Plug Shopware 6 into Claude, ChatGPT, and Cursor through the Model Context Protocol. Official server install, security guardrails, and the use cases merchants actually pay for.
The Model Context Protocol (MCP) is an open standard that lets AI assistants like Claude, ChatGPT, and Cursor talk to your tools through a uniform interface. Shopware ships an official MCP server, shopware/shopware-admin-mcp, that exposes the Admin API as a set of tools any MCP-compatible client can call. With it, a merchant can ask their AI assistant questions like "which products are below 5 in stock?" or "draft German meta titles for products in category Outdoor" and the model performs the work against the real store, in plain language, without the merchant ever opening the Administration.
This guide covers what MCP is, how to set up the official Shopware Admin MCP server end-to-end, how to keep it from doing something you regret, and the workflows merchants are actually shipping in 2026: the setup, the gotchas, and the parts I've watched go sideways.
Anthropic introduced MCP in late 2024 to solve a boring but expensive problem: every team integrating an LLM with their internal systems was writing the same glue code in slightly different ways. MCP standardises that glue. A server exposes tools (functions the model can call), resources (read-only data the model can attach to its context), and prompts (parameterised starting points for tasks). A client, usually an AI chat app, discovers what the server offers and decides when to call it.
By 2026, Claude Desktop, ChatGPT, Cursor, Zed, and most production AI IDEs ship MCP support as a first-class feature. Shopware was one of the first major e-commerce platforms to publish an official server, and the community has added several specialised ones for theme work and plugin debugging.
A few things MCP is not:
In the Shopware Administration, go to Settings → System → Integrations and create a new integration. Give it a name you'll recognise later in audit logs, for example mcp-claude-desktop.
Do not tick "Administrator" on the integration. Assign a dedicated ACL role with only the privileges you need. Read-only is a good starting point. You can always grant more later. The point of MCP is to remove friction, not to remove safety rails.
Copy the Access key ID and Secret access key. The secret is shown once. Store it in your password manager, not in the MCP config file.
The official server is published as @shopware-ag/admin-mcp on npm. You don't install it manually. Your AI client launches it via npx with three environment variables set:
SHOPWARE_API_URL=https://shop.example.com
SHOPWARE_API_CLIENT_ID=SWIAxxxxxxxxxxxx
SHOPWARE_API_CLIENT_SECRET=yyyyyyyyyyyyyyThe server speaks MCP over stdio, so running it directly in a terminal isn't useful on its own. The next step wires it into a client that will spawn it and talk to it.
Each client has its own config file but the shape is identical. For Claude Desktop on macOS, edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"shopware-admin-mcp": {
"command": "npx",
"args": ["-y", "@shopware-ag/admin-mcp"],
"env": {
"SHOPWARE_API_URL": "https://shop.example.com",
"SHOPWARE_API_CLIENT_ID": "${SHOPWARE_API_CLIENT_ID}",
"SHOPWARE_API_CLIENT_SECRET": "${SHOPWARE_API_CLIENT_SECRET}"
}
}
}
}
The ${VAR} interpolation reads from the OS environment, which means the actual secret never sits in the config file. Set the variables in your shell profile or, better, in a secrets manager that exports them to the client process.
Restart the AI client. A new tool group named shopware should appear in the integrations panel. If it doesn't, check the client's log file. Wrong path to npx is the most common cause on Windows.
Open a new chat and ask something small and read-only:
List the five most recently created products in the store,
with their stock level and active state.The agent will request permission to call a Shopware tool, you approve once, and the answer comes back as a table grounded in your live data. Check the Shopware integration log under Settings → System → Integrations → Activity to confirm the call was made under the integration you created, not some forgotten admin account.
An MCP server is, functionally, a long-lived API client with the privileges of whoever issued it. Treat it the same way you'd treat an ERP integration. The list below is the short version of what I configure on every install.
If the agent only needs to read product and order data, give it only those read privileges. Create a separate integration with write access for the workflows that genuinely need it. Two integrations cost nothing. One overprivileged key costs everything once a prompt injection convinces the model to delete a category.
The official server speaks stdio, which means it runs as a subprocess of the AI client on your machine. That's the safest configuration today. HTTP-transport MCP servers exist and have their place, but exposing one on the public internet introduces an attack surface that is not worth it for a single-user merchant workflow.
Product descriptions, customer messages, and CMS content are user-generated. An attacker can write instructions into a product description that an LLM might interpret as commands when it reads the data. Treat any content the model reads from the store as untrusted text, and avoid giving the agent write tools that don't require human confirmation when its context could include user-generated content.
Shopware logs every Admin API call under the integration's name. Skim the log once a week. Look for tools the agent called that surprised you, payload sizes that don't make sense, and access patterns outside business hours. The point is not to read every line, it's to develop an intuition for what normal looks like.
These are the patterns that recover their setup time within a month. They are unspectacular on purpose. The value comes from shrinking the gap between a question and an answer from 20 minutes to 20 seconds.
The prompt: "Show all active products with stock below 5, grouped by main category, with their average daily sales over the last 14 days."
What changes: A purchasing manager who spent forty minutes a day in three reports now spends two. The output drops into a spreadsheet, the spreadsheet feeds the next purchase order. No code, no plugin, no consultant.
The prompt: "For the 60 products in category Trail Running, draft new meta titles and meta descriptions in English and German, respecting Google's 60 and 160 character limits, and write them back to the products."
What changes: The agent reads the existing copy, generates better versions, asks for confirmation before each batch of writes, and updates the products through the Admin API. A two-day copywriting task collapses into an hour of review.
The prompt: "Customer Maria Schmidt reports she paid for order 10042 but never received it. Pull the order, payment, shipping, and customer history. Tell me what's likely wrong."
What changes: The model joins data from four endpoints that no merchant memorises the schema of, produces a coherent timeline, and flags the anomaly (payment captured but no shipment record). Support agents work cases faster, customers wait less.
The prompt: "We're launching the new collection tomorrow. Run a checklist: every product in the collection has at least one image, a price in EUR and CHF, stock above zero, a meta description, and is assigned to both sales channels."
What changes: A pre-launch checklist that used to depend on a checklist nobody followed now runs in seconds. The agent returns a list of products that fail any check, and the team fixes them before the campaign goes live instead of after the first customer complaint.
The official server covers product, category, order, sales channel, and media operations. That's enough for most merchants. You start to need a custom server when:
The MCP SDK is available for TypeScript, Python, and Go. A minimal TypeScript server that adds one custom tool, get_top_customers, looks like this:
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
const server = new McpServer({ name: "shop-custom", version: "0.1.0" });
server.registerTool(
"get_top_customers",
{
title: "Top customers by lifetime revenue",
description: "Returns the top N customers by total order value over a date range.",
inputSchema: z.object({
limit: z.number().min(1).max(100).default(10),
since: z.string().describe("ISO 8601 date, inclusive"),
}),
},
async ({ limit, since }) => {
const rows = await fetchTopCustomers(limit, since); // your Admin API call
return { content: [{ type: "text", text: JSON.stringify(rows, null, 2) }] };
}
);
async function main() {
await server.connect(new StdioServerTransport());
}
main();
Two dozen lines and you have a tool the agent can call. Register the binary in the same mcpServers config and it appears alongside the official one. Most of the work, as always, is in the boring parts: pagination, error mapping, and writing input schemas the model can understand without trying every wrong combination first.
Anyone telling you MCP plus Shopware equals autonomous commerce in 2026 is selling something. The honest limits I run into on real projects:
MCP is the most boring exciting thing to happen to e-commerce tooling in years. It doesn't replace your team. It removes the seam between asking a question about your store and getting an answer that's actually grounded in your store. Install the official server, scope the ACL tightly, and start with the daily questions your operations team already asks. The rest follows.
Written by Huzaifa Mustafa
Explore more Shopware development topics:
I help merchants install MCP, scope integrations to least privilege, and build the custom tools their team actually needs.
Talk to an Engineer