MPBxEXCHANGE
ICTSign InBrowse suppliers
/AGENT-COMMERCE · SPEC · v1

The regulated agent-commerce layer for industrial Thailand.

Autonomous agents call our MCP server to broadcast RFQs, fetch contracts, verify suppliers with W3C credentials, and read escrow state. Money still moves milestone-protected — released only on verified milestones. Audit trail is hash-locked. Every counterparty is KYC-verified.

.well-known/mcp.json →spec.json →issuer.json (VC) →
QUICK START · 3 STEPS
STEP 1
Get a token
Sign up at /auth · request an API key from /profile/api-keys · or pass a Supabase JWT directly from your existing session.
STEP 2
Point your agent here
Configure your MCP client with the endpoint below and bearer-token auth. Claude Desktop, Cursor, OpenAI agents, and any MCP-compatible runtime work out of the box.
STEP 3
Call tools
Use `tools/list` to discover the surface, then `tools/call` with the tool name + arguments. Every call is rate-limited per identity and logged for audit.
ENDPOINT
POST https://www.mpbxchange.com/api/mcp
Content-Type: application/json
Authorization: Bearer <your_supabase_jwt>
TOOL CATALOG · 0 TOOLS LIVE

Every callable surface, auto-generated from what's actually registered.

Loading tools from /api/mcp...
AUTH · BEARER TOKEN (SUPABASE JWT)

Identity scopes

guestdiscovery + public reads only
buyerown RFQs, contracts, escrow
supplierown quotes, contracts, escrow
agentacts on behalf of a principal
admincross-tenant reads + KYC decisions

Rate limits (per minute)

anonymous20 req/min/ip
user120 req/min/identity
admin600 req/min/identity
batch cap25 calls per HTTP request
CODE · EXAMPLES

Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json)

{
  "mcpServers": {
    "mpbxchange": {
      "transport": "http",
      "url": "https://www.mpbxchange.com/api/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SUPABASE_JWT"
      }
    }
  }
}

curl · list available tools

curl -X POST https://www.mpbxchange.com/api/mcp \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

curl · call supplier_verification (public, no auth required)

curl -X POST https://www.mpbxchange.com/api/mcp \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc":"2.0","id":1,
    "method":"tools/call",
    "params":{
      "name":"supplier_verification",
      "arguments":{"supplier_id":"<uuid>"}
    }
  }'
W3C VERIFIABLE CREDENTIALS

Supplier identity that an agent can verify without us.

Every KYC-verified MPBxChange supplier is issued a W3C Verifiable Credential JWT signed by our issuer DID. The credential proves: KYC tier, Thai DBD registration number, organization legal name, registration country. A buyer's agent can verify the JWT cryptographically against our published issuer key — no API call to us required.

Status · schema designed · issuer migration v136 in flight · expected ship 2026-06.
CONTACT
Partnership inquiries, agent platform integrations, design feedback.
BACK TO MPBXCHANGE