# Activating UCP in the Admin Area

This guide explains how a merchant enables Universal Commerce Protocol (UCP) on a Finqu sales channel so third-party
agents and integrations can access the store programmatically.

**Audience:** Store administrators and merchants.

## Prerequisites

- A Finqu sales channel with a live storefront domain
- Admin access to the channel settings

## Steps

### 1. Open channel settings

1. Log in to the Finqu admin.
2. Select the channel you want to enable.
3. Navigate to **Settings** (`/channel/{channelId}/settings`).

### 2. Enable UCP

In the **API** section of the settings page:

1. Check **Enable UCP** (Universal Commerce Protocol).
2. Optionally check **Enable MCP server** if you want agents to connect via the Model Context Protocol in addition to
   REST.
3. Click **Save** at the bottom of the page.

Once saved, the store publishes a discovery profile at:

```
https://{your-store-domain}/.well-known/ucp
```

UCP REST endpoints become available at:

```
https://{your-store-domain}/api/ucp
```

If MCP is enabled, the MCP endpoint is available at:

```
https://{your-store-domain}/mcp
```

### 3. Configure agent access

Still on the settings page, scroll to the **Agent access** section. Choose which authentication methods external agents
may use:

| Setting                          | What it allows                                                                                                         |
| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
| **Allow anonymous agent access** | Agents can browse the catalog and manage carts without an API key. Checkout and orders remain blocked.                 |
| **Allow signed agent access**    | Agents with verified HTTP Message Signatures can access checkout-level operations (when available) without an API key. |

At least one access method should be enabled, or agents must authenticate with an API key (see next step).

### 4. Create API keys (recommended for production)

In the **API keys** section on the same settings page:

1. Click **Create API key**.
2. Give the key a descriptive name.
3. Copy and securely store the secret — it is shown only once.

Agents send the key as a Bearer token:

```http
Authorization: Bearer fq_secret_…
```

API keys grant the **token** authentication tier, which has the highest rate limits and full access to all enabled UCP
resources. See [Authentication](/reference/ucp/authentication) for tier details.

### 5. Verify activation

Confirm UCP is live by opening the discovery URL in a browser or with curl:

```bash
curl -s https://{your-store-domain}/.well-known/ucp | jq .
```

You should see a JSON document with `ucp.version`, `ucp.services`, and `ucp.capabilities`.

To verify authenticated access:

```bash
curl -s -H "Authorization: Bearer fq_secret_YOUR_KEY" \
  https://{your-store-domain}/api/ucp
```

A successful response returns `"protocol": "ucp"` and `"status": "ok"`.

## Optional: GraphQL API

UCP is independent of the GraphQL Storefront API. If you also need direct GraphQL access for custom headless
storefronts, enable **GraphQL API** in the same API section. UCP agents do not require GraphQL to be enabled.

## Disabling UCP

Uncheck **Enable UCP** and save. The discovery profile and all `/api/ucp/*` endpoints will return `404` for that domain.
Existing API keys remain in the system but cannot access UCP until it is re-enabled.

## Related documentation

- [Integration Guide](./integration-guide) — Build an agent integration against a Finqu store
- [UCP API Reference](/reference/ucp) — Authentication, endpoints, MCP tools, and error codes