SignetsSIGNETS
← BACK TO BLOG
TUTORIALJanuary 17, 2026

Building a Truly Autonomous Financial Stack - Connecting MCP Servers to Agent Cards

Step-by-step tutorial for adding payments to AI agents using Signets's MCP server with Claude Desktop or Cursor. Code examples included.

Signets
Signets Team
5 min read

Your AI agent can browse the web, write code, and manage files. But the moment it needs to buy something - cloud credits, API access, a domain name - it hits a wall. It has to ask you to pull out your credit card.

MCP (Model Context Protocol) is an open standard that lets LLMs discover and invoke external tools through a standardized interface. Think of it as a USB-C port for AI: one protocol, many capabilities. Signets's MCP server gives your agent those missing financial capabilities - checking balances, creating cards, declaring purchase intent, and reviewing transactions.

This tutorial walks through connecting Signets's MCP server to Claude Desktop or Cursor, then shows a real purchase flow from start to finish.

Prerequisites

Before you begin:

  • A Signets account with API key (get one at app.usesignets.ai)
  • Claude Desktop or Cursor installed
  • A funded Signets wallet

Step 1: Configure the MCP Server

Signets's MCP server runs at https://mcp.usesignets.ai/api/mcp. You'll add it to your MCP client configuration with your API key for authentication.

Claude Desktop

Open your Claude Desktop config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

Add the Signets server configuration:

{
  "mcpServers": {
    "signets": {
      "url": "https://mcp.usesignets.ai/api/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SIGNETS_API_KEY"
      }
    }
  }
}

Restart Claude Desktop. The Signets tools will auto-discover on startup.

Cursor

Open Cursor settings and navigate to the MCP configuration section. Add the same server block:

{
  "mcpServers": {
    "signets": {
      "url": "https://mcp.usesignets.ai/api/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SIGNETS_API_KEY"
      }
    }
  }
}

Save and restart Cursor to load the new tools.

Step 2: Available Tools Overview

Once connected, your agent gains access to six core tools for financial operations:

signets_status

Check wallet balance, verification status, and spending eligibility. Your agent should call this before attempting any purchase to confirm funds are available.

signets_status()

Returns:
- balance: current wallet balance in cents
- verified: KYC verification status
- spend_eligible: whether the wallet can make purchases

signets_card

Create, list, freeze, close cards and retrieve card details. Each card can have its own spending limits, merchant restrictions, and expiration rules.

signets_card(action: "create", params: {
  spending_limit: 5000,
  merchant_lock: "aws.amazon.com",
  expires_in: "24h"
})

signets_intent

Declare and list spending intents. An intent is a signed attestation of what the agent plans to purchase, from which merchant, and for how much. This creates an audit trail before any money moves.

signets_intent(action: "declare", params: {
  description: "AWS EC2 credits for dev environment",
  amount: 5000,
  merchant: "aws.amazon.com"
})

signets_transactions

Query transaction history with filters for date range, merchant, card, and status. Essential for reconciliation and debugging failed purchases.

signets_transactions(filters: {
  card_id: "card_abc123",
  status: "completed",
  limit: 10
})

signets_onboarding

Get KYC verification links and deposit instructions. If signets_status shows the wallet isn't verified or funded, use this tool to get the URLs needed to complete setup.

signets_challenges

Retrieve 3DS OTP codes for transactions that require additional authentication. Some merchants trigger 3D Secure challenges - this tool fetches the verification codes sent to the wallet.

Step 3: A Complete Purchase Flow

Let's walk through a real scenario: your agent needs to purchase $50 in AWS credits.

1. Check wallet status

The agent first confirms funds and eligibility:

Agent: signets_status()

Response: {
  "balance": 15000,
  "verified": true,
  "spend_eligible": true
}

Balance shows 15000 cents ($150). The agent has enough for a $50 purchase.

2. Declare intent

Before requesting card credentials, the agent declares what it plans to buy:

Agent: signets_intent(action: "declare", params: {
  "description": "AWS credits for compute resources",
  "amount": 5000,
  "merchant": "aws.amazon.com"
})

Response: {
  "intent_id": "int_7x9k2m",
  "status": "declared",
  "expires_at": "2026-01-17T12:00:00Z"
}

This intent is now logged. Any subsequent transaction will be matched against it.

3. Create a dedicated card

The agent requests a card locked to the specific merchant and amount:

Agent: signets_card(action: "create", params: {
  "spending_limit": 5000,
  "merchant_lock": "aws.amazon.com",
  "intent_id": "int_7x9k2m",
  "single_use": true
})

Response: {
  "card_id": "card_3f8h2j",
  "status": "active",
  "last_four": "4829",
  "expires": "01/27"
}

The card is created with a $50 limit, locked to AWS, and linked to the declared intent. The single_use flag ensures it can't be reused after one successful charge.

4. Execute the purchase

The agent now has what it needs to complete the purchase on aws.amazon.com. The actual card credentials are injected securely at the browser or API layer - the LLM never sees the raw card number, CVV, or billing details.

5. Verify the transaction

After the purchase completes, the agent confirms success:

Agent: signets_transactions(filters: {
  "intent_id": "int_7x9k2m"
})

Response: {
  "transactions": [{
    "id": "txn_9k3m5p",
    "amount": 5000,
    "merchant": "AMAZON WEB SERVICES",
    "status": "completed",
    "intent_id": "int_7x9k2m",
    "card_id": "card_3f8h2j",
    "created_at": "2026-01-17T10:32:15Z"
  }]
}

The transaction is logged, linked to both the intent and the card. Your audit trail is complete.

Security: Credential Isolation

A critical design principle: the LLM never handles raw card credentials. Here's why that matters:

  • Card numbers, CVVs, and billing addresses are injected at the secure execution layer
  • The agent receives only card IDs and last-four digits for reference
  • Even if conversation logs are compromised, no usable payment credentials are exposed
  • Credentials are generated just-in-time and can be single-use

This separation means you can give agents financial capabilities without giving them financial secrets.

Emergency Controls

If something goes wrong, freeze the card immediately:

Agent: signets_card(action: "freeze", params: {
  "card_id": "card_3f8h2j"
})

Response: {
  "card_id": "card_3f8h2j",
  "status": "frozen",
  "frozen_at": "2026-01-17T10:45:00Z"
}

A frozen card rejects all authorization attempts instantly. You can unfreeze it later or close it permanently.

Next Steps

You now have a working financial stack for your AI agents. From here:

  • Set up webhooks for real-time transaction alerts
  • Configure policies for automatic spend limits
  • Explore admin tools for multi-agent management

The full MCP server documentation is at docs.usesignets.ai/mcp/introduction. If you're building something interesting with agent payments, reach out at hello@signets.ai.

Related
AGENT CARD PRICINGMCP FOR PAYMENTSSPEND CONTROL SKILLS

Looking for agent spending controls? Start with MCP + skills, then choose a plan that fits your workload.

Ready to get started?

Issue your first virtual card in minutes.

START FREEMORE POSTS