Your e-shop holds a lot of answers in its data. But getting to them often means going through the BI team, exports, SQL queries, or a dev ticket. We are among the first Czech e-commerce platforms to change that.
Shopsys Platform now includes an MCP server that allows AI tools to securely work with permitted e-shop data in read-only mode – from products and orders to inventory and customers. Administrators can ask questions directly over the data they need, in plain language.
MCP Server in Shopsys Platform
MCP (Model Context Protocol) is an open standard for connecting AI applications to external data sources. AI clients such as Claude Code, Codex CLI, or any other MCP-compatible tool get controlled read-only access to e-shop data and can assist with analysis, auditing, and reporting.
In Shopsys Platform, the MCP server acts as a secure data gateway between AI and the e-shop database. It currently offers three core ways to work with data: listing database tables, accessing the database schema, and running SQL queries.
What MCP Enables in Practice — Ask Your E-shop Specific Questions, for example:
1. Which categories are growing and which are stagnating?
Track margin trends, category performance, or GMV for any given period – instantly, without the BI team or a new dashboard. Output can include a summary or a chart.
2. How many products in the catalogue have incomplete data?
AI can scan the entire catalogue and identify products missing descriptions, parameters, or correct categorisation.
3. Is product data ready for campaigns and marketplaces?
Check for missing EANs, descriptions, or incorrect categorisation before launching campaigns.
4. What is performance across domains and markets?
MCP allows you to work with data across multiple projects at once – for example when calculating GMV.
5. Need a quick answer without raising a ticket?
Order status, click-and-collect shipments, or conversion trends can be checked instantly – without opening the database or filing a ticket.
…and much more.
Significant Value for Everyone — Not Just the E-shop Owner
- CEO / Owner / E-commerce Director
Faster decision-making, less waiting on reporting, greater team autonomy.
Ask AI about order status, category growth, or best-selling products. No need to wait for the BI team or a developer.
- CMO / Marketing / Category Manager
Product data, attributes, translations, categories, Heureka, campaigns.
AI can surface products missing attributes, incorrect categorization, missing translations, or assortment opportunities.
- CTO / IT / Security
Access management, permissions, audit, read-only mode, performance, GDPR risks.
AI provides visibility into who accesses data and how — with read-only mode, an explicit allow-list, audit logging, OAuth, client revocation, and query limits.
- Developers / Implementation Teams
Debugging, quick exploration of production data, fewer manual SQL queries.
AI can quickly identify what combination of production data is causing an issue.
Security and Governance
In Shopsys Platform, most data is accessible via MCP by default – the platform comes with pre-configured values. Only selected fields are restricted.
For everything newly added, a simple principle applies: “everything is blocked until explicitly permitted” – any new database field is unavailable to AI by default. The system forces developers to decide whether new data should be accessible via MCP. No data can accidentally reach AI. We have that under control.
Additional security layers:
- Read-only access – AI access to data is secured at multiple levels – data can only be read, not modified or deleted.
- Query limits – to prevent system overload, both the amount of data returned and the query execution time are limited.
- Audit log – every AI client call is recorded, making it always traceable who queried what data and when.
- OAuth with revocation – each connected AI client is managed and revoked independently within the administration.
Shopsys Platform gives full control over which data is made accessible to AI. The choice of AI client and its data processing terms are part of the internal security and compliance policy of whoever uses MCP.
We will also offer VPN-based access security for clients, minimising the risk of access key leaks and unauthorised data access.
Who Is the MCP Server For?
The MCP server is useful for e-commerce management, marketing, product teams, and developers alike – each can use it for different types of data queries. In the current version, access is available to superadministrators only. We are working on extending it to additional roles.
What the MCP Server Is Not
The MCP server does not allow AI to independently modify, delete, or perform bulk edits on data. It is strictly read-only – and only for data that has been explicitly permitted.
