Connect Any CRM with MCP Servers

The Model Context Protocol (MCP) is an open standard that defines how AI models communicate with external tools. Instead of writing bespoke API integration code inside your bot, you expose capabilities as MCP tools — named functions with typed inputs and outputs — that any compatible AI runtime can call.

WhatsApp Bot Platform spawns a dedicated MCP server process per tenant. The LLM Orchestrator passes the tool catalogue to the model on every request, and when the model decides to use a tool it emits a structured tool_call that the orchestrator intercepts, executes, and returns as a tool_result.

In your instance settings, expand the MCP Configuration panel. Provide the command that starts your MCP server (e.g. 'python crm_server.py') and any required environment variables. If your server needs OAuth2 credentials, select 'oauth2' as the auth type and supply the token URL, client ID, and client secret — the platform will handle token refresh automatically.

The platform validates the connection by calling the MCP list_tools endpoint. If successful, the tool list appears in the dashboard so you can review which capabilities the LLM will have access to.

An MCP tool is a Python function decorated with @mcp.tool(). It receives validated arguments matching the JSON Schema you declare, calls your CRM's REST API, and returns a plain string result. The LLM uses this result to compose a natural-language reply for the customer.

For example, a get_order_status(order_id: str) tool queries your e-commerce backend and returns a string like 'Order ORD-9821 is out for delivery, estimated arrival 3 PM today.' The LLM then wraps this in a friendly sentence — no template logic required.

All MCP credentials are encrypted at rest using AES-256 (Fernet). The MCP server process runs with the minimum permissions required — it cannot access the database or other tenants' configuration. Each tool call is logged with its arguments and result for audit purposes.

We recommend keeping your MCP server read-only where possible. If your bot needs to write data (e.g. create a support ticket), add an explicit confirmation step using a Flow's Ask Question step before calling the write tool — this prevents prompt-injection attacks from tricking the bot into making unintended mutations.