What you will see
The first time you connect an MCP client (Claude, Cursor, ChatGPT, Le Chat, …) tohttps://mcp.qonto.com/mcp:
- Your browser opens at Qonto.
- You sign in if you are not already, pick the organization to connect, and review the permissions the client is asking for.
- You confirm. The client stores the resulting authorization locally and reconnects to the MCP server.
- The Qonto tools become available in your chat.
What it can do on your behalf
The MCP server acts as you:- It cannot exceed what your role and your organization’s price plan allow.
- It is bound to the permissions you granted at consent time. To grant more, you have to re-authorize.
- Sensitive operations (PSD2-classified actions like creating certain cards or approving multi-transfer requests) still require Strong Customer Authentication in the Qonto mobile app. The MCP server cannot bypass SCA, when one of these is triggered, your assistant will ask you to approve in the app and continue once you have.
Reviewing and revoking access
Active connections are listed in the connected apps section of your Qonto account. From there you can revoke a connection at any time; the MCP client can no longer reach Qonto until you grant consent again. Removing the server from your MCP client (Claude, Cursor, …) cleans up the client side. Revoking the consent inside Qonto cleans up the server side. Doing both is the safest way to fully disconnect.Sandbox vs production
The public Qonto MCP server (https://mcp.qonto.com/mcp) targets the production Qonto environment. A separate sandbox deployment is intended for partner development; reach out to your Qonto contact if you need access.