The Farin MCP server lets AI agents interact with your bakery data — orders, vendors, recipes, schedule shifts, timecards, and more — using a secure API key.
Each API key is scoped to your company. Agents can only see and change the data that belongs to your workspace.
Quick facts
Start here
- MCP (Model Context Protocol) is a standard that lets AI tools call structured functions on your behalf.
- Every request is authenticated with a
wz_API key tied to your company. - The MCP server offers 21 domain-scoped tools and 3 generic tools for full API coverage.
- API key permissions control which domains (orders, schedule, accounting, etc.) the agent can access.
- Audit trails are preserved — changes made by AI agents follow the same data rules as the Farin app.
How it works
The MCP server is a lightweight proxy between an AI agent and the Farin REST API. When the agent calls a tool, the server:
1. Verifies the API key and loads your company scope and permissions.
2. Calls the Farin API on the agent's behalf, scoped to your company.
3. Returns structured JSON the agent can reason about.
The agent never connects to your database directly. It goes through the same API that the Farin web app uses, with the same tenant isolation and permission checks.
Step 1: Generate an API key
Open API key settings
Go to API Keys.
Only owners and managers can create API keys.
Create a new key
Click Create API Key.
Give the key a descriptive name like Bakery Agent.
Select the domains the agent should access. Start with read-only domains and add write access only when needed.
- You can revoke a key at any time from the same page.
- The full key value is shown only once — copy it before closing the dialog.
Step 2: Configure the agent
Farin uses a Streamable HTTP (also known as MCP-over-HTTP) transport. This allows agents to connect to our hosted infrastructure without needing to run local scripts or handle complex networking.
Connection Details
In your AI agent settings (e.g., Claude Code, OpenClaw, or Codex), add a new HTTP MCP server with these details:
- Type:
http(Streamable HTTP / SSE) - Endpoint URL:
https://farin.app/api/mcp - Authorization:
Bearer wz_your_api_key_here(Add this as an HTTP header) - Example Header:
Authorization: Bearer wz_abc123...
Full Tool Reference
The Farin MCP server provides 24 tools. Use wazi_describe to explore available resources if you are unsure where to start.
Ordering & Vendors
Tools for managing inventory intake and vendor relationships:
- orders_list: List orders with filtering (
status.eq.pending), sorting, and pagination. - orders_get: Retrieve a single order by its UUID.
- orders_create: Create one or more new order records.
- vendors_list: List all configured vendors and their contact details.
- vendors_get: Retrieve a single vendor by its UUID.
Customers & CRM
Tools for managing your customer database and wholesale accounts:
- customers_list: List customer profiles with filtering and sorting.
- customers_get: Retrieve a single customer record by UUID.
- customers_create: Create one or more customer profiles.
- customers_ai_intake: Extract customer details from a business card image or raw text.
- wholesale_orders_list: List all wholesale orders.
- wholesale_orders_get: Get full details for a single wholesale order by ID.
- wholesale_po_intake: Upload a PO (PDF, image, or text) to create an AI-parsed order draft.
- wholesale_credits_create: Create a credit memo for a customer account.
Production & Recipes
Tools for accessing your bakery formulas and items:
- recipes_list: List bakery recipes, formulas, and production methods.
- recipes_get: Retrieve a single recipe and its full version history.
- ingredients_list: List raw ingredients, items, and inventory units.
- equipment_image_intake: Upload a photo of a piece of equipment to extract asset details via AI.
Scheduling & Timeclock
Tools for staff management and hours:
- shifts_list: List shifts for a specific
location_idandweek_start(Monday). - shifts_create: Create a new shift (requires
location_id,role_id,start_at,end_at). - timecards_list: List timecard entries for staff at a location.
Accounting & Admin
Tools for business health and operations:
- accounts_list: List the chart of accounts for the business.
- transactions_list: List all accounting transactions.
- payroll_runs_list: List historical and pending payroll runs.
- people_list: List staff/user profiles and roles.
- equipment_list: List equipment assets and their status.
- tasks_list: List active and completed tasks.
Generic & Discovery Tools
Use these for full API access and metadata:
- wazi_describe: Use this first to discover available domains, resources, and table columns.
- wazi_query: Query any table in the system using standard filtering and projection.
- wazi_mutate: Perform
create,update,upsert, ordeleteactions on any resource. - wazi_call_action: Call custom business logic endpoints that are not standard table operations (e.g.,
/bank-feeds/123/matchor generating reports). Use this for almost any missing feature. Note: Do not return raw API URLs to users as they require an active session or API key; fetch the data directly or provide a web app link.
Security and permissions
- API keys are scoped to a single company. An agent using one company's key can never access another company's data.
- Each key has a permission list that controls which domains it can read from or write to.
- The MCP server enforces the same domain permissions and method checks as the web API.
- Write operations (create, update, delete) require explicit write permission on the domain.
- Keys can be revoked instantly from API Keys.
If something goes wrong
Common issues
401 Unauthorized: The API key is invalid, revoked, or missing. Check that the key starts with wz_ and is still active on API Keys.
403 Forbidden: The key does not have permission for the requested domain or write operation. Edit the key permissions.
Empty results: The key works but the company has no data in that domain. This is normal for new workspaces.
Agent cannot connect: Ensure your agent supports the HTTP/SSE transport and that the Authorization header is correctly formatted.