MYOB Codex MCP

58 tools. 28 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

28 can modify or destroy data
30 read-only
58 tools total

Community server · catalogue entry verified 02/07/2026

How to control MYOB Codex MCP ↓

What MYOB Codex MCP exposes to your agents

Read (30) Write / Execute (22) Destructive / Financial (6)
Critical Risk

The most dangerous MYOB Codex MCP tools

28 of MYOB Codex MCP's 58 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control MYOB Codex MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and MYOB Codex MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "myob_customer_payment_prepare_record": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "myob_invoice_prepare_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "myob_approval_approve": {
    "limits": [
      {
        "counter": "myob_approval_approve_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "myob_account_get": {
    "limits": [
      {
        "counter": "myob_account_get_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MYOB Codex MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MYOB CODEX →

Instant setup, no code required.

All 58 MYOB Codex MCP tools

WRITE 19 tools
Write myob_approval_approve Approve a prepared MYOB write. The approval_phrase must be exactly 'APPROVE <operation_id>'. Write myob_approval_deny Deny a prepared or approved MYOB write operation. Write myob_attachment_prepare_upload Prepare attachment upload. content_base64 is stored in the pending payload until approved. Write myob_bill_prepare_create Prepare creation of a purchase bill. Requires approval before commit. Write myob_bill_prepare_update Prepare update of a purchase bill. Requires approval before commit. Write myob_commit_operation Commit any approved MYOB operation. This mutates MYOB and requires a valid approval token. Write myob_customer_prepare_create Prepare creation of a customer contact. Requires approval before commit. Write myob_customer_prepare_update Prepare update of a customer contact. Requires approval before commit. Write myob_entity_prepare_create Prepare create for a supported entity using the endpoint registry. Write myob_entity_prepare_update Prepare update for a supported entity using the endpoint registry. Write myob_inventory_item_prepare_create Prepare inventory item creation. Requires approval before commit. Write myob_invoice_prepare_create Prepare creation of a sales invoice. Requires approval before commit. Write myob_invoice_prepare_update Prepare update of a sales invoice. Requires approval before commit. Write myob_journal_prepare_create Prepare general journal creation. High-risk approval required. Write myob_oauth_exchange_code Manually exchange an OAuth code for MYOB tokens and save businessId context. Write myob_raw_commit_mutation Commit an approved raw MYOB mutation. This mutates MYOB and requires a valid approval token. Write myob_sales_order_prepare_create Prepare creation of a sales order. Requires approval before commit. Write myob_supplier_prepare_create Prepare creation of a supplier contact. Requires approval before commit. Write myob_supplier_prepare_update Prepare update of a supplier contact. Requires approval before commit.
READ 30 tools
Read myob_account_get Get a chart-of-accounts record by UID. Read myob_account_list List chart of accounts. Read myob_approval_get Get the full approval preview for a MYOB operation. Read myob_approval_list_pending List pending or approved MYOB operations awaiting user/accountant action. Read myob_auth_status Show MYOB OAuth authentication, token, and selected business status. Read myob_bank_account_list List bank accounts. Read myob_bill_get Get bill by UID. If layout is supplied, reads the layout-specific detail endpoint. Read myob_bill_list List purchase bills. Read myob_company_get_context Return the selected MYOB business/company file context. Read myob_company_list_files Try to list accessible company files. New MYOB OAuth flows may require businessId from consent instead. Read myob_contact_get Get any contact by UID. Read myob_customer_list List customers. Read myob_customer_payment_list List customer payments. Read myob_employee_list List employees. Read myob_entity_get Get one MYOB record by entity and UID. layout is needed for some invoice/bill/order details. Read myob_entity_list List records for a supported MYOB entity using the endpoint registry. Read myob_inventory_item_list List inventory items. Read myob_invoice_get Get invoice by UID. If layout is supplied, reads the layout-specific detail endpoint. Read myob_invoice_list List sales invoices. Read myob_job_list List jobs. Read myob_journal_list List general journal records. Read myob_metadata_get_entity_schema Return known MYOB endpoint paths and write flow for an entity. Read myob_metadata_get_tool_catalog Return a machine-readable catalog of major MCP tools and mutation policy. Read myob_metadata_list_domains List MYOB entity domains supported by this MCP server. Read myob_raw_get Read any MYOB Business API endpoint with GET. This tool is read-only. Read myob_receive_money_list List receive-money transactions. Read myob_spend_money_list List spend-money transactions. Read myob_supplier_list List suppliers. Read myob_supplier_payment_list List supplier payments. Read myob_tax_code_list List tax codes.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about MYOB Codex MCP

Can an AI agent move money through the MYOB Codex MCP server? +

Yes. The MYOB Codex MCP server exposes 4 financial tools including myob_customer_payment_prepare_record, myob_receive_money_prepare_create, myob_spend_money_prepare_create. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the MYOB Codex MCP server? +

Yes. The MYOB Codex MCP server exposes 2 destructive tools including myob_invoice_prepare_delete, myob_oauth_logout. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MYOB Codex MCP? +

The MYOB Codex MCP server has 19 write tools including myob_approval_approve, myob_approval_deny, myob_attachment_prepare_upload. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MYOB Codex MCP.

How many tools does the MYOB Codex MCP server expose? +

58 tools across 4 categories: Destructive, Execute, Read, Write. 30 are read-only. 28 can modify, create, or delete data.

How do I enforce a policy on MYOB Codex MCP? +

Register the MYOB Codex MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MYOB Codex MCP tool call.

Deterministic rules across all 58 MYOB Codex MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

58 MYOB Codex MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.