openapi-to-mcp
Expose API endpoints as strongly typed tools from an OpenAPI specification. Supports OpenAPI 2.0/3.0 in JSON or YAML format, from local or remote files.
openapi-to-mcp
Use your OpenAPI specification to expose your API's endpoints as strongly typed tools.
Basic example for https://petstore3.swagger.io/ 🎉
{
"mcpServers": {
"petstore": {
"command": "openapi-to-mcp",
"args": [
"https://petstore3.swagger.io/api/v3/openapi.json"
]
}
}
}
More complex example, using Github's API:
{
"mcpServers": {
"github": {
"command": "openapi-to-mcp",
"args": [
"https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.yaml",
"--bearer-token",
"github_pat_xxxxxx",
"--tool-naming-strategy",
"verbandpath"
]
}
}
}
This example use the bearer token auth (with a Github Personal Access Token) and force the tool naming strategy to "verb and path", as Github's operation ids are not valid tool names.
Install
As a Nuget tool: openapi-to-mcp
dotnet tool install --global openapi-to-mcp
Or download the executables from the releases
Usage
Usage:
openapi-to-mcp <open-api> [options]
Arguments:
<open-api> You OpenAPI specification (URL or file) [required]
Options:
-t, --tool-naming-strategy <extension|extension_or_operationid_or_verbandpath|operationid|verbandpath> How the tool name should be computed [default: extension_or_operationid_or_verbandpath]
-h, --host-override Host override
-b, --bearer-token Bearer token
-o2, --oauth-2-grant-type <client_credentials|password|refresh_token> OAuth2 flow to be used
-o2_tu, --oauth-2-token-url OAuth2 token endpoint URL (override the one defined in your OpenAPI for your chosen OAuth2 flow)
-o2_ci, --oauth-2-client-id OAuth2 client id (for the client_credentials grant_type)
-o2_cs, --oauth-2-client-secret OAuth2 client secret (for the client_credentials grant_type)
-o2_rt, --oauth-2-refresh-token OAuth2 refresh token (for the refresh_token grant_type)
-o2_un, --oauth-2-username OAuth2 username (for the password grant_type)
-o2_pw, --oauth-2-password OAuth2 password (for the password grant_type)
-i, --instructions MCP instruction to be advertised by the server
--verbose Log more info (in sdterr) [default: False]
-?, -h, --help Show help and usage information
--version Show version information
OpenAPI support
- Currently, OpenAPI 2.0 and 3.0 are supported.
- 3.1 is not (at least not until microsoft/OpenAPI.NET supports it)
- Specifications can be JSON/YAML and local (file) or remote (URL)
- Only local $refs are supported
OpenAPI custom extensions
A set of custom extensions is available to customize how your API should be exposed:
info.x-mcp-instructions(string): Textual instructions exposed by the MCP server during the initialize handshakeoperation.x-mcp-tool-name(string): Custom tool nameoperation.x-mcp-tool-description(string): Custom tool descriptionoperation.x-mcp-tool-enabled(boolean): Enabled/disabled a specific operation (enabled by default)
MCP features
Only STDIO transport is currently supported.
Tools
Operations ("endpoints") from your OpenAPI specification are translated to MCP tools
- All path/query/JSON body parameters are exposed (using their JSON schema)
- Response is returned as-is
- By default, the tool name is computed using first the
operation.x-mcp-tool-nameextension, then the operation.operationId and then{httpMethod}_{escaped_path}- The tool naming strategy can be defined via the
--tool-naming-strategyoption. - ⚠️Tools are discarded if their name don't match
^[a-zA-Z0-9_-]{1,64}$
- The tool naming strategy can be defined via the
- Tools description are extracted as follows:
operation.x-mcp-tool-description??operation.description??path.description
Tool call and host
When a tool is called, the MCP server will call the underlying endpoint. To determine which host to call a combination of parameters are used:
- the
--host-overrideoption - your specification first server's URL if it's an absolute URL
- the host of the remote OpenAPI provided
- otherwise, an error is thrown
For example running openapi-to-mcp https://petstore3.swagger.io/api/v3/openapi.json:
- https://petstore3.swagger.io/api/v3/openapi.json defines a server, but its URL is relative (/api/v3)
- so the host of the specification's own URL is used: https://petstore3.swagger.io and the relative path of the server is appended to it
Authorization
Bearer token
A token can be provided as option --bearer-token. It'll be provided to all calls as the Authorization: Bearer {token} header.
It'll also be provided when fetching a remote specification.
OAuth2
ClientCredentials, RefreshToken, Password are supported.
If your OpenAPI specification declare securitySchemes for those flows, the corresponding tokenUrl will be used.
How to publish
Create a new tag/release 🤷
Related Servers
BlenderMCP
Connects Blender to AI models via MCP for prompt-assisted 3D modeling, scene creation, and manipulation.
SMART-E2B
Integrates E2B for secure code execution in cloud sandboxes, designed for Claude AI Desktop.
iOS MCP Server
An iOS mobile automation server using Appium and WebDriverAgent, built with clean architecture and SOLID principles.
Julia Documentation MCP Server
An MCP server for accessing Julia documentation and source code.
FastMCP
A TypeScript framework for building MCP servers with client session handling.
Bitrise
Manage apps, builds, and artifacts on Bitrise, a Continuous Integration and Delivery (CI/CD) platform.
Enhanced QR Code MCP Server
Advanced QR code generation and processing with support for custom styling, multiple formats, batch processing, and analytics.
MemGPT MCP Server
A server that provides a memory system for LLMs, enabling persistent conversations with various providers like OpenAI, Anthropic, and OpenRouter.
Profile MCP Server
An example MCP server deployable on Cloudflare Workers without authentication.
Claude Project Coordinator
Manage and coordinate multiple Xcode/Swift projects with features like project tracking, smart search, and analytics.