Moodle MCP turns any Moodle instance into a secure MCP server. AI assistants can query and operate courses, grades and activities in natural language — self-hosted, with OAuth 2.1 login, role-based permissions and a full audit trail.
No fragile integrations, no exporting data to third-party clouds. MCP runs inside your Moodle.
Upload the package through Moodle admin, like any other plugin. No external servers.
Read-only or read + write. Define which roles can connect an AI using a native Moodle capability.
Point the client at the MCP server URL. The user logs in to their own Moodle via OAuth 2.1 and authorises scopes. Works with Claude, ChatGPT and any MCP client.
Natural language commands become real actions, every operation logged in the audit trail.
Built for Moodle administrators: governance, compliance and zero vendor lock-in.
The MCP server runs on your own instance. No phone-home: no student data flows to vendor services.
Per-connection scopes plus native Moodle capabilities. The AI acts as the authorising user — it can never do more than they could.
15 fields per operation: function called, client IP, duration, error code and argument keys. CSV export for GDPR. Moodle Events API automatically feeds any external log store (Splunk, ELK).
Based on the Model Context Protocol with standard OAuth 2.1. Compatible with any MCP client, no vendor lock-in.
Access to any Moodle web service function: hundreds of operations, always within the user's permissions.
IP allowlist, function allowlist with wildcards and course restriction — configurable per token. Per-minute rate limit. Each connection gets exactly the minimum access it needs.
Pick a request and toggle the scopes. The assistant responds according to what you authorised for this connection.
Everything processed within your infrastructure. GDPR-compliant by design.
Whoever connects logs in to their own Moodle and explicitly authorises scopes. Connections expire, rotate, and are revocable at any time. Only users with the connect permission can authorise.
Complete record of every operation — allowed, denied or errored — exportable as CSV for security and compliance teams.
CIDR IP allowlist, wildcard function allowlist and course restriction — configurable per token. Per-minute rate limit stops runaway agents.
Auth failures, access denials and rate limit hits trigger an async webhook. Moodle Events API (Events API) feeds Splunk, ELK or any SIEM with no additional setup.
There is an open-source plugin (webservice_mcp) that also connects Moodle to MCP. It is useful for exploring the protocol. For an institution that needs governance, GDPR and security, here is what makes the difference.
One-time license, no mandatory subscription.
You pay once and the plugin is yours. The first year of updates and support is included.
The licence is perpetual on both plans: the plugin is yours forever. On the integration plan, the 12 months of active support are renewable at the end of the period. Without renewal, the plugin keeps working normally.
One Moodle per licence: each key activates on a single Moodle server. To move it to a different server, contact us to migrate the licence.
Yes, webservice_mcp is open source and provides basic connectivity. The difference is what it lacks: authentication via wstoken exposed in the URL (vs. OAuth 2.1 + PKCE), no automatic read/write separation, no IP or function allowlists, no course restriction, no rate limiting, no dedicated audit log, no security webhook, and a known Claude.ai incompatibility bug. For personal use or protocol exploration the free version works. For an institution needing governance, GDPR, auditability and granular control, the difference is substantial. See full comparison →
The Model Context Protocol (MCP) is an open protocol that lets AI assistants connect to tools and data sources in a standardised way. Moodle MCP implements this protocol inside your Moodle, exposing controlled actions that any compatible client can use.
Via OAuth 2.1: when connecting, the person logs in to their own Moodle and explicitly authorises scopes. No password or token is shared with the assistant, and only users with the connect permission can authorise. Connections expire, rotate and are revocable at any time.
The MCP server runs on your infrastructure with no phone-home. Only the data the assistant requests, and that the scope authorises, is sent to the AI client you chose to connect. You choose the provider, including self-hosted models.
Moodle 4.1 LTS or higher. The plugin is installed via the admin area like any other Moodle plugin, with no external dependencies.
Only if you enable read + write mode and the user authorises the write scope. By default the plugin exposes no write actions. In any case the AI acts as the user who connected: it never exceeds their native Moodle permissions, and everything is in the audit trail.
Yes. You pay once and use the plugin indefinitely. The first year of updates and support is included; annual renewal is optional and only needed to continue receiving new features.
Yes. We issue invoices and support procurement processes for public and private institutions. Contact our team for volume deals, multiple instances or special conditions.
One-time licence, self-hosted and GDPR-compliant. Start with read-only mode today.