Whatalo MCP
Connect your Whatalo store to AI assistants through the Whatalo MCP server. You decide what data you share and can revoke access at any time.
You can connect your Whatalo store to compatible AI tools so they can read your catalog, orders, and customers, and take actions on your behalf — such as updating a product or changing an order's status.
The connection runs through the Whatalo MCP server (Model Context Protocol), an open standard for connecting AI assistants to platforms. The AI tool only accesses the data you authorize during setup.
Before you connect a tool, review what you're authorizing, what data is shared, and what you're responsible for.
How the connection works
- You add the Whatalo MCP server address to your AI tool.
- You authorize access to your store and choose which permissions to grant.
- The AI tool can read and modify your store data within the permissions you granted.
The scope of access depends on the permissions you approve. You can revoke access at any time from your store settings.
What AI tools can do in your store
Once connected, an AI tool can use the following capabilities. Actions that modify data are marked as such; everything else only reads information.
Your catalog
| Capability | What it does | Type |
|---|---|---|
| List products | Queries products with filters by status, category, featured, price range, and stock | Read |
| Get a product | Shows the full detail of a product | Read |
| Count products | Returns the total number of products | Read |
| Create product | Adds a new product | Modifies |
| Update product | Changes the data of an existing product | Modifies |
| Deactivate product | Hides a product from the storefront | Modifies |
| Delete product | Permanently removes a product | Modifies |
| Get inventory | Reads the stock of a product and its variants | Read |
| Adjust inventory | Adds or removes stock with a recorded reason | Modifies |
Your categories
| Capability | What it does | Type |
|---|---|---|
| List categories | Queries the store's categories | Read |
| Get a category | Shows the detail of a category | Read |
| Create category | Adds a new category | Modifies |
| Update category | Changes the data of a category | Modifies |
| Delete category | Permanently removes a category | Modifies |
Your sales
| Capability | What it does | Type |
|---|---|---|
| List orders | Queries orders with filters by status, payment, customer, date, total, and location | Read |
| Get an order | Shows the full detail of an order | Read |
| Count orders | Returns the total number of orders | Read |
| List order items | Lists the line items of an order | Read |
| Update order status | Changes the status, payment status, or internal notes | Modifies |
Your customers
| Capability | What it does | Type |
|---|---|---|
| Search customers | Queries customers with filters by spend and order count | Read |
| Get a customer | Shows the detail of a customer | Read |
| Count customers | Returns the total number of customers | Read |
Your store settings
| Capability | What it does | Type |
|---|---|---|
| Get store info | Reads your store's general information | Read |
What you authorize
When you connect an AI tool you choose which areas of your store it can access. These are the available permissions:
| Permission | What it includes |
|---|---|
| Your catalog | Products, inventory, and categories: read and edit |
| Your sales | Orders: read and update their status |
| Your customers | Customers: read only |
| Your store settings | General store information: read only |
For the technical detail of these permissions (the OAuth scopes), see the scopes reference.
Connecting your store
The Whatalo MCP server address is:
https://mcp.whatalo.com/commerceThere are two ways to authenticate the connection, depending on the AI tool you use.
Option 1 — Authorize with your account (recommended)
For tools that support remote connections, you add the server address and the tool takes you to sign in to Whatalo. There you pick the store and approve the permissions. You don't need to copy any key.
Option 2 — API key
For tools that require a manual credential, generate an API key from Settings → Developers → API Keys and configure it in your tool as a header:
X-API-Key: wk_live_xxxxxxxxEach API key belongs to a specific store. If you manage several stores, generate one key per store.
Example configuration for an MCP-compatible tool:
{
"mcpServers": {
"whatalo-commerce": {
"type": "http",
"url": "https://mcp.whatalo.com/commerce"
}
}
}Data and privacy
When you connect an AI tool, that tool is a third party that processes your store data according to the permissions you granted. You are responsible for the actions the tool performs in your store, including changes to products, prices, and orders.
- Grant only the permissions the tool needs.
- Regularly review which tools have access to your store.
- Revoke access for any tool you no longer use.
Revoking access
You can revoke access for any connected tool at any time:
- Go to Settings → Security → Connected apps.
- Find the tool you want to disconnect.
- Click Revoke.
When you revoke, all of that tool's credentials for your store are invalidated immediately. To use it again, you'll need to authorize it once more.
Limits
- Requests go through the Whatalo API, which applies a limit of 1,000 requests per minute with production keys (
wk_live_). - When you exceed the limit, requests return a temporary error until the window resets.
- In this version, customer access is read only: the AI can query customers but cannot create or modify them.
Support
Trouble connecting a tool? Email us at [email protected] or check the OAuth documentation for technical authentication details.