@codespar/mcp-banco-do-brasil
Advanced tools
MCP server for Banco do Brasil — Brazil's top public bank. Pix, Cobrança (boleto), Conta-Corrente, and Arrecadação via BB's Developer Portal APIs (OAuth2 + mTLS).
MCP server for Banco do Brasil — Brazil's top public bank.
BB exposes one of the broadest public-bank API surfaces in the country across Pix, Cobranças, Conta-Corrente, Open Finance, and Arrecadação. Merchants doing high-volume Pix and boleto operations integrate directly with BB instead of going through a PSP.
0.1.0-alpha.1)BB's Developer Portal is contract-gated — the full OpenAPI specs are visible only after merchant onboarding. Pix paths follow the BACEN Pix v2 standard; boleto, account, and statement paths are best-guesses based on BB's public marketing pages and conventions shared with peers (Itaú, Santander, Bradesco). Every unverified path is flagged TODO(verify) in src/index.ts. Pin to exact versions during 0.1.x.
| Tool | Purpose |
|---|---|
create_pix_cob | Create immediate Pix charge (cob) |
get_pix_cob | Get an immediate Pix charge by txid |
list_pix_cob | List immediate Pix charges by date range |
create_pix_devolucao | Refund a received Pix (devolução) |
get_pix_devolucao | Retrieve a devolução by id |
resolve_dict_key | Resolve a DICT key to account data |
register_dict_key | Register a DICT key on a BB account |
delete_dict_key | Delete a DICT key owned by the merchant |
register_boleto | Issue a boleto via BB Cobranças |
get_boleto | Retrieve a boleto by nosso_numero |
cancel_boleto | Cancel (baixa) an outstanding boleto |
get_account_balance | Conta-corrente balance |
get_statement | Account statement transactions |
npm install @codespar/mcp-banco-do-brasil@0.1.0-alpha.1
BB_CLIENT_ID="..." # OAuth client_id from developers.bb.com.br
BB_CLIENT_SECRET="..." # OAuth client_secret
BB_DEVELOPER_APP_KEY="..." # gw-dev-app-key — required on most calls
BB_CERT_PATH="/abs/path/client.crt" # mTLS cert (production only)
BB_KEY_PATH="/abs/path/client.key" # mTLS key (production only)
BB_ENV="sandbox" # or "production" (default: sandbox)
client_credentials — token endpoint at oauth.{env}.bb.com.br. Bearer cached until ~60s before expiry.gw-dev-app-key — BB API gateway key, appended as a query param on all calls.npx @codespar/mcp-banco-do-brasil
MIT
FAQs
MCP server for Banco do Brasil — Brazil's top public bank. Pix, Cobrança (boleto), Conta-Corrente, and Arrecadação via BB's Developer Portal APIs (OAuth2 + mTLS).
We found that @codespar/mcp-banco-do-brasil demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.
Security News
RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.
Security News
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.