote / Docker)

⚠️ The HTTP transport exposes money-moving tools. It requires a Bearer token, binds to 127.0.0.1 by default, and validates Host/Origin (DNS-rebinding protection). Never expose it directly to the internet — put it behind an authenticating reverse proxy / mTLS. See SECURITY.md.

MCP_AUTH_TOKEN="$(openssl rand -hex 32)" HTTP_PORT=3000 npx -y @theyahia/yookassa-mcp --http

Then call /mcp with Authorization: Bearer <MCP_AUTH_TOKEN>.

Endpoints:

POST /mcp -- MCP Streamable HTTP transport (Bearer auth required; stateless — POST only)
GET /health -- unauthenticated health check ({ "status": "ok", "tools": <count> })

Environment Variables

Variable	Required	Description
`YOOKASSA_SHOP_ID`	Yes	Shop ID (Settings -> Shop)
`YOOKASSA_SECRET_KEY`	Yes	Secret key (Integration -> API Keys)
`YOOKASSA_PAYOUT_AGENT_ID`	Payouts	Gateway id (agentId) for the Payouts product (Settings -> Payouts)
`YOOKASSA_PAYOUT_SECRET_KEY`	Payouts	Secret key for the Payouts gateway
`HTTP_PORT`	No	Port for HTTP transport (default 3000); enables `--http` mode
`MCP_AUTH_TOKEN`	HTTP only	Required in HTTP mode. Bearer token clients must send on `/mcp`
`HTTP_HOST`	No	Bind address for HTTP mode (default `127.0.0.1`; set `0.0.0.0` to expose — only behind a proxy)
`MCP_ALLOWED_HOSTS`	No	Comma-separated `Host` allowlist (default `127.0.0.1:<port>,localhost:<port>`)
`MCP_ALLOWED_ORIGINS`	No	Comma-separated browser `Origin` CORS allowlist (default: none — browser origins rejected)
`YOOKASSA_DEBUG`	No	Set to `1` to trace each request (method/path/status/latency/idempotency-key) to stderr — never logs secrets, the auth header, or request bodies

Test mode / safety

This server drives real money operations. While developing:

Create a test shop in the YooKassa dashboard and use its YOOKASSA_SHOP_ID / YOOKASSA_SECRET_KEY.
Confirm you are in test mode by calling get_shop_info — expect "test": true — before switching to a live shop.
In a live shop, create_payment, create_refund, create_payout, create_recurring_payment, save_payment_method, and capture_payment move real funds and are irreversible. These tools are annotated as destructive so MCP clients can prompt before running them.
The HTTP transport is unauthenticated-by-default-refused and binds to localhost — see SECURITY.md before any remote deployment.

Tools (20)

Payments (9)

Tool	Description
`create_payment`	Create a payment with amount, description, payment method. Returns payment URL. Supports receipts and metadata
`get_payment`	Get payment details by ID -- status, amount, confirmation URL, metadata
`capture_payment`	Confirm a two-step payment (capture held funds). Partial capture supported
`cancel_payment`	Cancel a payment (pending or waiting_for_capture)
`list_payments`	List payments with filters by status, date range, and pagination
`save_payment_method`	Save a payment method for recurring charges (card binding)
`create_recurring_payment`	Charge a saved payment method (no user interaction)
`create_sbp_payment`	Create a payment via SBP (Russian fast payment system)
`create_split_payment`	Split payment for marketplaces -- distribute funds among partners

Refunds (3)

Tool	Description
`create_refund`	Full or partial refund by payment ID
`get_refund`	Get refund details by ID
`list_refunds`	List refunds with optional payment filter

Receipts (2)

Tool	Description
`create_receipt`	Fiscal receipt (54-FZ) -- items, VAT codes, customer contacts
`list_receipts`	List receipts by payment or refund ID

Payouts (2)

⚠️ Payouts are a separately-activated YooKassa product with their own gateway credentials (YOOKASSA_PAYOUT_AGENT_ID + YOOKASSA_PAYOUT_SECRET_KEY), not the shop's payment key. Sending a raw card number requires a PCI DSS certificate — without it, collect the recipient via the payout widget and pass payout_token. Payouts are asynchronous (poll get_payout).

Tool	Description
`create_payout`	Payout to bank card / YooMoney wallet / SBP, or via `payout_token`
`get_payout`	Get payout status and details by ID

Webhooks (3)

Tool	Description
`create_webhook`	Register a webhook URL for events (payment.succeeded, refund.succeeded, etc.)
`list_webhooks`	List all registered webhooks
`delete_webhook`	Delete a webhook by ID

Account (1)

Tool	Description
`get_shop_info`	Shop info -- ID, status, test mode, fiscalization (YooKassa has no balance endpoint)

Demo Prompts

Create a payment for 5000 RUB for order #123 with SBP as payment method

Set up a recurring subscription: bind the card with 1 ruble, then charge 999 RUB monthly using the saved method

Show all successful payments for the last 7 days and create a refund of 2500 RUB for payment pay_xxx

Architecture

Auth: HTTP Basic Auth (YOOKASSA_SHOP_ID:YOOKASSA_SECRET_KEY)
Base URL: https://api.yookassa.ru/v3/
Idempotence-Key: one stable UUID v4 per logical POST/DELETE request, preserved across retries (a retried request is de-duplicated by YooKassa, never double-charged). Callers may pass an explicit key.
Timeout: 35 seconds (above YooKassa's ~30s server-side answer window, so slow-but-successful operations are not aborted client-side)
Retry: 3 attempts on 429/5xx/timeout with exponential backoff (1s, 2s, 4s); retries reuse the same Idempotence-Key, so they are safely de-duplicated
Transport: stdio (default) or Streamable HTTP (--http / HTTP_PORT)

Part of Russian API MCP Series

MCP	Status	Description
@metarebalance/dadata-mcp	ready	Addresses, companies, banks, phones
@theyahia/cbr-mcp	ready	Currency rates, key rate
@theyahia/yookassa-mcp	ready	Payments, refunds, receipts, payouts, webhooks
@theyahia/cloudpayments-mcp	ready	Payments, subscriptions, orders
...		+46 servers -- full list

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Yookassa MCP Server

About

Security Report

Findings (5)Action required

Permissions Required

What You'll Need

How to Install

Documentation

@theyahia/yookassa-mcp

Quick Start

Claude Desktop

Claude Code

VS Code / Cursor

Windsurf

Streamable HTTP (remote / Docker)

Environment Variables

Test mode / safety

Tools (20)

Payments (9)

Refunds (3)

Receipts (2)

Payouts (2)

Webhooks (3)

Account (1)

Demo Prompts

Architecture

Part of Russian API MCP Series

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent