Back to Browse
Free
Server data from the Official MCP Registry
MCP server for the Avanan MSP SmartAPI — manage child MSPs, users, tenants, licenses, and usage.
About
MCP server for the Avanan MSP SmartAPI — manage child MSPs, users, tenants, licenses, and usage.
Security Report
4.2
Use Caution4.2High RiskThis MCP server implements secure authentication to the Avanan MSP SmartAPI with proper credential handling via environment variables and request headers. The codebase is well-structured with appropriate error handling and no evidence of malicious patterns. The primary concern is an acknowledged uncertainty around the HMAC signing algorithm (documented as a best-guess implementation pending confirmation from Avanan), which represents a medium-severity functional risk rather than a security vulnerability. The server's permissions align well with its purpose as an API client. Supply chain analysis found 3 known vulnerabilities in dependencies (2 critical, 1 high severity).
7 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
Application ID provided by Avanan Support (x-av-app-id)
Environment variable: AVANAN_APP_ID
Token from the Avanan auth handshake (x-av-token)Required
Environment variable: AVANAN_TOKEN
Shared secret used to compute the x-av-sig HMACRequired
Environment variable: AVANAN_SECRET
API region: us, eu, ca, or ap (defaults to JWT region claim, then us)
Environment variable: AVANAN_REGION
Transport mode: 'stdio' for local CLI use, 'http' for gateway hosting
Environment variable: MCP_TRANSPORT
HTTP transport listen port
Environment variable: MCP_HTTP_PORT
Log verbosity: debug, info, warn, error
Environment variable: LOG_LEVEL
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-wyre-technology-avanan-legacy-mcp": {
"env": {
"LOG_LEVEL": "your-log-level-here",
"AVANAN_TOKEN": "your-avanan-token-here",
"AVANAN_APP_ID": "your-avanan-app-id-here",
"AVANAN_REGION": "your-avanan-region-here",
"AVANAN_SECRET": "your-avanan-secret-here",
"MCP_HTTP_PORT": "your-mcp-http-port-here",
"MCP_TRANSPORT": "your-mcp-transport-here"
},
"args": [
"-y",
"@wyre-technology/avanan-legacy-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
avanan-legacy-mcp
MCP server for the Avanan MSP SmartAPI (the "legacy" Avanan MSP tenant management
API — distinct from avanan-mcp, which targets the Checkpoint Harmony Email & Collaboration
HEC API).
Implements the Jan 2024 Avanan MSP SmartAPI Reference Guide:
| Group | Tools |
|---|---|
| Child MSPs | avanan_list_msp_partners, avanan_create_msp_partner, avanan_delete_msp_partner |
| MSP users | avanan_list_msp_users, avanan_get_msp_user, avanan_create_msp_user, avanan_update_msp_user, avanan_delete_msp_user |
| Customer tenants | avanan_list_tenants, avanan_get_tenant, avanan_create_tenant, avanan_delete_tenant |
| Licenses | avanan_list_licenses, avanan_list_addons, avanan_assign_license |
| Usage | avanan_get_monthly_usage, avanan_get_daily_usage |
Configuration
| Env var | Required | Description |
|---|---|---|
AVANAN_APP_ID | yes | Application ID provided by Avanan Support (x-av-app-id). |
AVANAN_TOKEN | yes | Token from the Avanan auth handshake (x-av-token). |
AVANAN_SECRET | yes | Shared secret used to compute the x-av-sig HMAC. |
AVANAN_REGION | no | us | eu | ca | ap. Defaults to JWT region claim, then us. |
MCP_TRANSPORT | no | stdio (default) or http. |
MCP_HTTP_PORT | no | HTTP transport port (default 8080). |
LOG_LEVEL | no | debug | info | warn | error (default info). |
In gateway mode, credentials are taken per-request from headers:
X-Avanan-App-Id, X-Avanan-Token, X-Avanan-Secret, optionally X-Avanan-Region.
Status
[!IMPORTANT] The
x-av-sigsigning algorithm is implemented as a best-guess HMAC-SHA256 because the MSP SmartAPI guide defers signing details to the parent Avanan API Reference Guide. Replace the body ofsignRequest()insrc/utils/client.tswith the exact algorithm before production use. The function is isolated so no other code needs to change.
Build
npm install
npm run build
npm start
Regional endpoints
| Region | Base |
|---|---|
| US | https://smart-api-production-1-us.avanan.net |
| EU | https://smart-api-production-1-eu.avanan.net |
| CA | https://smart-api-production-1-ca.avanan.net |
| AP | https://smart-api-production-5-ap.avanan.net |
All endpoints sit under /v1.0/msp/....
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
486
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
65
Installs
10.0
Security
4.6
Local