Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"aa": {
"command": "aa-mcp-server"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
An MCP server that gives Claude (or any MCP-compatible LLM) read-only access to your American Airlines AAdvantage account — mile balance, Loyalty Points progress, transaction history, upcoming trips, travel credits, and partner offers.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'aa-mcp-server' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked aa-mcp-server against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
MCP Security Weekly
Get CVE alerts and security updates for io.github.thehesiod/aa and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
An MCP server that gives Claude (or any MCP-compatible LLM) read-only access to your American Airlines AAdvantage account — mile balance, Loyalty Points progress, transaction history, upcoming trips, travel credits, and partner offers.
This is not a browser-automation wrapper. The server discovers and calls aa.com's underlying JSON APIs directly using session cookies extracted from a Chromium login. All HTTP traffic uses curl_cffi with Chrome TLS impersonation to satisfy aa.com's Akamai Bot Manager.
| Tool | Endpoint | Returns |
|---|---|---|
get_account_summary | /loyalty/api/member-information | Name, AAdvantage #, mile balance, status, cobranded card, business memberships |
get_loyalty_points_progress | /loyalty/api/progress-qualification | LP YTD, last-year totals, tier thresholds, next-status delta |
get_profile_details | /api/loyalty/.../profile | DOB, partners list, sales city, mile expiration, million-miler stats |
get_mile_activity | /api/loyalty/.../memberActivity | Mile/LP transaction history (date range, paginated, searchable) |
get_upcoming_trips | /loyalty/api/upcoming-trips | Reservations with record locators |
get_reservation_by_locator | /manage-reservation/viewres/api/reservation | Full reservation: segments, passengers, tickets, costs, change/cancel eligibility (requires lead-passenger name) |
search_change_flights | /manage-reservation/reshop/api/reshop/cheapest | Alternative flights for a reservation with a ±6-day price carousel, per-cabin pricing (netPrice = delta vs paid). Accepts origin/destination/date changes; pricing is total for all pax (no per-passenger split) |
get_flight_credits | /api/loyalty/travelCredits/flightCredit/details | Single-passenger ticket credits |
get_trip_credits | /api/loyalty/travelCredits/tripCredit/details | Multi-passenger / itinerary credits |
get_partner_offers | /loyalty/api/partnerOffers | Dashboard partner promotions |
get_notifications | /loyalty/api/notifications | Account notifications |
check_auth_status | — | Saved-session info: AA #, token expiry, cookie count |
save_session_from_browser | CDP | Pulls cookies from a logged-in Chromium and persists them |
pip install aa-mcp-server
aa.com is fronted by Akamai Bot Manager — you can't log in via headless requests. The flow:
aa-auth-browser # default account
aa-auth-browser personal # named account
aa-mcp-server --extract-session default
Or call the save_session_from_browser MCP tool from Claude.The cookies live in ~/.aa-mcp/accounts/<account>/session.json. The chromium profile lives in ~/.aa-mcp/chrome-profiles/<account>/. To refresh after expiry, relaunch aa-auth-browser (the saved profile auto-refreshes the access_token cookie when you visit any aa.com page) and re-run --extract-session.
AA_MCP_CHROMIUM=<path-to-chrome.exe> overrides the auto-discovery if your Chromium is somewhere unusual.
Every tool takes an optional account parameter. Omit it to use the default account.
get_account_summary() # default
get_account_summary(account="spouse")
aa-mcp-server # stdio transport
aa-mcp-server --setup # show account status & setup hints
aa-mcp-server --extract-session NAME # save cookies from running Chromium
Add to your MCP client config (e.g. Claude Desktop):
{
"mcpServers": {
"aa": {
"command": "aa-mcp-server"
}
}
}