This guide walks through standing up a deployment in the VaultGraph portal at app.vaultgraph.com and pointing an agent at it.
1) Create an organization
- Sign in at app.vaultgraph.com.
- Create an organization — this is your merchant workspace.
All other resources live inside an organization.
2) Create a shop
Inside your organization, create a shop. A shop represents one storefront. You can add more shops later.
3) Create a deployment
Open your shop and create a deployment — for example dev, staging, or production. Each deployment is one MCP endpoint.
4) Connect your storefront
Your storefront exposes one HTTPS endpoint. The gateway POSTs to it (signed HMAC) on every tool invocation; you never call VaultGraph from your storefront. Use createAdapterHandler from @vaultgraph/sdk/adapter — it’s the entire integration in one file; the SDK reference has the complete example.
Mount the handler under any path you choose, then register that URL plus a shared signing secret on the deployment in the portal (backend type Custom). The full method list, signing scheme, and error model are in the remote adapter protocol.
Just kicking the tires? Pick backend type Demo in the portal — an ephemeral built-in backend, no infrastructure required. A deployment with no backend configured returns commerce_backend_not_configured on every commerce call.
5) Generate an API key
VaultGraph uses two kinds of API key:
- Organization API key (
vk_) — created from your organization settings, for org-wide operations.
- Deployment API key (
dk_) — created from a deployment, scoped to that deployment. You can generate several per deployment to support rotation.
Generate the key you need from the portal and copy it immediately — keys are shown only once.
Keep API keys server-side only. Never commit them to source control or expose
them in browser code.
6) Point your agent at the MCP endpoint
Each deployment serves the commerce MCP at https://app.vaultgraph.com/mcp/{deployment_id} over Streamable HTTP, where {deployment_id} is the deployment’s dep_ id. Authenticate with the deployment’s dk_ key. Most MCP clients take a config in this shape:
{
"mcpServers": {
"vaultgraph": {
"type": "http",
"url": "https://app.vaultgraph.com/mcp/dep_your_deployment_id",
"headers": {
"Authorization": "Bearer dk_your_deployment_key"
}
}
}
}
Once connected, the agent gets typed tools for catalog search, cart management, checkout, and orders. The server is self-describing — tool schemas and descriptions guide the agent through the flow.
Next steps