Connect Claude, ChatGPT, Cursor, or any MCP host to your IBKR account

IBKR Gateway exposes an MCP (Model Context Protocol) server at https://ibkr-gateway.bogdanripa.com/mcp. Any MCP-compatible host — Claude.ai's Custom Connectors, Claude Desktop, ChatGPT's Custom Connectors, Cursor, your own scripts — can use it to query positions, pull quotes, and (with your explicit consent) place orders against one of your IBKR connections.

OAuth, not API keys. When you connect a host like Claude, it walks you through a normal "sign in with Google + consent" flow on this site. You pick which IBKR connection to expose and whether the host can place trades or only read. No shared secrets to copy-paste.

Connect from Claude.ai

Set up an IBKR connection first. Go to the console, sign in, and add a paper or live connection. (See paper accounts or live setup.)
In Claude.ai, add a custom connector. Settings → Connectors → Add custom connector. Paste https://ibkr-gateway.bogdanripa.com/mcp.
Authorize. Claude opens a popup pointing at this site's consent screen. Sign in with the same Google account you use for the console. Pick which IBKR connection to expose and the scope (read-only or read & write). Approve.
Use the tools. Claude can now call get_quote, get_portfolio, and the rest. Try "what's my IBKR portfolio worth right now?" or "get a quote for NVDA".

Connect from ChatGPT

Set up an IBKR connection first (same as above).
In ChatGPT, open Settings → Connectors → Create. Pick "Custom connector" / "MCP server" (the label varies by plan). Paste https://ibkr-gateway.bogdanripa.com/mcp as the server URL.
Authorize. ChatGPT opens this site's consent screen, you sign in with Google, pick the IBKR connection and the scope (read-only or read & write), and approve.
Use the tools. The IBKR tools show up under the connector — ask ChatGPT to "check my IBKR portfolio" or "quote SPY".

MCP-over-HTTP for custom connectors is only available on ChatGPT plans that expose the connector / agent features (Business, Enterprise, Edu, and Pro at the time of writing). If you don't see the "Create" option, your plan may not have it.

Connect from Claude Desktop

Add the gateway to your claude_desktop_config.json:

{
  "mcpServers": {
    "ibkr-gateway": {
      "url": "https://ibkr-gateway.bogdanripa.com/mcp"
    }
  }
}

Claude Desktop will run the OAuth dance the first time the server is contacted — same consent screen as Claude.ai.

Connect from Cursor or any other host

Point your MCP client at https://ibkr-gateway.bogdanripa.com/mcp. Any host that implements MCP's OAuth 2.1 + Dynamic Client Registration profile will auto-discover the authorization endpoints via /.well-known/oauth-protected-resource.

Scopes

Read-only — the host can list accounts, snap quotes, pull history, and read your portfolio & order book. It cannot place or cancel orders, or switch which sub-account is active. Recommended for analysis-only use.

Read & write — the host can do all of the above plus place and cancel orders. Required if you want Claude to actually execute trades. You get to pick the scope on every consent screen.

Scope is bound to the token at consent time. To switch scopes later, re-authorize on the consent screen — old tokens stay valid until you revoke them from the console's Connected apps panel.

What each tool does

get_accounts — list every IBKR sub-account on the connection.
get_current_account / set_current_account — read or pin the implicit sub-account.
get_portfolio — stocks, options, other positions, cash ledger.
get_cash — cash ledger by currency.
search_security — search IBKR's security master by ticker or company name.
get_quote — snapshot last/bid/ask/day H/L for one contract.
get_history — OHLCV bars.
get_change — first→last close % change over a period.
get_orders / get_order_status — live order book.
place_order — place an equity order (MKT / LMT / STP / STP_LIMIT). write scope only.
cancel_order — cancel a working order by id. write scope only.

Read-only clients won't even see place_order / cancel_order / set_current_account in the tools list — they're filtered out server-side based on the scope of the token.

Managing connected hosts

The console's Connected apps panel lists every host that's been authorized, with the IBKR connection + scope + last-used timestamp. Revoke from there to cut a host off immediately.

API keys (programmatic access)

Not every caller is an AI host walking through OAuth. Any third-party app, backend service, script, notebook, or scheduled job can hit the same /mcp endpoint with a per-connection API key — no consent screen, no token refresh, no Firebase sign-in. The key goes on the request as a static Authorization: Bearer <key> header.

Connections auto-generate a default key on creation; you can mint additional keys (and revoke individual ones) from the console. API-key callers get full read+write access against the connection the key belongs to.

curl -sS https://ibkr-gateway.bogdanripa.com/mcp \
  -H "Authorization: Bearer ibkr_..." \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

Either way, every call against /mcp is logged with source (oauth or apikey), scope, and the connection it touched. Audit trail lives in the Recent errors panel for failures and in the per-key Last used column for successes.