Top APIs With MCP Endpoints 2026
TL;DR
As of January 2026, 16+ production APIs ship native MCP (Model Context Protocol) endpoints. Stripe, GitHub, Notion, Linear, Cloudflare, Salesforce, Supabase, and Figma all offer official remote MCP servers — meaning you can connect your AI assistant to live production data without writing a single line of integration code. This roundup covers which APIs are MCP-ready, how to connect them, and what REST developers need to know about the shift.
Key Takeaways
- January 26, 2026 — Anthropic launched 16 remote MCP apps in one day (Amplitude, Asana, Box, Clay, Hex, Salesforce joined GitHub, Stripe, Notion, Linear, Cloudflare, Figma, and Supabase)
- Stripe MCP is the most production-ready: 25 dedicated tools, OAuth, hosted at
mcp.stripe.com - Cloudflare MCP is the broadest: 2,500 API endpoints compressed into ~1K tokens via Code Mode
- Claude Code, Cursor, and Windsurf all support MCP natively; VS Code requires an extension
- Remote HTTP MCP (OAuth) is replacing local stdio servers as the deployment standard in 2026
What Is an MCP Endpoint?
Model Context Protocol is an open standard from Anthropic that gives AI assistants a structured way to call external tools. Instead of an LLM generating raw HTTP calls (and hoping the JSON is right), MCP defines a typed interface: the server exposes "tools" with schemas, the client (Claude, Cursor, etc.) discovers them at connection time, and tool calls go through a validated JSON-RPC layer.
The result is an AI that can reliably call your API without hallucinating endpoints.
Traditional API flow: Developer → writes integration code → calls REST endpoint
MCP flow: AI agent → discovers tools at runtime → calls validated MCP tool
There are two MCP transport types:
- stdio — runs a local process, suitable for development and sensitive credentials
- HTTP/SSE — remote server, OAuth-authenticated, suitable for multi-user production use
In 2026, most official API MCP servers have moved to HTTP/SSE with OAuth. You add them to your AI client once; they work from any device.
Official MCP Servers at a Glance
| API | Official? | Transport | Auth | Key Capabilities |
|---|---|---|---|---|
| Stripe | ✅ Official | HTTP (remote) | OAuth | Payments, invoices, customers, subscriptions |
| GitHub | ✅ Official | HTTP (remote) | OAuth | Repos, PRs, issues, code search |
| Notion | ✅ Official | HTTP (remote) | OAuth | Pages, databases, search |
| Linear | ✅ Official | HTTP (remote) | OAuth | Issues, projects, teams |
| Cloudflare | ✅ Official | HTTP (remote) | OAuth | 2,500+ API endpoints |
| Salesforce | ✅ Official | HTTP (remote) | OAuth | CRM, records, queries |
| Supabase | ✅ Official | HTTP (remote) | API key | Database, auth, storage |
| Figma | ✅ Official | HTTP (remote) | OAuth | Files, components, comments |
| Amplitude | ✅ Official | HTTP (remote) | API key | Analytics events, cohorts |
| Asana | ✅ Official | HTTP (remote) | OAuth | Tasks, projects, teams |
| Box | ✅ Official | HTTP (remote) | OAuth | Files, folders, metadata |
| Slack | Community | stdio/SSE | Token | Channels, messages, threads |
Stripe MCP: The Gold Standard
Stripe's MCP server (mcp.stripe.com) is the most fully-featured official implementation as of April 2026. It exposes 25 discrete tools covering every major Stripe resource:
- Customers — create, retrieve, list, update
- Products & prices — create product/price combos for one-time or recurring billing
- Invoices — create, finalize, send, void
- Subscriptions — create, update, cancel, pause
- Refunds — create refunds with reason codes
- Payment links — generate shareable checkout URLs
- Disputes — retrieve evidence, submit responses
The security model is thoughtful: the hosted remote server uses OAuth so no API keys leave your browser. For local deployment, you use a restricted API key scoped to exactly the resources an agent needs, and the Stripe Dashboard shows every MCP session with tool-call logs.
Add to Claude Code:
{
"mcpServers": {
"stripe": {
"command": "npx",
"args": ["-y", "@stripe/mcp-server"],
"env": {
"STRIPE_SECRET_KEY": "rk_live_..."
}
}
}
}
Or use the hosted OAuth version from Claude.ai's integrations panel (no config file needed).
GitHub MCP: Full Repository Context
GitHub's official MCP server gives AI assistants identity-aware repository access. Unlike pasting code snippets into a chat window, the GitHub MCP server lets your AI:
- Browse repository trees and file contents
- Search code across repos with the GitHub code search API
- Read and create issues and pull requests
- Check CI run statuses and workflow logs
- List and review comments on PRs
This makes agentic code review practical: point Claude at a PR number and ask it to review, then watch it pull the diff, read linked issues, check CI status, and write substantive comments — all through structured MCP calls rather than brittle web scraping.
GitHub's server uses OAuth and respects your existing repository permissions, so there's no risk of an agent reading repos it shouldn't.
Notion MCP: Databases as Agent Memory
Notion's official MCP server (maintained at makenotion/notion-mcp-server) is remote-first and OAuth-authenticated. The key capability: Notion databases become structured memory for AI agents.
Practical flows:
- Log agent outputs directly to Notion databases
- Query project wikis without copy-pasting context
- Create meeting notes, task records, and documentation automatically
- Link Claude Code sessions to project knowledge bases
Notion has explicitly stated they are prioritizing the remote MCP server over the local stdio version — all future development happens on the remote endpoint.
Linear MCP: Issue Tracking for AI Agents
Linear's MCP integration lets AI assistants interact with your team's issue tracker through natural language. An agent can:
- Retrieve issues by status, assignee, or label
- Create new issues with titles, descriptions, and priority
- Update issue status as work progresses
- Query cycles and project roadmaps
- Assign issues to team members
The Linear MCP is particularly useful in agentic developer workflows where code changes should automatically create or close corresponding issues. Pair it with the GitHub MCP and Claude Code can create a PR, link it to the relevant Linear issue, and update the issue status — all in one agent loop.
Cloudflare MCP: 2,500 API Endpoints
Cloudflare runs the broadest MCP server by endpoint count. Their "Code Mode" compresses 2,500 Cloudflare API endpoints into approximately 1,000 tokens of context — making it possible to work with Cloudflare's entire API surface without blowing your context window.
What this covers:
- DNS record management
- Worker deployment and configuration
- R2 object storage operations
- KV namespace reads and writes
- Pages deployment triggers
- Firewall rules and WAF configuration
- Analytics and traffic data
Connect via cloudflare.com/agents with OAuth. You can also browse Cloudflare's catalog of managed MCP servers (they maintain several, not just the main API one) for specific sub-products.
Salesforce and the January 26 Expansion
January 26, 2026 was the biggest single-day expansion of the MCP ecosystem. Anthropic announced 16 remote MCP apps, including Salesforce, Amplitude, Asana, Box, Clay, and Hex joining the existing partners.
Salesforce's MCP server is the most significant enterprise addition. It connects AI assistants to CRM data — contacts, opportunities, accounts, cases — with full SOQL query support. For sales teams using Claude or Cursor for internal tooling, this means agents can pull live pipeline data without a separate ETL layer.
Amplitude and Hex cover the analytics and data notebook space, making it possible to query event data or trigger notebook re-runs from an AI chat interface.
How to Connect MCP APIs to Your AI Client
Claude Code
Add servers to ~/.claude/claude_code_config.json:
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_..."
}
},
"linear": {
"command": "npx",
"args": ["-y", "@linear/mcp-server"],
"env": {
"LINEAR_API_KEY": "lin_api_..."
}
}
}
}
For hosted OAuth servers (Stripe, Notion, GitHub remote), use Claude.ai's built-in Integrations panel. No JSON editing required.
Cursor
In Cursor Settings → MCP → Add Server. Cursor supports both stdio and HTTP/SSE transports. Add the server URL for remote OAuth servers or the command/args for local stdio.
Windsurf
Open the Cascade panel → click the plug icon → Add MCP Server. Windsurf auto-discovers tools from the connected server and surfaces them in the Cascade context.
VS Code
Install the MCP Tools extension. Configure servers in your workspace .vscode/settings.json. VS Code MCP support is still maturing compared to Claude Code and Cursor.
REST vs MCP for Agent Workflows
When should you use MCP instead of direct REST calls?
| Scenario | Use REST | Use MCP |
|---|---|---|
| Single, well-defined API call | ✅ | — |
| Multi-step workflow with branching | — | ✅ |
| Human reviews each step | ✅ | — |
| AI agent runs autonomously | — | ✅ |
| Need exact request/response control | ✅ | — |
| AI discovers available operations | — | ✅ |
| Production batch jobs | ✅ | — |
| Interactive chat-driven workflows | — | ✅ |
MCP's advantage is discoverability and safety in agentic contexts. The schema validation prevents malformed requests, the tool list prevents hallucinated endpoints, and the typed parameters reduce prompt-injection risk. For a human developer writing known API calls, REST is faster. For an AI agent navigating an unfamiliar API surface, MCP is more reliable.
Building Your Own MCP Server
If your API isn't on the list above, Anthropic's TypeScript and Python SDKs make it straightforward to wrap any REST API as an MCP server:
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
const server = new Server({ name: "my-api", version: "1.0.0" });
server.setRequestHandler(CallToolRequestSchema, async (request) => {
if (request.params.name === "get_user") {
const { userId } = request.params.arguments;
const user = await myApi.users.get(userId);
return { content: [{ type: "text", text: JSON.stringify(user) }] };
}
});
const transport = new StdioServerTransport();
await server.connect(transport);
For guidance on securing custom MCP servers before production deployment, see Anthropic MCP Server Security Best Practices.
The Expanding Ecosystem
The MCP vs A2A protocols comparison covers where MCP fits in the broader agent-to-agent communication landscape — worth reading if you're building multi-agent systems where MCP is only one layer.
The MCP registry currently lists 100+ verified servers. Growth areas for 2026:
- Database MCP servers — PostgreSQL, MySQL, Mongo wrappers with schema discovery
- CI/CD servers — Jenkins, CircleCI, ArgoCD
- Monitoring servers — Datadog, PagerDuty, Grafana
- Communication servers — Slack (community), Discord, Microsoft Teams
Every major cloud vendor has a MCP server in development or early release. AWS announced their MCP server for Bedrock and a subset of AWS services in Q1 2026; the Azure MCP server launched in preview the same week.
When to Start Using MCP APIs
If you're building AI-assisted workflows today, the tipping point has passed. The official servers from Stripe, GitHub, Notion, Linear, and Cloudflare are production-grade. The January 2026 expansion added enterprise coverage. Claude Code, Cursor, and Windsurf all support MCP natively.
The practical starting point:
- Start with one server — GitHub or Linear if you're a developer team; Stripe if you're billing
- Use the remote OAuth version — no local process to maintain
- Test in Claude.ai Integrations before wiring into production code
- Scope credentials tightly — restrict API keys to the resources an agent actually needs
MCP doesn't replace REST for production services. It augments your API surface with an AI-navigable interface — letting agents do exploratory and multi-step work while your existing REST integrations handle deterministic batch operations.
MCP Security and Credential Scoping
When connecting MCP servers to agents, credential scoping matters more than it does in traditional API integrations. An AI agent with read-write access to your GitHub repositories, your Linear project management, and your Stripe account has a very large blast radius if a prompt injection attack manipulates it into taking unintended actions. The MCP security model does not prevent this automatically — it delegates that responsibility to you.
Practical scoping rules for production MCP deployments: create a dedicated API key for each MCP server rather than reusing your personal or admin tokens. Grant the minimum permissions the agent actually needs — read-only access if the workflow doesn't require writes, project-scoped rather than org-scoped access, specific repository access rather than all-repositories. Rotate these keys on a schedule, particularly for servers that touch billing or customer data.
Official MCP servers from Stripe, GitHub, and Linear document their required permission scopes explicitly. Review those requirements before issuing credentials. Community-maintained servers are less consistent — audit what permissions they request and what data they transmit before deploying them in environments with sensitive access. A useful rule of thumb: treat MCP credentials with the same rigor you'd apply to a production service account, because an agent acting on those credentials can make real writes, deletions, and API calls at machine speed.
For a broader view of the best APIs for AI-native applications, see Best AI APIs for Developers 2026.