mybank-mcp-server

nicotriballier/mybank-mcp-server

3.2

If you are the rightful owner of mybank-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

MyBank MCP Server is a secure banking operations server that integrates with MyBank APIs and uses Auth0 for authentication.

Tools
4
Resources
0
Prompts
0

MyBank MCP Server

A Model Context Protocol (MCP) server that provides secure banking operations through Auth0 authentication and integrates with MyBank APIs.

🚀 Features

  • Secure Authentication: Auth0 JWT token validation
  • Bank Operations: Get balance, transfer money, retrieve user information
  • MCP Protocol Support: Server-Sent Events (SSE) transport layer
  • OAuth Discovery: OpenID Connect metadata endpoint
  • Environment Configuration: Secure environment variable management

📋 Prerequisites

  • Node.js (v18 or higher)
  • Auth0 account and configured applications
  • MyBank API 1 and API 2 access credentials

🛠️ Installation

  1. Clone the repository

    git clone <repository-url>
cd mybank-mcp-server

  2. Install dependencies

    cd app
npm install

  3. Configure environment variables

    cp .env.example .env
# Edit .env with your actual values

  4. Build the project

    npm run build

  5. Start the server

    npm start

⚙️ Configuration

Environment Variables

Create a .env file in the app directory with the following variables:

# MCP Server Configuration
PORT=3000

# Auth0 Configuration for MCP Server
AUTH0_DOMAIN=your-domain.us.auth0.com
AUTH0_AUDIENCE=https://mcp.mybank.com

# MyBank API 1 Configuration (Balance Operations)
MYBANK_API_1_AUTH0_DOMAIN=your-domain.us.auth0.com
MYBANK_API_1_CLIENT_ID=your_client_id_for_api_1
MYBANK_API_1_CLIENT_SECRET=your_client_secret_for_api_1
MYBANK_API_1_AUDIENCE=https://mybank-api-1.test
MYBANK_API_1_SCOPE=read:balance
MYBANK_API_1_URL=https://your-api-1-host.com

# MyBank API 2 Configuration (Transfer Operations)
MYBANK_API_2_AUTH0_DOMAIN=your-domain.us.auth0.com
MYBANK_API_2_CLIENT_ID=your_client_id_for_api_2
MYBANK_API_2_CLIENT_SECRET=your_client_secret_for_api_2
MYBANK_API_2_AUDIENCE=https://mybank-api-2.test
MYBANK_API_2_SCOPE=transfer:money
MYBANK_API_2_TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE=urn:mybank:api:2
MYBANK_API_2_URL=https://your-api-2-host.com

# Access Tokens (set dynamically by the application)
MCP_ACCESS_TOKEN=
MYBANK_API_1_ACCESS_TOKEN=
MYBANK_API_2_ACCESS_TOKEN=

🌐 API Endpoints

HTTP Endpoints

1. OAuth Discovery Endpoint
  • GET /.well-known/oauth-authorization-server
    • Purpose: OAuth 2.0 authorization server metadata
    • Authentication: None required
    • Returns: OAuth server configuration
2. MCP SSE Connection
  • GET /sse
    • Purpose: Establishes Server-Sent Events connection for MCP
    • Authentication: Bearer token required
    • Headers: Authorization: Bearer <jwt_token>
    • Returns: SSE stream for MCP communication
3. MCP Messages
  • POST /messages
    • Purpose: Handles MCP protocol messages
    • Authentication: Bearer token required
    • Headers: Authorization: Bearer <jwt_token>
    • Query Parameters: sessionId (required)
    • Returns: MCP protocol responses

🛠️ MCP Tools

The server exposes the following MCP tools:

1. bank_name

  • Description: Get the bank name
  • Parameters: None
  • Returns: Bank name and welcome message
  • Example Response: "Welcome to the AI world. Your bank name is: 'My Bank'..."

2. get_my_email

  • Description: Get user's email from Auth0
  • Parameters: None
  • Returns: User's email address
  • Authentication: Uses MCP client's Auth0 token

3. get_balance

  • Description: Get bank account balance
  • Parameters:
    • account_number (string, 5 digits)
  • Returns: Account balance
  • Authentication: Uses client credentials flow with MyBank API 1

4. transfer_money

  • Description: Transfer money between accounts
  • Parameters:
    • account_number_sender (string, 5 digits)
    • account_number_receiver (string, 5 digits)
    • amount (string)
  • Returns: Transfer confirmation number
  • Authentication: Uses token exchange flow with MyBank API 2

🔐 Authentication Flow

  1. MCP Client Authentication: Clients must provide a valid Auth0 JWT token
  2. Token Validation: Server validates JWT against Auth0 domain
  3. API Access: Server uses client credentials and token exchange flows to access MyBank APIs
  4. Token Management: Server automatically refreshes API tokens when they expire

🚀 Usage

Starting the Server

cd app
npm start

The server will start on port 3000 (or the port specified in PORT environment variable).

Connecting MCP Clients

MCP clients can connect to the server using the SSE endpoint:

GET http://localhost:3000/sse
Authorization: Bearer <your_auth0_jwt_token>

Example MCP Tool Calls

// Get bank name
{
  "method": "tools/call",
  "params": {
    "name": "bank_name"
  }
}

// Get account balance
{
  "method": "tools/call",
  "params": {
    "name": "get_balance",
    "arguments": {
      "account_number": "12345"
    }
  }
}

// Transfer money
{
  "method": "tools/call",
  "params": {
    "name": "transfer_money",
    "arguments": {
      "account_number_sender": "12345",
      "account_number_receiver": "67890",
      "amount": "100.00"
    }
  }
}

🏗️ Architecture

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   MCP Client    │    │  MyBank MCP     │    │   MyBank APIs   │
│                 │    │     Server      │    │                 │
│                 │◄──►│                 │◄──►│                 │
│ - Auth0 JWT     │    │ - Auth0         │    │ - API 1 (Balance)│
│ - MCP Protocol  │    │   Validation    │    │ - API 2 (Transfer)│
│                 │    │ - Token Mgmt    │    │                 │
└─────────────────┘    └─────────────────┘    └─────────────────┘

🔧 Development

Project Structure

mybank-mcp-server/
├── app/
│   ├── src/
│   │   └── index.ts          # Main server code
│   ├── build/                # Compiled JavaScript
│   ├── package.json          # Dependencies
│   ├── tsconfig.json         # TypeScript config
│   └── .env                  # Environment variables
├── .env.example              # Environment template
├── .gitignore               # Git ignore rules
└── README.md                # This file

Building

cd app
npm run build

Scripts

  • npm run build: Compile TypeScript to JavaScript
  • npm start: Start the server
  • npm run build && npm start: Build and start

🛡️ Security

  • Environment Variables: Sensitive data stored in .env (not committed to git)
  • JWT Validation: All requests validated against Auth0
  • Token Management: Automatic token refresh and validation
  • HTTPS Ready: Configure for production HTTPS deployment

🐛 Troubleshooting

Common Issues

  1. "Required environment variable not set"

    • Ensure all required variables are set in .env
    • Check that .env file is in the app directory

  2. "Invalid Token" errors

    • Verify Auth0 configuration
    • Check JWT token validity and audience

  3. API connection failures

    • Verify MyBank API URLs and credentials
    • Check network connectivity

Logs

The server logs important events including:

  • Environment variable loading
  • Token validation results
  • API calls and responses
  • Error messages

📄 License

[Add your license information here]

🤝 Contributing

[Add contribution guidelines here]

📞 Support

[Add support contact information here]