Define the MCP server's tool manifest covering the core commerce capabilities you want agents to use: search_products, get_product_detail, check_availability, get_shipping_options, create_cart, add_to_cart, apply_promo_code, and initiate_checkout.
Implement each tool as a handler that calls your existing backend APIs; return structured, machine-readable responses with explicit field names and types rather than free-text prose.
Require API key authentication for all tool calls; issue scoped API keys that allow read-only access (browsing/search) separately from write access (cart/checkout) so agents can be granted minimum necessary permissions.
Publish your MCP server's endpoint URL in /.well-known/mcp.json and in your /llms.txt file so that agents can discover it without prior knowledge of your specific implementation.
Add rate limiting per API key to prevent a misbehaving agent from degrading your storefront; return standard 429 responses with Retry-After headers.
Document your tool schemas in a developer-facing guide: include example inputs and outputs, error codes, and the expected checkout flow so agent developers can integrate reliably.
Known gotchas
MCP is an evolving protocol; version your server manifest and tool schemas and maintain backward-compatible changes where possible so existing agent integrations do not break on updates.
Cart and session state in your MCP server must be tied to authenticated sessions, not just cart tokens, to prevent unauthorized access to other users' carts.
Ensure your checkout tool returns a human-facing URL as well as a machine-readable order summary; agents frequently need to hand off the final payment step to a human and require a stable checkout URL to do so.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp