Alvey Automation
MCP Server · Walmart Marketplace

Plug Claude into your Walmart Marketplace account.

A Model Context Protocol server for Walmart Marketplace. Catalog, inventory, orders, pricing, and settlement reports — read-only, in five minutes.

Free · MIT license
Get on GitHub 5-min install demo

The same RSA signing dance, every time

Every team selling on Walmart Marketplace writes the same RSA-signing glue — load PEM, build canonical string, sign, base64, attach four headers, generate a fresh correlation ID, time it to epoch ms, retry on 5xx, paginate. None of it is hard. All of it is annoying.

This package is the assembled, tested version. It exposes seven read-only Walmart Marketplace endpoints as MCP tools, with the signing and pagination handled for you. Add three env vars to your MCP client config and you're done.

The seven read-only tools

  • walmart_search_products — by query, page, page_size
  • walmart_get_product — full item detail by SKU
  • walmart_search_orders — date range, status filter
  • walmart_get_order — full purchase order detail
  • walmart_get_inventory — qty on hand by SKU
  • walmart_get_pricing — current price + strikethrough
  • walmart_get_settlement_report — fetch by report id

Every tool returns the standard JSON envelope. Auth signing uses RSA-2048 with SHA-256 (PKCS#1 v1.5 padding) per Walmart's public docs. Cryptography is handled by the audited cryptography library — the only added runtime dep over mcp + requests. 61 unit tests cover signature verification, retry behavior, and the tool layer.

Who this is for

This MCP server is for you if:

  • You sell on Walmart Marketplace and want Claude (or any MCP client) to be able to answer questions about your catalog, orders, and settlement reports without you writing glue.
  • You'd rather configure three env vars than maintain an internal Walmart client library.

It's not for you if:

  • You don't sell on Walmart Marketplace.
  • You need feeds / write operations. v0.1 is read-only by design.

FAQ

Is this endorsed by Walmart?
No. This is an independent open-source project, not endorsed by Walmart Inc. It uses Walmart Marketplace's public Seller API with credentials you provide.
Does it write to my Walmart Marketplace account?
No. v0.1 is read-only. Catalog, inventory, orders, pricing, and settlement reports — none of them mutate state.
What's the auth story?
Walmart Marketplace uses an RSA-signed-request scheme. The package handles signing transparently — you provide your Consumer ID and PEM private key as env vars, and the client attaches the right WM_SEC.AUTH_SIGNATURE headers per request. Keys never leave memory; nothing is logged or persisted.
What about 401 errors?
Almost always clock skew. Walmart's signature scheme is timestamp-sensitive — make sure your machine's clock is synced via NTP. The README has a troubleshooting section covering this and four other common failure modes.
What MCP clients does it work with?
Anything that speaks MCP over stdio: Claude Code, Claude Desktop, Cursor, or any IDE plugin with MCP support.
What's next?
v0.2 candidates include feeds (catalog updates, price updates, inventory updates) — but those are write operations and require a different threat model. Open an issue if there's a read endpoint you need first.

Skip the glue. Talk to Walmart from Claude.

MIT-licensed. No telemetry, no hosted backend, no per-call fees.

Get on GitHub Email a question