Check the merchant's well-known paths for an MCP server manifest: try /.well-known/mcp.json and /llms.txt; the llms.txt file often lists agent-accessible endpoints and their intended use.
If an MCP server URL is advertised, initiate an MCP handshake to enumerate available tools (e.g., search_products, get_product_detail, add_to_cart, get_shipping_options).
Authenticate to the MCP server using the credential scheme it specifies (typically an API key passed in a header); store the credential securely in your agent's secrets manager, never in source code.
Call the product search or catalog browsing tools using structured parameters rather than free-text queries when the server schema permits; structured queries return more reliable, filterable results.
Use the server's cart and checkout tools to build a purchase session; follow the tool's returned session identifiers across calls to maintain state.
Before acting on tool responses, validate that returned product IDs, prices, and availability match what your monitoring pipeline last observed to detect unexpected changes.
Known gotchas
MCP storefront server implementations vary widely; do not assume a tool named 'add_to_cart' exists or behaves identically across merchants — always enumerate tools from the server's own manifest.
Some merchants expose an MCP server in beta that may return incomplete data or have rate limits not yet documented; implement graceful degradation to a non-MCP code path.
llms.txt is an informal convention as of 2025; its presence does not guarantee the linked endpoints are production-ready or authenticated.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp