meni.ge MCP Server — AI / GPT Integration Reference

This document is designed for AI assistants, GPT bots, and automated integrations. It provides exact protocol details, tool schemas, and authentication flow.

Server Information

Authentication

All tool calls require an Authorization header.

Option 1: User MCP API Key (recommended)

Authorization: Bearer mk_XXXXXXXXXXXX...  (64 hex characters)

Scoped to a specific user account. The bot sees only that user's data.

Option 2: Cognito JWT Token

Authorization: Bearer eyJraWQi...  (JWT id_token)

Obtained via POST /auth/login. Expires in 1 hour.

Option 3: Admin API Key

Authorization: Bearer <admin_api_key>

Full access to all data. Only for system administrators.

Obtaining a JWT Token

POST https://api.meni.ge/mcp/auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "password123"
}

Response:

{
  "idToken": "eyJraWQi...",
  "accessToken": "eyJraWQi...",
  "refreshToken": "eyJjdHki...",
  "expiresIn": 3600,
  "tokenType": "Bearer"
}

MCP Protocol

Initialize

POST https://api.meni.ge/mcp
Authorization: Bearer <token>
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "initialize",
  "params": {
    "protocolVersion": "2024-11-05",
    "capabilities": {},
    "clientInfo": { "name": "my-bot", "version": "1.0" }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "protocolVersion": "2024-11-05",
    "capabilities": { "tools": {} },
    "serverInfo": { "name": "meni-user-data-mcp", "version": "1.0.0" }
  }
}

List Tools

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/list",
  "params": {}
}

Call Tool

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "tools/call",
  "params": {
    "name": "tool_name",
    "arguments": { ... }
  }
}

Response on success:

{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [
      { "type": "text", "text": "{\"key\": \"value\"}" }
    ]
  }
}

Response on error:

{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [
      { "type": "text", "text": "error message" }
    ],
    "isError": true
  }
}

Endpoints

All paths are relative to https://api.meni.ge/mcp.

Complete Tool Reference

Access Levels

• USER — Available to all authenticated users (data scoped to own account)
• ADMIN — Available only to administrators (full access)

Self-Service Tools

whoami

Access: USER — Arguments: none
Returns: userId, email, userRole, authMethod

my_profile

Access: USER — Arguments: none
Returns: full user profile from S3

update_my_profile

Access: USER

my_locations

Access: USER — Arguments: none
Returns: array of user's locations

my_orders

Access: USER

my_images

Access: USER

User Profiles

list_users

Access: ADMIN

get_user_profile

Access: USER (own) / ADMIN (any)

update_user_profile

Access: ADMIN

search_user_by_email

Access: ADMIN

Locations

list_locations

Access: USER (own) / ADMIN (any)

get_location_profile

Access: USER (own) / ADMIN (any)

Returns: status, displayName, phone, address, facebookUrl, instagramUrl, domainName, settings (currency, country, defaultLanguage, publicMenuEnabled, serviceChargeEnabled), workingHours.

update_location_profile

Access: USER (own) / ADMIN (any)

Changes are synced to CDN automatically. Do NOT use this to change domainName — use set_location_domain instead.

get_location_menu

Access: USER (own) / ADMIN (any)

Returns full menu with categories and enriched items (names, prices, translations).

Menu Items

list_menu_items

Access: USER (own) / ADMIN (any)

With categoryId: returns full item data (name, price, translations). Without: returns item/category ID pairs.

get_menu_item

Access: USER (own) / ADMIN (any)

Returns full details: name, description, price, translations, tags, variantGroups, addons, image info.

update_menu_item

Access: USER (own) / ADMIN (any)

Changes sync automatically to CDN and userprofile.json.

create_menu_item

Access: USER (own) / ADMIN (any)

create_menu_category

Access: USER (own) / ADMIN (any)

update_menu_category

Access: USER (own) / ADMIN (any)

Updates group-item.json (global + user), menu.location.json, and userprofile.json.

move_menu_item

Access: USER (own) / ADMIN (any)

merge_categories

Access: USER (own) / ADMIN (any)

Atomic operation: moves all items, merges nameTranslations, deletes source category.

delete_menu_category

Access: USER (own) / ADMIN (any)

Orders

list_orders

Access: USER (own) / ADMIN (any)

get_order

Access: USER (own domain) / ADMIN (any)

Domains

check_domain_availability

Access: USER

Returns available: true/false with reason. Validates format: 3-63 chars, lowercase alphanumeric and hyphens.

set_location_domain

Access: USER (own) / ADMIN (any)

Validates availability, updates profile, renames CDN files, and updates domain mappings.

list_domains

Access: ADMIN

resolve_domain

Access: USER

CDN

get_cdn_profile

Access: USER

get_cdn_menu

Access: USER

list_cdn_files

Access: USER

invalidate_cdn_cache

Access: ADMIN

Images

list_user_images

Access: USER (own) / ADMIN (any)

get_image_upload_url

Access: USER

Returns a presigned URL valid for 15 minutes. After uploading, the image processing pipeline automatically generates thumbnails and syncs to CDN.

delete_image

Access: USER (own) / ADMIN (any)

S3 (Low-level Storage)

s3_read

Access: USER (own prefix) / ADMIN (any)

s3_write

Access: ADMIN

s3_list

Access: USER (own prefix) / ADMIN (any)

s3_delete

Access: ADMIN

Cognito (User Management)

cognito_list_users

Access: ADMIN

cognito_get_user

Access: ADMIN

System

get_system_stats

Access: ADMIN — Arguments: none
Returns: user count, location count, domain count, etc.

S3 Bucket Reference

Access Control

1. Regular users can only access their own data (enforced by userId)
2. S3 access for regular users is restricted to users/{userId}/ prefix
3. Admin-only tools: list_users, search_user_by_email, update_user_profile, list_domains, invalidate_cdn_cache, s3_write, s3_delete, cognito_list_users, cognito_get_user, get_system_stats
4. For location/menu tools, userId is auto-resolved for regular users (only admins need to specify it)
5. API key management (/api/keys) requires Cognito JWT — API keys cannot manage themselves

Error Handling

Tool Error Messages

Example Session

→ POST /  {"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"bot","version":"1.0"}}}
← 200  {"jsonrpc":"2.0","id":1,"result":{"protocolVersion":"2024-11-05","capabilities":{"tools":{}},"serverInfo":{"name":"meni-user-data-mcp","version":"1.0.0"}}}

→ POST /  {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"whoami","arguments":{}}}
← 200  {"jsonrpc":"2.0","id":2,"result":{"content":[{"type":"text","text":"{\"userId\":\"abc-123\",\"email\":\"user@example.com\"}"}]}}

Client Configuration

Claude Desktop

{
  "mcpServers": {
    "meni": {
      "url": "https://api.meni.ge/mcp",
      "headers": {
        "Authorization": "Bearer <API_KEY>"
      }
    }
  }
}

cURL

curl -X POST https://api.meni.ge/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <API_KEY>" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"whoami","arguments":{}}}'

Python

import requests

resp = requests.post("https://api.meni.ge/mcp",
    headers={"Authorization": "Bearer <API_KEY>", "Content-Type": "application/json"},
    json={"jsonrpc": "2.0", "id": 1, "method": "tools/call",
          "params": {"name": "my_profile", "arguments": {}}})
print(resp.json()["result"]["content"][0]["text"])