Customer Portal MCP Tools

Customer Portal MCP tools follow a portal activation and customer service workflow across customer accounts, portal users, roles and permissions, 2FA, service records, project status, orders and bookings, document versions, invoices and payments, service requests, FAQs, forms, notifications, data sync, consent records, access logs, and audit trails.

portal.config.get

read

Read portal timezone, login policy, document versioning, notifications, payments, support SLA, and customer visibility defaults.

-

Read-only baseline before portal activation or customer-visible writes.

Do not expose API secrets, payment secrets, or internal tokens.

portal.branding.get

read

Read portal logo, colors, domain, welcome message, languages, and white-label settings.

portal.config.get

Read-only; used before workspace activation or branding updates.

Return public branding only, not DNS secrets or verification tokens.

portal.customers.list

read

List customers by status, company, owner, or portal activation state.

portal.config.get

Read-only; used to avoid duplicate activation or wrong customer mapping.

Customer lists are tenant and role scoped to prevent cross-customer leakage.

portal.customer.get

read

Read customer profile, contacts, preferences, service summary, consent state, and portal status.

portal.customers.list

Read-only; required before portal activation, profile update, or invitation.

Mask PII by permission; do not expose sensitive contacts to unauthorized roles.

portal.portal_users.list

read

List portal users, roles, activation state, 2FA state, and last login under a customer.

portal.customer.get

Read-only; used before invite, role change, or access reset.

Show only necessary login state; never return passwords or session tokens.

portal.access_roles.list

read

Read portal roles, visible data scope, document permissions, payment permissions, and support request permissions.

portal.config.get, portal.portal_users.list

Read-only; used before access scope design or role changes.

Use least privilege; do not recommend admin role as default.

portal.auth_policy.get

read

Read login, 2FA, password reset, invitation expiry, lockout, and session policies.

portal.config.get

Read-only; used before invitation, reset, or security changes.

Do not return password hashes, reset tokens, or 2FA seeds.

portal.service_records.list

read

List customer service records, after-sales projects, delivery states, owners, and visibility.

portal.customer.get

Read-only; used before preparing portal home and service summaries.

Internal notes and costs must not appear as customer-visible records.

portal.service_record.get

read

Read one service record's timeline, status, files, comments, deliverables, and related payments.

portal.service_records.list

Read-only; used before publishing service progress or welcome summary.

Separate customer-visible comments from internal handling notes.

portal.project_status.list

read

Read client-visible project stages, task summaries, milestones, blockers, and expected completion dates.

portal.service_records.list

Read-only; verify before publishing project status.

Do not expose internal tasks, costs, staff performance, or unconfirmed risks.

portal.orders.list

read

List customer orders, quotes, contracts, fulfillment states, delivery dates, and related files.

portal.customer.get

Read-only; used for order status and portal dashboard summaries.

Return only orders authorized for that customer, with no cross-company merge.

portal.bookings.list

read

Read customer service, class, meeting, or after-sales bookings and reschedule state.

portal.customer.get

Read-only; used to show upcoming bookings or service times.

Do not expose other customers or staff private schedules.

portal.documents.list

read

List customer-visible and pending files, contracts, quotes, invoice copies, designs, reports, and versions.

portal.customer.get, portal.access_roles.list

Read-only; required before document publish or revocation.

Hide internal files by default; version and visibility scope must be explicit.

portal.document_version.get

read

Read one document version, source, expiry, download permissions, sign-off state, and customer-visible history.

portal.documents.list

Read-only; verify latest version before publish, revoke, or client sign-off.

Avoid publishing old or unapproved versions to customers.

portal.invoices.list

read

List customer invoices, due dates, outstanding balance, payment link state, and visibility.

portal.customer.get

Read-only; used before creating payment links or showing billing in portal.

Do not show sensitive billing data to users without payment permission.

portal.payments.list

read

Read payment records, gateway state, receipts, refunds, failed payments, and finance notification state.

portal.invoices.list

Read-only; used before payment follow-up, receipt download, or reconciliation.

Never return full card data, bank secrets, or gateway secrets.

portal.requests.list

read

List service requests by customer, status, type, priority, owner, or SLA.

portal.customer.get

Read-only; used before support dashboards, replies, or status updates.

Show only requests visible to the customer or authorized staff.

portal.request.get

read

Read request details, conversation, internal notes, attachments, SLA, handling history, and customer-visible state.

portal.requests.list

Read-only; required before reply, status update, or follow-up creation.

Internal notes must not leak into customer-visible replies.

portal.faq_entries.list

read

List FAQs, self-service support content, categories, languages, visible customer segments, and last update time.

portal.config.get

Read-only; used before FAQ updates or support reply suggestions.

Avoid exposing internal SOPs or unreviewed answers to customers.

portal.form_templates.list

read

Read customer interaction forms, questionnaires, drawing approvals, profile updates, and service application templates.

portal.config.get

Read-only; used before form publishing or submission recording.

Form fields must identify PII and sensitive data handling.

portal.notifications.list

read

Read portal notifications, channels, recipients, read state, failure state, and reminder rules.

portal.customer.get

Read-only; used before welcome, document, or payment notifications.

Respect consent, opt-out, frequency caps, and customer-visible scope.

portal.access_logs.list

read

List login, invitation, password reset, document download, payment view, and role change logs.

portal.customer.get

Read-only; used for security audit, disputes, or permission investigations.

Access logs are for authorized admins only, not customer-public content.

portal.activation.preview

preview

Preview customer portal activation including workspace, users, roles, documents, service records, and welcome message.

portal.customer.get, portal.portal_users.list, portal.documents.list, portal.service_records.list, portal.branding.get

Preview required; customer service lead approval required before activation and invite.

Do not include unapproved files, internal notes, or wrong customer data in activation draft.

portal.access_scope.preview

preview

Preview what files, invoices, service records, requests, and payment actions become visible after role or scope changes.

portal.portal_users.list, portal.access_roles.list, portal.documents.list, portal.invoices.list

Any permission elevation or customer-visible scope change requires approval.

Use least privilege and identify newly visible data.

portal.document_publish.preview

preview

Preview document publishing recipients, version, download permissions, expiry, notification content, and leakage risk.

portal.documents.list, portal.document_version.get, portal.access_scope.preview

Customer-visible documents require approval by an authorized person.

Block internal files, wrong-customer files, old versions, or unapproved versions from publishing.

portal.support_reply.preview

preview

Preview service request reply, customer-visible content, attachments, FAQ citations, follow-ups, and SLA impact.

portal.request.get, portal.faq_entries.list, portal.documents.list

Customer-visible replies or attachments require support or owner confirmation.

Internal notes, other-customer data, or unverified promises must not appear in replies.

portal.payment_action.preview

preview

Preview payment links, invoice visibility, receipts, payment reminders, gateway state, and finance notifications.

portal.invoices.list, portal.payments.list, portal.access_roles.list

Finance or authorized approval required before creating or resending payment links.

Prevent duplicate charges and avoid sending payment details to users without payment permission.

portal.notification.preview

preview

Preview welcome, document, payment, support reply, or portal update notification content, recipients, and channels.

portal.notifications.list, portal.customer.get, portal.portal_users.list

Bulk, customized, or sensitive customer notifications require approval.

Respect consent, opt-out, frequency limits, and prevent wrong-customer recipients.

portal.profile_update.preview

preview

Preview customer-updated contact, company, or preference fields that will sync to the central system.

portal.customer.get, portal.form_templates.list

Sensitive or company-profile changes require staff approval.

Keep old value, new value, source, and verification state.

portal.workspace.create

write

Create customer portal workspace linked to branding, service records, documents, invoices, support entry, and default access.

portal.activation.preview

Must execute from an approved activation preview.

Requires idempotency; avoid duplicate workspace for the same customer.

portal.user.invite

write

Invite a customer user to activate portal access with secure invitation link, role, and welcome message.

portal.activation.preview, portal.notification.preview

Customer service lead must approve recipient and role before invitation.

Invitation link must expire and raw token must not be returned in response.

portal.user.role_update

write

Update portal user role, visibility scope, payment permission, document download permission, and support permissions.

portal.access_scope.preview

Permission elevation or new sensitive visibility requires approval.

Do not grant internal admin privileges to customer users.

portal.access.reset

write

Disable, reset, or reissue portal access including password reset, 2FA reset, and account unlock.

portal.portal_users.list, portal.auth_policy.get, portal.access_logs.list

Security-sensitive reset requires authorized staff or identity verification.

Never return password or 2FA seed; all resets are audited.

portal.branding.upsert

write

Create or update portal logo, colors, login page, welcome copy, languages, and white-label settings.

portal.branding.get

Public branding changes require owner approval.

Validate image sources and domains; do not expose DNS or certificate secrets.

portal.customer_profile.update

write

Update approved customer contact, company profile, preferences, notification settings, or synced fields.

portal.profile_update.preview

Sensitive customer-submitted updates require staff approval.

Keep old and new values; avoid unverified data overwriting official records.

portal.document.publish

write

Publish a document version to a customer portal with visible roles, expiry, download access, and notification.

portal.document_publish.preview

Must execute from an approved document preview.

Check customer, version, visibility scope, and idempotency.

portal.document.revoke

write

Revoke access to a file, version, or customer user and retain revoke reason.

portal.documents.list, portal.document_version.get, portal.access_logs.list

Revoking customer-visible files requires authorized confirmation.

Do not delete audit; revoke visibility or download permission only.

portal.invoice.payment_link.create

write

Create or resend a portal payment link for an invoice and update notification and finance tracking state.

portal.payment_action.preview

Requires finance or authorized approval.

Prevent duplicate payment links, wrong-customer sends, and unauthorized recipients.

portal.request.create

write

Create a support request, service case, form follow-up, or internal task for a customer.

portal.customer.get, portal.requests.list, portal.form_templates.list

Customer submissions can create automatically; staff-created cases must mark source.

Check duplicate requests, attachment safety, and customer identity.

portal.request.status_update

write

Update support request status, priority, owner, SLA, customer-visible state, or follow-up.

portal.request.get

Closure, escalation, or SLA exceptions require owner confirmation.

Status changes need timestamp, actor, and reason.

portal.request.reply_add

write

Add customer-visible replies, internal notes, attachments, FAQ citations, or next-step instructions.

portal.support_reply.preview

Customer-visible replies must be confirmed from preview.

Clearly mark internal/customer-visible; do not include other customers' data.

portal.faq_entry.upsert

write

Create or update FAQ/self-service answers, categories, languages, visible segments, and publish state.

portal.faq_entries.list

Public FAQ or policy answers require owner approval.

Do not publish unreviewed legal, payment, or service promise content.

portal.form_submission.record

write

Record customer form, questionnaire, drawing approval, profile update, or service application submission.

portal.form_templates.list, portal.customer.get

Sensitive submissions or formal data changes require staff approval.

Validate fields, attachments, and identity; keep submission source.

portal.notification.send

write

Send portal welcome, document update, payment reminder, support reply, service progress, or security notifications.

portal.notification.preview

Bulk or sensitive notifications require approval; security notifications follow policy.

Respect consent, opt-out, frequency caps, and recipient permissions.

portal.consent.update

write

Update customer consent for portal terms, privacy, notifications, payments, or data sync.

portal.customer.get, portal.access_logs.list

Customer-submitted consent can be recorded; staff changes need authorization and reason.

Consent records need timestamp, source, version, and IP/device summary.

portal.analytics_snapshot.record

write

Record self-service queries, file downloads, payment clicks, support requests, response time, and deflection performance.

portal.notifications.list, portal.requests.list, portal.access_logs.list, portal.payments.list

Writes aggregate analytics only and does not change customer service records.

Avoid writing personal data into analytics snapshots.

portal.action_request.status

status

Check portal write request, approval, execution, failure, retry, and audit state.

portal.access_logs.list

Read-only status; tracks activation, invitations, documents, payments, replies, and notifications.

Status endpoint must not re-execute writes.