# Ramp Managed MCP Server

> For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt)

---
title: Ramp Managed MCP Server
page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments.
latest-operator-version: v26.1.5
latest-console-tag: v3.7.4
latest-connect-version: 4.96.1
latest-redpanda-tag: v26.1.10
docname: managed/ramp
page-component-name: agentic-data-plane
page-version: master
page-component-version: master
page-component-title: Agentic Data Plane
page-relative-src-path: managed/ramp.adoc
page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/ramp.adoc
# Beta release status
page-beta: "true"
description: Manage Ramp corporate cards, transactions, spend limits, and reimbursements from an LLM agent. Per-user OAuth so each agent action runs as the calling end-user.
page-topic-type: how-to
personas: agent_builder, platform_engineer
learning-objective-1: Configure the Ramp managed MCP server with per-user OAuth
learning-objective-2: Pick the right scopes and environment for production vs sandbox
learning-objective-3: List transactions, manage cards, and adjust spend limits from an agent
page-git-created-date: "2026-05-28"
page-git-modified-date: "2026-06-10"
release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments.
---

<!-- Source: https://docs.redpanda.com/agentic-data-plane/connect/managed/ramp.md -->

The **Ramp** managed MCP server lets an LLM read and act on your company’s Ramp spend data: listing and inspecting transactions, browsing cards, managing spend limits, querying users and departments, looking up vendors, and reviewing reimbursements.

After reading this page, you will be able to:

-   Configure the Ramp managed MCP server with per-user OAuth

-   Pick the right scopes and environment for production vs sandbox

-   List transactions, manage cards, and adjust spend limits from an agent


## [](#what-this-mcp-server-does)What this MCP server does

Wraps the [Ramp Developer API v1](https://docs.ramp.com/developer-api/v1) using per-user OAuth tokens, so each user’s Ramp permissions are enforced automatically and no shared API key is stored.

It is suitable for expense analysis, spend-policy enforcement, and corporate card management workflows. It is **not** intended for accounting system integrations or bulk data exports; use Ramp’s native accounting sync or data export features for those tasks.

## [](#prerequisites)Prerequisites

Before you create the server, make sure you have:

-   A Ramp account with admin access to the Ramp Developer Portal.

-   An [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP for Ramp. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/).

-   Familiarity with [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/).


## [](#get-ramp-credentials)Get Ramp credentials

Set up the OAuth app on Ramp and the matching OAuth Provider in ADP:

1.  Sign in to the [Ramp Developer Portal](https://app.ramp.com/developer).

2.  Go to **Developer Settings > Applications** and click **Create Application**.

3.  Set the redirect URI to your AI Gateway OAuth callback (typically `https://aigw.<cluster-id>.clusters.rdpa.co/oauth/v1/callback`).

4.  Note the **Client ID** and **Client Secret**.

5.  Required scopes:

    -   `transactions:read`

    -   `cards:read`

    -   `cards:write`

    -   `users:read`

    -   `departments:read`

    -   `vendors:read`

    -   `reimbursements:read`

    -   `limits:read`

    -   `limits:write`


6.  In ADP, register an OAuth Provider with:

    -   **Authorization endpoint**: `https://app.ramp.com/v1/authorize`

    -   **Token endpoint**: `https://api.ramp.com/developer/v1/token`

    -   The Client ID and a secret-store reference for the Client Secret



## [](#configure)Configure

Create a new Ramp MCP server in ADP:

1.  Open **MCP Servers > Create Server**.

2.  Pick `Ramp` from the marketplace picker.

3.  Fill in identity fields (`name`, `description`).

4.  In the Ramp configuration form:

    | Field | Notes |
    | --- | --- |
    | environment | production for the live Ramp API. demo for Ramp’s sandbox environment. Omit (or leave empty) for production. |
    | OAuth Provider | The Ramp OAuth Provider you configured. |
    | Required scopes | All the scopes listed above. Drop write scopes (cards:write, limits:write) if the MCP only needs to read. |

5.  Click **Create**.


### [](#configure-from-the-cli)Configure from the CLI

Ramp authenticates per-user through the Ramp OAuth Provider you configured. Reference that provider in the managed config’s `userOauth.providerName` field. Ramp supports per-user OAuth only, so the `userOauth` block is required. The `--user-oauth-provider` and `--user-oauth-scopes` flags apply to remote (`--url`) servers only.

```bash
rpk ai mcp create --name my-ramp --managed-config '{
  "@type": "type.googleapis.com/redpanda.mcps.ramp.v1.RampMCPConfig",
  "environment": "production",
  "userOauth": {
    "providerName": "ramp"
  }
}'
```

Set `environment` to `"demo"` to target Ramp’s sandbox. `userOauth.providerName` is the resource name of the Ramp OAuth Provider you registered.

## [](#tools)Tools

The Ramp MCP exposes the following tools:

| Tool | Description |
| --- | --- |
| list_transactions | List transactions with optional filters. Supports pagination through the start cursor. Returns up to page_size results (max 100). |
| get_transaction | Retrieve a single transaction by ID, including line items, accounting selections, and policy violations. |
| list_cards | List corporate cards. Supports pagination. |
| create_card | Issue a new virtual card. Returns a deferred task ID, since Ramp creates cards asynchronously. |
| suspend_card | Suspend an active card by ID. Returns a deferred task ID. |
| list_users | List Ramp users in your organization. Supports pagination. |
| list_departments | List departments. Supports pagination. |
| list_vendors | List vendors. Supports pagination. |
| list_reimbursements | List out-of-pocket reimbursement requests. Supports pagination. |
| list_limits | List spend limits. Supports pagination. |
| create_limit | Create a new spend limit. Returns a deferred task ID, since Ramp creates limits asynchronously. |
| update_limit | Update an existing spend limit’s display name or spending restrictions synchronously. |

### [](#example-list-recent-transactions)Example: List recent transactions

```bash
curl -s https://aigw.<cluster-id>.clusters.rdpa.co/mcp/v1/my-ramp \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "list_transactions",
      "arguments": {
        "page_size": 25
      }
    }
  }'
```

### [](#example-create-a-virtual-card-for-a-vendor)Example: Create a virtual card for a vendor

```bash
curl -s https://aigw.<cluster-id>.clusters.rdpa.co/mcp/v1/my-ramp \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 2,
    "method": "tools/call",
    "params": {
      "name": "create_card",
      "arguments": {
        "display_name": "AWS Services",
        "user_id": "usr_abc123",
        "idempotency_key": "create-aws-card-2026",
        "spending_limit_amount": 5000.0,
        "spending_limit_interval": "MONTHLY",
        "spending_limit_currency": "USD"
      }
    }
  }'
```

## [](#troubleshooting)Troubleshooting

Common symptoms and fixes:

| Symptom | What to check |
| --- | --- |
| OAuthConnectionRequired | First call from a user with no stored token. The user completes Ramp’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. |
| scope_upgrade_required | Server’s required_scopes was extended after users had already consented. Users re-consent with the higher scope. |
| create_card / create_limit returns a task ID with no card / limit details | These operations are asynchronous on Ramp’s side. The MCP returns a task ID that you can poll against Ramp’s API; the actual card or limit appears once the task completes. |
| 403 Forbidden reading or writing | The calling user’s Ramp role doesn’t grant the action. Ramp’s role-based access control runs end-to-end: per-user OAuth means each user only sees what their Ramp account permits. |

## [](#limitations)Limitations

This page does not cover:

-   **Bulk data export**: Use Ramp’s native data export.

-   **Accounting system integration**: Use Ramp’s accounting sync.

-   **Receipt management and approvals**: Handled in the Ramp web UI.


## [](#next-steps)Next steps

-   [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/)

-   [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/)

-   [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/)