Product Architecture · One-pager
A standalone token-broker + reconciliation engine, sold via the Fortnox Partner portal, targeting accounting firms (byrå) and business owners.
One remote MCP server Claude · ChatGPT · Cursor EU data residency Buy-via-Fortnox billing
You build one remote MCP server over HTTPS. Because ChatGPT and Claude both consume remote MCP servers with OAuth, that single endpoint covers every AI client at once. The MCP tools are the thin part — the value is the token broker underneath and a server-side matching engine that also powers a standalone web dashboard.
The broker is the hard, valuable engineering: multi-tenant encrypted Fortnox refresh-token storage, silent refresh, mapping each authenticated MCP user to the right Fortnox tenant, scope enforcement, and an immutable audit trail. It also holds the keys to companies' full accounting — so it warrants a dedicated security review. OAuth #1 = WorkOS AuthKit — it provides the Dynamic Client Registration + token issuance MCP clients need to connect; Supabase Third-Party Auth trusts that same token, so the dashboard and RLS run off one identity with no DIY auth server.
list_unpaid_invoicesget_account_balanceget_ledgerperiod_comparisonsearch_customerslist_supplier_invoicesexport_siecreate_invoicecreate_voucherapprove_supplier_invoiceTwo-step: preview → human confirms → commit. Tag with MCP destructiveHint so clients prompt. Never alter/delete posted vouchers — only corrections.
get_unmatched_transactionssuggest_matchesapply_match~15–25 intent-shaped tools, not 377 raw ops.
A real server-side engine matches payments to verifications on OCR/bankgiro ref, amount, date proximity, and counterparty — returning ranked candidates with a confidence score.
The model handles only the ambiguous remainder — missing OCR, partial payments, fees/rounding, fuzzy text. It explains and orchestrates; it never eyeballs rows and guesses.
This engine is valuable without any AI client — it powers a standalone reconciliation dashboard. That's what makes "standalone product" true and is hard to replicate.
| Table | Holds | Notes |
|---|---|---|
orgs | your customer (firm or business owner) | billing identity |
users | OAuth #1 identity | id = WorkOS sub; trusted by Supabase via Third-Party Auth |
fortnox_connections | per Fortnox company: encrypted refresh token, scopes, expiry | Supabase Vault / pgcrypto; RLS by org |
memberships | user ↔ company access + role | byrå: one user, many client companies |
match_runs / match_candidates | reconciliation results + confidence | powers dashboard & MCP tools |
audit_log | user · timestamp · tool · payload · result | append-only; a selling feature |
Everything in an EU region (GDPR + bokföringslagen). Writes auditable; posted verifications immutable.
Fortnox developer license + sandbox. Stand up OAuth #1 ↔ #2, encrypted token storage, silent refresh. Hardest infra — do it first.
~15 curated read tools + 3 confirm-gated writes. Live in Claude & ChatGPT. Private beta with 1–2 friendly accounting firms.
Deterministic engine + LLM tail, exposed as MCP tools and a standalone web reconciliation view. The wedge.
Multi-company, roles, audit export. Publish via Buy-via-Fortnox. Gather reviews from beta firms.