ags-api-mcp-server
Verified Safeby AccelByte
Overview
Provides AI assistants with access to AccelByte Gaming Services APIs through OpenAPI integration.
Installation
docker run -d --name ags-api-mcp-server -e AB_BASE_URL=https://yourgame.accelbyte.io -e OAUTH_CLIENT_ID=your-client-id -e OAUTH_CLIENT_SECRET=your-client-secret -p 3000:3000 ghcr.io/accelbyte/ags-api-mcp-server:2026.1.0Environment Variables
- AB_BASE_URL
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
- MCP_PORT
- MCP_AUTH
- NODE_ENV
- LOG_LEVEL
- OPENAPI_SPECS_DIR
- OPENAPI_DEFAULT_SEARCH_LIMIT
- OPENAPI_MAX_SEARCH_LIMIT
- OPENAPI_DEFAULT_RUN_TIMEOUT_MS
- OPENAPI_MAX_RUN_TIMEOUT_MS
- INCLUDE_WRITE_REQUESTS
- ADVERTISED_PROTOCOL
- ADVERTISED_HOSTNAME
- ADVERTISED_PORT
- TRANSPORT
- OAUTH_REDIRECT_URI
- OAUTH_AUTHORIZATION_URL
- OAUTH_TOKEN_URL
- ENABLE_CLIENT_CREDENTIALS_FALLBACK
- JWKS_URI
- JWT_ISSUER
- JWT_AUDIENCE
- JWT_ALGORITHMS
Security Notes
The server employs several good security practices: environment variables for configuration, token masking in logs, PKCE for OAuth flows, OIDC token verification with JWKS, Helmet for HTTP security headers, and rate limiting (in V2). It adheres to a stateless architecture in V2, reducing session-related attack surfaces. A minor concern in V1's `StreamableHTTPTransport` is its `validateOrigin` which logs warnings but still allows non-localhost origins by default, which should be tightened for production outside of specific local scenarios. Furthermore, while the server uses JSONPath expressions, care must be taken when exposing these to LLMs to prevent potential injection if user input directly influences the expression, although the current implementation doesn't appear to directly facilitate this risk.
Similar Servers
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
leanmcp-sdk
Building production-ready Model Context Protocol (MCP) servers with TypeScript, supporting features like authentication, elicitation, and UI integration for AI agents.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.