The Problem: API Sprawl Kills AI Agent Productivity
Every AI agent builder hits the same wall. You want your agent to answer a simple business question like "What was our revenue last month?" But the data sits in Stripe. And Quickbooks. And Shopify.
That's three different APIs. Three authentication flows. Three different data models. Scale to 10 tools and you're maintaining a Frankenstein of API integrations that breaks every time one service changes its schema.
Our Solution: One MCP Endpoint, 36 APIs
We built CorpusIQ — a read-only MCP endpoint that normalizes 36 business APIs behind a single connection.
Your AI agent (Claude, Cursor, Hermes, any MCP client) connects once and gets access to:
- Payments: Stripe
- Accounting: Quickbooks, Xero
- E-commerce: Shopify, WooCommerce, Amazon Seller
- CRM: HubSpot, Salesforce
- Analytics: GA4, Meta Ads, Google Ads
- Email: Gmail, Outlook
- Database: PostgreSQL, MySQL, MongoDB
- And 23 more connectors
Architecture Decisions
1. Read-Only by Design
We never write to your systems. Ever. This was non-negotiable. AI agents make mistakes and we refuse to be the vector for a bad write operation. Every connector is read-only at the API permission level.
2. OAuth 2.0 Device Flow
Traditional OAuth requires a browser callback. AI agents running in terminal or headless environments don't have browsers. We implemented RFC 8628 — the Device Authorization Grant.
Your agent initiates a connection, we return a device code, you verify once via any browser or phone, and the agent gets a persistent refresh token. No passwords exposed. No browser required after first auth.
3. Single Endpoint
Every AI agent framework (Claude Desktop, Cursor, Hermes, Windsurf, Roo Code) uses MCP. We expose one URL:
{
"mcpServers": {
"corpusiq": {
"url": "https://www.corpusiq.io/mcp/direct-connection"
}
}
}
One config block. 36 tools. Done.
4. Cross-Source Queries
Queries that span multiple data sources work automatically. Ask "Compare Stripe revenue to Shopify orders for Q1" and the endpoint queries both APIs, normalizes the responses, and returns merged results.
What We Learned
The Hard Part Isn't the APIs
The hard part is normalization. Every API has different field names, date formats, and pagination patterns. Stripe calls it "amount" in cents. Shopify calls it "total_price" in dollars. Quickbooks calls it "TotalAmt" — yes, PascalCase in 2026.
We built a normalization layer that maps every field to a consistent schema. This was 80% of the work.
The MCP Protocol Is Solid
MCP gives agents structured access to tools. Our agents can call tools/list to discover available data sources, then tools/call with natural language parameters. The protocol handles authentication, error propagation, and rate limiting cleanly.
Security Matters from Day One
We have had security researchers poke at the read-only guarantee within hours of launch. Good. We built this with the assumption that every agent is potentially compromised. Scoped OAuth tokens. Audit logging. No write paths anywhere in the codebase.
What's Next
We are adding connectors based on community requests. Current top asks: Notion, Airtable, Linear, and Snowflake.
All documentation is open at github.com/CorpusIQ/corpusiq-docs.
We just launched on Product Hunt — would love your feedback.
What business API would you want connected to your AI agent? Drop a comment.
Top comments (0)