Skip to main content
Give any MCP-capable AI client direct, tenant-isolated access to your company’s books. The LAC MCP server exposes the same capabilities as the REST API — books, VAT, statements, documents, invoicing, and Björn — as 31 typed tools.
Endpointhttps://api.app.lastaccountingcompany.com/mcp
TransportStreamable HTTP, stateless (MCP spec 2025-11-25)
AuthOAuth (hosted clients) or a portal API key as a bearer token: Authorization: Bearer lac_sk_...

Authentication

Two ways in:
  • OAuth — for hosted clients like claude.ai and ChatGPT. Add the endpoint URL in your assistant’s connector settings; it walks you through signing in with your normal LAC portal account (Google) and authorizing. On the consent screen you pick which business the connection is for — accounts with access to multiple businesses choose one business per connection. OAuth connections act with operator access: they can read the books and statements, upload documents, draft and send invoices, and message Björn — never approve payroll, change company settings, or manage access or keys, no matter your own portal role.
  • Portal API key — for clients that send custom headers (Claude Code, Cursor, VS Code, the OpenAI Responses API, anything speaking streamable HTTP). Create one in Settings → API access (see getting started) and send it as a bearer token. Like OAuth connections, keys are minted per business. The tools you see follow the key’s scope: read-scope keys see only the read tools; write-scope keys see all 31.

Connect a client

claude.ai (web)

In claude.ai: Settings → Connectors → Add custom connector, and enter:
https://api.app.lastaccountingcompany.com/mcp
Claude opens the LAC sign-in (your normal Google portal login) and asks you to authorize and pick the business. Disconnecting the connector in Claude ends its access.

ChatGPT (web)

In ChatGPT: Settings → Connectors (requires developer mode / a plan with custom connectors) → add the same URL. ChatGPT runs the same OAuth sign-in.

Claude Code

claude mcp add --transport http lac \
  https://api.app.lastaccountingcompany.com/mcp \
  --header "Authorization: Bearer lac_sk_..."
Then ask, for example: “What’s our VAT position for June?”

Cursor

Add to ~/.cursor/mcp.json (or the project’s .cursor/mcp.json):
{
  "mcpServers": {
    "lac": {
      "url": "https://api.app.lastaccountingcompany.com/mcp",
      "headers": {
        "Authorization": "Bearer lac_sk_..."
      }
    }
  }
}

VS Code

Add to .vscode/mcp.json in your workspace:
{
  "servers": {
    "lac": {
      "type": "http",
      "url": "https://api.app.lastaccountingcompany.com/mcp",
      "headers": {
        "Authorization": "Bearer lac_sk_..."
      }
    }
  }
}

OpenAI API (Responses)

response = client.responses.create(
    model="gpt-5",
    tools=[{
        "type": "mcp",
        "server_label": "lac",
        "server_url": "https://api.app.lastaccountingcompany.com/mcp",
        "authorization": "lac_sk_...",
        "require_approval": "always"
    }],
    input="Which invoices are overdue, and by how much?"
)

Generic JSON

For any client that takes a standard MCP server config:
{
  "mcpServers": {
    "lac": {
      "type": "streamable-http",
      "url": "https://api.app.lastaccountingcompany.com/mcp",
      "headers": {
        "Authorization": "Bearer lac_sk_..."
      }
    }
  }
}
The server is stateless — no session setup, safe to retry.

Tool reference

31 tools (18 read / 13 write). Read tools are available to every key; write tools appear only for write-scope keys and OAuth connections.

Read tools (all keys)

CategoryToolDescription
Companyget_company_profileCompany profile: name, business ID (Y-tunnus), VAT period cadence.
Companyget_overviewDashboard in one call: key metrics, attention items, books readiness.
Companyget_agent_statusBjörn’s live status and document-ingest progress.
Booksget_booksGeneral-ledger rows, paginated; range accepts YYYY-MM, YYYY-Qn, YYYY, or this_month.
Booksget_vatThe VAT view for a period.
Statementsget_financial_statementsIncome statement, balance sheet, or cash-flow statement as a nested tree of lines.
Statementsdrill_statement_lineThe transactions behind one or more account codes on a statement line.
Statementsget_analyticsTime series over the books for a range.
Documentslist_documentsUploaded evidence and the ingest state of each document.
Messaginglist_messagesThe conversation history with Björn; limit returns the most recent N messages (default 50).
Filingsget_filingsVAT preview, drafts, filed returns, and the standing authorization state.
Filingslist_output_packagesPublished VAT, financial-statement, and CIT output packages.
Invoicinglist_invoicesSales invoices with their statuses; limit caps each list (default 100).
Invoicingget_invoiceOne invoice in full detail.
Invoicinglist_invoice_customersThe billing-customer party book.
Invoicinglist_recurring_invoicesRecurring invoice templates.
Connectionslist_connectionsHealth of bank, Stripe, Procountor, Fennoa, inbox, and Sheets connections.
Importslist_importsMigration/import runs and their statuses.

Write tools (write-scope keys)

CategoryToolDescription
Documentsupload_documentsUpload base64-encoded files into the document-ingest pipeline.
Documentsupdate_documentRename a document or attach a context note for bookkeeping.
Documentsdelete_documentDelete an uploaded document. Destructive.
Messagingsend_messageSend a message to Björn, the AI accountant.
Filingsrequest_filing_reviewAsk LAC to review a filing period.
Filingsset_filing_authorizationSet or withdraw the standing authorization for LAC to file on the company’s behalf.
Invoicingcreate_invoice_draftDraft a sales invoice (amounts in cents, VAT rates in basis points); drafting never sends anything.
Invoicingsend_invoiceSend a drafted invoice to the customer. Destructive: external delivery.
Invoicingcreate_credit_noteCreate a credit note against a sent invoice. Destructive.
Invoicingrequest_payment_reminderRequest a payment reminder for an open invoice.
Invoicingupsert_invoice_customerCreate or update a billing customer in the party book.
Connectionstrigger_connection_syncTrigger a data sync on an existing connection.
Connectionsrequest_service_connectionAsk LAC to set up a service connection, e.g. a Suomi.fi mandate.

Security

  • Use read-only keys for analysis agents. A key with read scope exposes only the 18 read tools — the agent physically cannot send an invoice or delete a document.
  • Keep a human in the loop for destructive tools. send_invoice, create_credit_note, and delete_document are annotated destructive in the tool definitions; configure your client to require confirmation before calling them (most clients respect the annotation by default).
  • Mind prompt injection when combining servers. If an agent has the LAC server alongside other MCP servers or web access, content fetched from elsewhere could try to steer it into calling LAC write tools. Prefer read-only keys in mixed-tool setups, and review write actions.
  • Revoke instantly. Keys are revoked in the portal under Settings → API access; a revoked key loses MCP access immediately. OAuth connections end when you disconnect the connector in the client.
  • API keys are company credentials, not personal ones — they keep working if the person who created them leaves. Revoke or rotate keys in Settings → API access when an admin departs.
  • Tenant isolation and audit. Every tool call is scoped to the key’s company and audited, like every REST request.

What’s deliberately not exposed

Some actions require an interactive admin or approver in the portal and are not available as MCP tools or to API keys at all:
  • Payroll entirely (read and write) — payroll data and actions require an admin/approver in the portal UI.
  • Company settings changes.
  • Member and access management — inviting people, changing roles.
  • API key management — a key can never mint or revoke keys.
This is the same boundary as the REST API: agents can prepare and inform; humans approve.