https://github.com/criteo/openapi-to-mcp
An MCP server for your API
https://github.com/criteo/openapi-to-mcp
Last synced: 22 days ago
JSON representation
An MCP server for your API
- Host: GitHub
- URL: https://github.com/criteo/openapi-to-mcp
- Owner: criteo
- License: mit
- Created: 2025-04-23T15:47:53.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2025-07-15T11:21:08.000Z (4 months ago)
- Last Synced: 2025-10-10T14:04:00.008Z (25 days ago)
- Language: C#
- Size: 3.03 MB
- Stars: 21
- Watchers: 1
- Forks: 5
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-mcp-servers - **openapi-to-mcp** - An MCP server for your API `c#` `mcp` `server` `api` `python` `git clone https://github.com/ouvreboite/openapi-to-mcp` (API)
README
[](https://github.com/ouvreboite/openapi-to-mcp/actions/workflows/build_and_test.yml)
[](https://www.nuget.org/packages/openapi-to-mcp)
# openapi-to-mcp
Use your OpenAPI specification to expose your API's endpoints as strongly typed tools.
Basic example for https://petstore3.swagger.io/ 🎉
```json
{
"mcpServers": {
"petstore": {
"command": "openapi-to-mcp",
"args": [
"https://petstore3.swagger.io/api/v3/openapi.json"
]
}
}
}
```
More complex example, using Github's API:
```
{
"mcpServers": {
"github": {
"command": "openapi-to-mcp",
"args": [
"https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.yaml",
"--bearer-token",
"github_pat_xxxxxx",
"--tool-naming-strategy",
"verbandpath"
]
}
}
}
```
This example use the bearer token auth (with a Github [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic)) and force the tool naming strategy to "verb and path", as Github's operation ids are not valid tool names.
## Install
As a Nuget tool: [openapi-to-mcp](https://www.nuget.org/packages/openapi-to-mcp)
```sh
dotnet tool install --global openapi-to-mcp
```
Or download the executables from the [releases](https://github.com/ouvreboite/openapi-to-mcp/releases)
## Usage
```bash
Usage:
openapi-to-mcp [options]
Arguments:
You OpenAPI specification (URL or file) [required]
Options:
-t, --tool-naming-strategy How the tool name should be computed [default: extension_or_operationid_or_verbandpath]
-h, --host-override Host override
-b, --bearer-token Bearer token
-o2, --oauth-2-grant-type OAuth2 flow to be used
-o2_tu, --oauth-2-token-url OAuth2 token endpoint URL (override the one defined in your OpenAPI for your chosen OAuth2 flow)
-o2_ci, --oauth-2-client-id OAuth2 client id (for the client_credentials grant_type)
-o2_cs, --oauth-2-client-secret OAuth2 client secret (for the client_credentials grant_type)
-o2_rt, --oauth-2-refresh-token OAuth2 refresh token (for the refresh_token grant_type)
-o2_un, --oauth-2-username OAuth2 username (for the password grant_type)
-o2_pw, --oauth-2-password OAuth2 password (for the password grant_type)
-i, --instructions MCP instruction to be advertised by the server
--verbose Log more info (in sdterr) [default: False]
-?, -h, --help Show help and usage information
--version Show version information
```
## OpenAPI support
- Currently, OpenAPI 2.0 and 3.0 are supported.
- 3.1 is not (at least not until [microsoft/OpenAPI.NET](https://github.com/microsoft/OpenAPI.NET) supports it)
- Specifications can be JSON/YAML and local (file) or remote (URL)
- Only local $refs are supported
### OpenAPI custom extensions
A set of custom extensions is available to customize how your API should be exposed:
- `info.x-mcp-instructions` (string): Textual instructions exposed by the MCP server during the initialize handshake
- `operation.x-mcp-tool-name` (string): Custom tool name
- `operation.x-mcp-tool-description` (string): Custom tool description
- `operation.x-mcp-tool-enabled` (boolean): Enabled/disabled a specific operation (enabled by default)
## MCP features
Only STDIO transport is currently supported.
### Tools
Operations ("endpoints") from your OpenAPI specification are translated to MCP [tools](https://modelcontextprotocol.io/docs/concepts/tools)
- All path/query/JSON body parameters are exposed (using their JSON schema)
- Response is returned as-is
- By default, the tool name is computed using first the `operation.x-mcp-tool-name` extension, then the [operation.operationId](https://swagger.io/docs/specification/v3_0/paths-and-operations/#operationid) and then `{httpMethod}_{escaped_path}`
- The tool naming strategy can be defined via the `--tool-naming-strategy` option.
- ⚠️Tools are discarded if their name don't match `^[a-zA-Z0-9_-]{1,64}$`
- Tools description are extracted as follows: `operation.x-mcp-tool-description` ?? `operation.description` ?? `path.description`
### Tool call and host
When a tool is called, the MCP server will call the underlying endpoint. To determine which host to call a combination of parameters are used:
- the `--host-override` option
- your specification first [server](https://swagger.io/docs/specification/v3_0/api-host-and-base-path/)'s URL if it's an absolute URL
- the host of the remote OpenAPI provided
- otherwise, an error is thrown
For example running `openapi-to-mcp https://petstore3.swagger.io/api/v3/openapi.json`:
- https://petstore3.swagger.io/api/v3/openapi.json defines a server, but its URL is relative (/api/v3)
- so the host of the specification's own URL is used: https://petstore3.swagger.io and the relative path of the server is appended to it
## Authorization
### Bearer token
A token can be provided as option `--bearer-token`. It'll be provided to all calls as the `Authorization: Bearer {token}` header.
It'll also be provided when fetching a remote specification.
### OAuth2
ClientCredentials, RefreshToken, Password are supported.
If your OpenAPI specification declare [securitySchemes](https://swagger.io/docs/specification/v3_0/authentication/oauth2/) for those flows, the corresponding `tokenUrl` will be used.
## How to publish
Create a new tag/release 🤷