Connect
Optimize
Secure
Payfit MCP Server
for AI Agents
Production-ready Payfit MCP server with 22 extensible actions — plus built-in authentication, security, and optimized execution.
Payfit MCP Server
Built by 
StackOne
StackOne 
Coverage
22 Agent Actions
Create, read, update, and delete across Payfit — and extend your agent's capabilities with custom actions.
Authentication
Agent Tool Authentication
Per-user OAuth in one call. Your Payfit MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →
Security
Agent Protection
Every Payfit tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →
Performance
Max Agent Context. Min Cost.
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Payfit call.
Tools Discovery →What is the Payfit MCP Server?
A Payfit MCP server lets AI agents read and write Payfit data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Payfit MCP server ships with 22 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
All Payfit MCP Tools and Actions
Every action from Payfit's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
Collaborators
- Create Collaborator
Create a new collaborator (employee) and return their ID. The collaborator won't have a contract initially and won't appear in the PayFit app until a contract is created.
- List Collaborators
Retrieve all collaborators (employees) for a company including personal info, contracts, and contact details.
- Get Collaborator
Retrieve detailed information for a specific collaborator by ID including personal data, contracts, and contact info.
Collaborator Payslips
- List Collaborator Payslips
Retrieve all payslips for a specific collaborator by their ID.
- Get Collaborator Payslip
Retrieve a specific payslip document for a collaborator by payslip ID.
Contracts
- Create Contract
Create a basic employment contract for a collaborator. The contract won't be finalized until an admin completes the details in PayFit. Only available for French companies.
- List Contracts
Retrieve all employment contracts for a company including job details, status, and working hours.
- Get Contract
Retrieve detailed information for a specific employment contract by ID.
Other (14)
- Get Company
Retrieve company information including legal name, SIREN, country, and onboarding status.
- List Health Insurance Contracts
Retrieve all health insurance contracts for the company. Only available for French companies.
- List Provident Fund Contracts
Retrieve all provident fund (prévoyance) contracts for the company. Only available for French companies.
- List Worked Time
Retrieve worked time for all contracts for a given pay period. Returns hours worked, overtime, and absence details. Only available for French companies.
- List Collaborators Meal Vouchers
Retrieve meal voucher data for all collaborators for a given month. Only available for French companies.
- Get Payroll Status
Retrieve the payroll processing status for a specific month, indicating if payroll is completed.
- Get Accounting Data V2
Retrieve accounting data for a given month in JSON format. Available for FR and UK companies. Returns detailed entries with analytic codes, employee info, and debit/credit amounts.
- Get Payment File
Retrieve the payment file (SEPA/bank transfer file) for a given month for payroll payment processing.
- List Income Taxes Documents
Retrieve all income taxes documents (P45, P60, P11D) for UK companies. Returns document metadata with download URLs.
- List Auto Enrolment Documents
Retrieve all auto enrolment (pension) documents for UK companies. Returns pension-related document metadata.
- Get Company Document
Download a specific company document by its ID. Use document IDs from income taxes or auto enrolment document lists.
- List Absences
Retrieve a paginated list of absences for the company. By default, only approved absences are returned.
- Set Health Insurance Affiliation
Update health insurance affiliation for an employee contract. Allows assigning health insurance contracts or marking employee as exempted. Only available for French companies.
- Set Provident Fund Affiliation
Update provident fund affiliation for an employee contract. Allows assigning provident fund contracts to employees. Only available for French companies.
Set Up Your Payfit MCP Server in Minutes
One endpoint. Any framework. Your agent is talking to Payfit in under 10 lines of code.
MCP Clients
Agent Frameworks
JSON{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}More HRIS / HCM MCP Servers
UKG Ready
140+ actions
Workday (Rest and Soap)
128+ actions
Factorial
127+ actions
HiBob
123+ actions
Oracle Fusion HCM
120+ actions
Humaans
117+ actions
BambooHR
100+ actions
Payfit MCP Server Resources
MCP Code Mode: Keeping Tool Responses Out of Agent Context
Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
Indirect Prompt Injection Defense for MCP Tools: A Technical Guide
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
Payfit MCP Server FAQ
Payfit MCP server vs direct API integration — what's the difference?
A Payfit MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Payfit. A Payfit MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Payfit at runtime. StackOne provides both.
How does Payfit authentication work for AI agents?
Payfit authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Payfit account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via
origin_owner_id.Are Payfit MCP tools vulnerable to prompt injection?
Yes — Payfit MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Payfit agent and how do I avoid it?
Context bloat happens when Payfit tool schemas and API responses eat your Payfit agent's memory, preventing it from reasoning effectively. A single Payfit query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Payfit agent can access?
Yes — you can limit which actions your Payfit agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Payfit MCP server?
Yes — you can create custom agent actions for your Payfit MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Payfit's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Payfit MCP server?
Skip a Payfit MCP server if your integration is purely software-to-software — direct Payfit API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Payfit actions at runtime.
What AI frameworks and AI clients does the StackOne Payfit MCP server support?
The StackOne Payfit MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.
Put your AI agents to work
All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.