Skip to main content
Rigaly ships a remote MCP server so you can run your loyalty program from an AI assistant — look up customers, issue points, validate reward codes, create promotions, and more, all in plain language.

What the assistant can do

The connector exposes the same operations as the Business API, as ~46 tools: Every tool that changes data is marked destructive, so your assistant asks for confirmation before acting.

Connect from Claude

  1. In Claude, open Settings → Connectors → Add custom connector.
  2. Enter https://api.rigaly.com/mcp and follow the prompts.
  3. Claude opens the Rigaly consent screen — sign in with your business account and review the requested access (read for viewing data, write for managing it).
  4. Click Approve. You’re connected — try “What’s my business info on Rigaly?”
Access is scoped to your business only, and you can disconnect at any time from Claude’s settings (or revoke from your dashboard by contacting support).

Connect from other MCP clients

Any MCP client that supports Streamable HTTP + OAuth 2.1 can connect the same way — the server publishes standard discovery metadata:
For development tools that pass headers directly (e.g. Claude Code, MCP Inspector, custom agents), you can skip OAuth and authenticate with a Business API key instead:
API-key connections always carry full read + write access.

Let your coding agent set it up

Coding agents (Claude Code, Cursor, and similar) can configure the connection themselves — paste this prompt:
Only do this in tools you trust with your API key, and use a dedicated key you can revoke from Dashboard → API if needed.

Scopes and safety

  • read — view customers, balances, rewards, promotions, raffles, levels, reviews, transactions, devices, and code-batch stats.
  • write — issue/deduct points, complete redemptions, and create/update/delete rewards, promotions, raffles, levels, code batches, and the review questionnaire.
If you grant only read at the consent screen, write tools politely refuse. On top of scopes, all Business API protections still apply: your assistant can only ever see your own business, all inputs are validated server-side, rate limits are enforced per connection, and points issued through the connector are billed exactly like PTS or API transactions.
Access tokens expire after 1 hour and refresh automatically. Revoking a connection immediately invalidates its tokens.