claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// MCP Servers

lexware-mcp

Open-source, self-hostable MCP server for the Lexware Office (lexoffice) accounting API — comprehensive coverage: contacts, articles, bookkeeping vouchers, t…

// MCP Servers[ api ][ desktop ][ web ][ claude ]#claude#accounting#chatgpt#cloud-run#lexoffice#lexware#mcp#model-context-protocol#mcp-serversMIT$open-sourceupdated 15 days ago
Actively maintained
100/100
last commit 3 days ago
last release 3 days ago
releases 2
open issues 0
// install
{
  "mcpServers": {
    "lexware-mcp": {
      "command": "npx",
      "args": ["-y", "https://github.com/marselsel/lexware-mcp"]
    }
  }
}

Lexware Office MCP Server

An open-source, self-hostable MCP server for the Lexware Office accounting API. Run your own instance, connect it to Claude, and let an agent read your invoices, vouchers, contacts and articles — and (optionally) draft new ones.

Bring your own Lexware API key — the server is single-tenant per deployment and never stores anyone else's credentials. It runs as a remote HTTP server on any container host, built with the Skybridge framework.

Two authentication methods — choose one:

  • OAuth 2.1 — required to use this as a web MCP server / custom connector in the Claude app, claude.ai web, or ChatGPT (those clients accept only OAuth).
  • Static bearer token — simpler, but works only with Claude Code / Claude Desktop (which let you send a request header); the web custom-connector UI does not support it.

Setup for both is in the Client support & authentication section below.

Related projects — local (stdio) Lexware MCP servers: lazyants/lexware-mcp-server, JannikWempe/mcp-lexware-office.

⚠️ This brokers real accounting data. Read SECURITY.md, protect your tokens, and note that finalized invoices are legally binding — you are responsible for their tax/legal correctness. No warranty (MIT).

Capabilities

65 tools across three tiers you enable via environment variables:

TierDefaultWhat it covers
Readalways onProfile; contacts & articles (list/get); the voucherlist; full documents (invoices, quotations, credit notes, order confirmations, delivery notes, dunnings, down-payment invoices, vouchers); render any document type to PDF and download files/receipts (returned inline as embedded resources); batch & type-dispatched reads (get-vouchers, get-document, get-voucher-file, get-document-file); payments; reference data (countries, payment conditions, posting categories, print layouts); recurring templates (get & list); event subscriptions; document deeplinks
Drafts/writes (LEXWARE_ENABLE_DRAFTS)onCreate and update draft invoices/quotations/credit-notes/order-confirmations/delivery-notes/dunnings; create & update contacts, articles, and bookkeeping vouchers; upload files and attach receipts to vouchers; create event subscriptions; optionally issue documents finalized (finalize=true, requires LEXWARE_ENABLE_FINALIZE) or as follow-ups (precedingSalesVoucherId)
Finalize (LEXWARE_ENABLE_FINALIZE)offIssue legally binding finalized documents (confirmation-gated); irreversible deletes (articles, event subscriptions)

Set LEXWARE_READ_ONLY=true to force read-only (overrides the flags above).

Client support & authentication

The server supports two ways to protect /mcp, chosen by environment:

  • OAuth 2.1 (OAUTH_ISSUER, …) — the recommended path. Use any OAuth provider (e.g. WorkOS AuthKit, Stytch, Auth0, Clerk; or self-hosted Keycloak/Zitadel) as the authorization server. This makes the server work as a custom connector in the Claude app, on claude.ai web, and in ChatGPT, with a real sign-in. Optionally restrict access with OAUTH_ALLOWED_EMAIL_DOMAINS (enforced server-side via the token's email / the provider's userinfo endpoint).
  • Static bearer token (MCP_AUTH_TOKEN) — the simpler fallback. Works with Claude Code and Claude Desktop (which let you set a request header), but not the custom connector UI / claude.ai web / ChatGPT (those require OAuth).

OAuth takes precedence when OAUTH_ISSUER is set; otherwise the static token is used. With neither set, the server refuses to start unless MCP_ALLOW_UNAUTHENTICATED=true.

Connecting as a custom connector (OAuth)

  1. In your provider, create an app, enable Dynamic Client Registration (or pre-register Claude's redirect https://claude.ai/api/mcp/auth_callback), and set this server's URL as the Resource Indicator / audience.
  2. Deploy with OAUTH_ISSUER, OAUTH_RESOURCE (= the public URL), and optionally OAUTH_ALLOWED_EMAIL_DOMAINS.
  3. In the Claude app → Connectors → Add custom connector, enter the server URL (https://…/mcp). Claude discovers the authorization server via /.well-known/oauth-protected-resource and walks you through sign-in.

Quick start (Docker)

git clone https://github.com/marselsel/lexware-mcp && cd lexware-mcp
cp .env.example .env          # set LEXWARE_API_KEY and MCP_AUTH_TOKEN
docker compose up --build     # serves on http://localhost:8080/mcp

Generate a strong auth token:

openssl rand -hex 32

Without Docker:

npm install
npm run build
LEXWARE_API_KEY=... MCP_AUTH_TOKEN=... npm start

Configuration

Env varDefaultPurpose
LEXWARE_API_KEY— (required)Your Lexware API key (create one)
OAUTH_ISSUEROAuth authorization-server issuer URL. Setting it enables OAuth mode¹
OAUTH_RESOURCE / SERVER_URLThis server's public URL (token audience / Resource Indicator). Required in OAuth mode
OAUTH_ALLOWED_EMAIL_DOMAINSComma-separated allow-list of email domains (e.g. example.com)
OAUTH_VERIFY_AUDIENCEtrueVerify the token aud matches OAUTH_RESOURCE. Keep true. Setting false accepts any valid token from the issuer — including one minted for a different app on the same issuer (a confused-deputy risk). Only disable for a dedicated, single-audience issuer that has no Resource Indicator
MCP_AUTH_TOKEN— (required¹)Static bearer token clients send to reach /mcp (used when OAuth is off)
MCP_ALLOW_UNAUTHENTICATEDfalseOpt out of auth (trusted local use only)
LEXWARE_READ_ONLYfalseRegister only read tools (hard override)
LEXWARE_ENABLE_DRAFTStrueEnable create-draft tools
LEXWARE_ENABLE_FINALIZEfalseEnable finalize / legally-binding tools
LEXWARE_API_BASE_URLhttps://api.lexware.ioAPI base URL
LEXWARE_APP_BASE_URLhttps://app.lexware.deWeb-app base for document deeplinks
PORT8080Listen port (your platform may inject this)
LEXWARE_DEBUG_LOGGINGfalseVerbose logs (never secrets/bodies)

¹ The server needs either OAUTH_ISSUER (OAuth) or MCP_AUTH_TOKEN (static). It refuses to start with neither, unless MCP_ALLOW_UNAUTHENTICATED=true.

Connect to Claude (Code / Desktop)

Add to your MCP config (e.g. ~/.claude.json or the Desktop config):

{
  "mcpServers": {
    "lexware": {
      "type": "http",
      "url": "https://<your-host>/mcp",
      "headers": { "Authorization": "Bearer <MCP_AUTH_TOKEN>" }
    }
  }
}

Deploy

The server is a standard Docker container (Dockerfile) — run it on any host that can serve HTTPS (a VPS, Fly.io, Render, Railway, Cloud Run, Kubernetes, …):

docker build -t lexware-mcp .
docker run -p 8080:8080 --env-file .env lexware-mcp

Production notes:

  • Serve over HTTPS (terminate TLS at your platform or a reverse proxy).
  • Set auth via env (OAUTH_ISSUER… or MCP_AUTH_TOKEN) — the server fails closed otherwise.
  • Run a single instance (or cap autoscaling to 1): the ~2 req/s rate limiter is per-process, so multiple instances would aggregate beyond Lexware's limit.
  • Health check: GET /status (returns 200).

Google Cloud Run: a step-by-step recipe (Secret Manager + gcloud run deploy + custom domain) is in docs/cloud-run.md.

How it works

  • src/config.ts — env parsing/validation, fail-closed auth, capability tiers.
  • src/auth.ts — constant-time static-bearer middleware on /mcp.
  • src/lexware/ — rate-limited (~2 req/s, token bucket), retry-aware client with safe error mapping; never retries non-idempotent POSTs on ambiguous failures (no duplicate documents).
  • src/tools/ — tools registered conditionally by tier.
  • src/server.ts — wires it together on the Skybridge Express server.

Development

See CONTRIBUTING.md. npm run dev starts the Skybridge dev server + DevTools at http://localhost:3000.

License

MIT © marselsel.

// compatibility

Platformsapi, desktop, web
Operating systems
AI compatibilityclaude
LicenseMIT
Pricingopen-source
LanguageTypeScript

// faq

What is lexware-mcp?

Open-source, self-hostable MCP server for the Lexware Office (lexoffice) accounting API — comprehensive coverage: contacts, articles, bookkeeping vouchers, the sales-document family (invoices/quotations/credit-notes, draft + finalize), and file/PDF upload & download. OAuth, Cloud Run; connects to Claude & ChatGPT.. It is open-source on GitHub.

Is lexware-mcp free to use?

lexware-mcp is open-source under the MIT license, so it is free to use.

What category does lexware-mcp belong to?

lexware-mcp is listed under finance in the Claudeers registry of Claude-compatible tools.

0 views
23 stars
unclaimed
updated 15 days ago

// embed badge

lexware-mcp on Claudeers
[![Claudeers](https://claudeers.com/api/badge/lexware-mcp.svg)](https://claudeers.com/lexware-mcp)

// retro hit counter

lexware-mcp hit counter
[![Hits](https://claudeers.com/api/counter/lexware-mcp.svg)](https://claudeers.com/lexware-mcp)

// reviews

// guestbook

0/500

// related in MCP Servers

🔓

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete…

// mcp-serversf/HTML164,687NOASSERTION[ claude ]
🔓

A cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io

// mcp-serversfarion1231/Rust112,854MIT[ claude ]
🔓

An open-source AI agent that brings the power of Gemini directly into your terminal.

// mcp-serversgoogle-gemini/TypeScript105,729Apache-2.0[ claude ]
🔓

A collection of MCP servers.

// mcp-serverspunkpeye/90,251MIT[ claude ]
→ see how lexware-mcp connects across the ecosystem