Obtain API credentials from your Coupa instance administrator; Coupa supports OAuth 2.0 (recommended for integrations) and API key authentication — request an OAuth client ID and secret from Coupa Setup > OAuth2/OpenID Connect Clients.
For OAuth, POST to https://{instance}.coupahost.com/oauth2/token with 'grant_type=client_credentials', 'client_id', and 'client_secret'; the base URL uses your Coupa instance subdomain.
Include 'Authorization: Bearer {access_token}' and 'Accept: application/json' headers; by default Coupa returns XML — the Accept header is required to receive JSON.
List suppliers with GET https://{instance}.coupahost.com/api/suppliers; use query parameters like 'status=active' and standard pagination params 'offset' and 'limit'; filter with 'name[contains]' or other field-specific filter patterns.
Access invoices with GET /api/invoices; filter by 'status', 'date-range', or 'supplier[name]' using Coupa's query syntax; include 'invoice_lines' in the response by appending '?fields[invoice_lines]=true' or using the expand parameter.
Create or update a supplier by POSTing or PUTting to /api/suppliers with the supplier JSON body; required fields typically include 'name', 'status', and contact information — refer to your Coupa instance's API documentation for required fields as they can vary by configuration.
Known gotchas
Coupa instances are highly customized per customer — field names, required fields, and available endpoints can differ between Coupa deployments based on how the instance was configured; the generic Coupa API documentation describes defaults that may not match your specific instance.
Coupa's default API response format is XML despite being a REST API; developers expecting JSON without setting the Accept header will receive XML and misinterpret it as an error — always explicitly set 'Accept: application/json'.
Coupa enforces permission scopes at the OAuth client level based on 'Coupa Roles' assigned to the OAuth application; if an API call returns 403 even with a valid token, the OAuth client likely lacks the required Coupa role (e.g., 'Coupa API Integration') for that resource — this is configured in Coupa Setup, not at the OAuth level.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp