Jumio

v0.2.0API Key

Global KYC enterprise tier — deeper fraud intelligence, longer operator history. Target: banks, large fintechs, regulated commerce. Regional hosts (amer-1 / emea-1 / apac-1). Verified against docs.jumio.ai.

20 tools4 env vars🌐 GLOBALstable on npm

Install

terminal

$ npm install @codespar/mcp-jumio

Quickstart

Add this entry to your claude_desktop_config.json (or any MCP-compatible client config).

claude_desktop_config.json

{
  "mcpServers": {
    "jumio": {
      "command": "npx",
      "args": [
        "-y",
        "@codespar/mcp-jumio"
      ],
      "env": {
        "JUMIO_API_TOKEN": "<your_jumio_api_token>",
        "JUMIO_API_SECRET": "<your_jumio_api_secret>",
        "JUMIO_USER_AGENT": "<your_jumio_user_agent>"
      }
    }
  }
}

After restart, your agent can call any of the 20 tools below — try initiate_account first.

Environment variables · 4

Required to authenticate the server. Stored encrypted when using CodeSpar managed hosting.

JUMIO_API_TOKEN

required

Jumio API token (sent as the username component of HTTP Basic auth).

JUMIO_API_SECRET

requiredsecret

Jumio API secret (sent as the password component of HTTP Basic auth).

JUMIO_USER_AGENT

required

Merchant User-Agent string. Jumio requires a custom User-Agent header identifying the calling application (e.g. 'AcmeCorp KYX/1.0').

JUMIO_REGION

optional

Region for the API host: 'us' (api.amer-1.jumio.ai), 'eu' (api.emea-1.jumio.ai), 'sg' (api.apac-1.jumio.ai). Defaults to 'us'.

Available tools · 20

Each tool is independent — your agent loads only what it needs to reduce context and response time.

READinitiate_account

Create a persistent Jumio end-user account. An account groups all workflow executions (KYC transactions) for the same real-world user, enabling re-use of previously verified data and longitudinal fraud signals.

READinitiate_transaction

Start a new KYC workflow execution on an existing account. Returns a `redirectUrl` — redirect the end user there to complete the Jumio-hosted capture flow (document + selfie). Poll get_transaction for status afterwards.

READget_transaction

Retrieve a workflow execution summary — status ('INITIATED' | 'PROCESSED' | 'SESSION_EXPIRED' | 'TOKEN_EXPIRED' | 'ACQUIRED'), decision outcome, and capability-level results. Poll this to track progress.

READlist_transactions

List workflow executions for an account. Useful for auditing or rebuilding state after a webhook failure.

READget_transaction_details

Retrieve the full result payload for a workflow execution — all capability outputs (extraction, liveness, similarity, watchlist, etc). Use after status = 'PROCESSED'.

READretrieve_document_data

Retrieve extracted fields from the ID document (name, DOB, document number, expiry, issuing country, MRZ, etc). Requires a completed workflow that included a document capability.

READretrieve_similarity_score

Retrieve the facial similarity result (selfie vs document photo). Returns match decision plus confidence score. Requires a completed workflow that included a similarity/selfie capability.

DELETEdelete_transaction

Delete a workflow execution (GDPR right-to-erasure). Removes captured images, extracted data, and decision audit trail for this transaction on Jumio's side.

Compatible frameworks

MCP is a protocol — any framework that speaks it can mount this server.

Claude Agent SDKAnthropic

OpenAI AgentsOpenAI

Vercel AI SDKVercel

LangChainLangChain

LlamaIndexLlamaIndex

CrewAICrewAI

MastraMastra

Any MCP clientProtocol

Frequently asked questions

All credentials are encrypted at rest in an isolated vault scoped per organization. OAuth2 tokens are automatically refreshed before expiry. Your agent code never sees raw secrets — it receives scoped, short-lived session tokens.