{"id":"sin4ch-mono-mcp","name":"mono-mcp","homepage":"https://mono-banking-mcp.fastmcp.app/mcp","repo_url":"https://github.com/sin4ch/mono-mcp","category":"api-gateway","subcategories":[],"tags":["mcp","fastmcp","openbanking","webhooks","payments","fintech","python","ai-agents"],"what_it_does":"Provides a Model Context Protocol (MCP) server exposing Nigerian banking-related tools (e.g., account linking, balance/info, BVN lookup, payments, transaction history) and a webhook endpoint (/mono/webhook) for real-time banking events with HMAC signature verification and storage for later retrieval.","use_cases":["Connect an AI assistant via MCP to perform banking operations (balance, account info, transactions)","Verify BVN and recipient account details before initiating payments","Initiate payments and check payment status via MCP tools","Ingest and inspect real-time banking webhook events for audit/debugging","Build agent workflows that react to banking events using stored webhook data"],"not_for":["Handling highly sensitive operations without proper secret management and operational security review","Production deployments without validating webhook verification, persistence integrity, and failure modes against your specific threat model","Use cases requiring fine-grained regulatory/compliance guarantees that are not documented here"],"best_when":"You want an agent-friendly MCP interface for a banking integration and you can run/host the MCP server (or use the provided hosted FastMCP Cloud URL) with correct environment secrets.","avoid_when":"You need a fully documented REST/OpenAPI-based public API surface or documented rate-limit/retry semantics; or you cannot control and audit webhook security and database storage behavior.","alternatives":["Use the Mono Open Banking API directly (via your own client) and implement MCP wrapping yourself","Build an MCP server around a different integration layer that offers clearer OpenAPI specs/SDKs","Use webhook-to-queue + internal service approach, then expose internal endpoints via MCP"],"af_score":55.2,"security_score":56.2,"reliability_score":20.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:18:56.769740+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"https://mono-banking-mcp.fastmcp.app/mcp","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["HMAC-SHA256 signature verification for webhook authenticity (server-side)"],"oauth":false,"scopes":false,"notes":"The README emphasizes HMAC verification for incoming webhooks and environment-based secrets, but does not clearly specify how the MCP client/agent is authenticated to the MCP server or what auth methods/scopes apply for MCP tool calls."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information is provided for the MCP server or FastMCP Cloud hosting in the given content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.2,"security_score":56.2,"reliability_score":20.0,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":80.0,"auth_strength":60.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":65.0,"security_notes":"Mentions HMAC-SHA256 signature verification for webhook authenticity and environment-based secrets. However, MCP-side authentication/authorization and scope granularity for tool calls are not documented here. Also, webhook event storage is described at a high level (SQLite/database), but details about access control, retention, encryption, and deduplication are not provided.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":0.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"Uses limit/page parameters for get_transaction_history.","retry_guidance_documented":false,"known_agent_gotchas":["Webhook-driven workflows may depend on reliable webhook delivery and event storage; without documented replay/deduplication semantics, agents could see duplicate events.","No documented guidance on rate limits, retries, or idempotency for payment initiation/verification tools.","If webhook secrets are misconfigured, events may be rejected (behavior not fully specified)."]}}