apollo-mcp-server
Verified Safeby apollographql
Overview
The Apollo MCP Server enables AI models and agents to interact with GraphQL APIs by exposing GraphQL operations as Model Context Protocol (MCP) tools.
Installation
docker run -it --rm --name apollo-mcp-server -p 8000:8000 -v $PWD/graphql/TheSpaceDevs/config.yaml:/config.yaml -v $PWD/graphql/TheSpaceDevs:/data ghcr.io/apollographql/apollo-mcp-server:latest /config.yamlEnvironment Variables
- APOLLO_KEY
- APOLLO_GRAPH_REF
- APOLLO_UPLINK_ENDPOINTS
- APOLLO_REGISTRY_URL
- APOLLO_MCP_ENDPOINT
- APOLLO_MCP_INTROSPECTION__EXECUTE__ENABLED
- APOLLO_MCP_TRANSPORT__ADDRESS
- APOLLO_MCP_TRANSPORT__PORT
- APOLLO_MCP_TRANSPORT__AUTH__SERVERS
- APOLLO_MCP_TRANSPORT__AUTH__AUDIENCES
- APOLLO_MCP_TRANSPORT__AUTH__RESOURCE
- APOLLO_MCP_TRANSPORT__AUTH__SCOPES
- APOLLO_MCP_OVERRIDES__DISABLE_TYPE_DESCRIPTION
- APOLLO_MCP_OVERRIDES__DISABLE_SCHEMA_DESCRIPTION
- APOLLO_MCP_OVERRIDES__ENABLE_EXPLORER
- APOLLO_MCP_OVERRIDES__MUTATION_MODE
- APOLLO_MCP_HEALTH_CHECK__ENABLED
- APOLLO_MCP_HEALTH_CHECK__PATH
- APOLLO_MCP_HEALTH_CHECK__READINESS__ALLOWED
- APOLLO_MCP_HEALTH_CHECK__READINESS__INTERVAL__SAMPLING
- APOLLO_MCP_HEALTH_CHECK__READINESS__INTERVAL__UNREADY
- APOLLO_MCP_CORS__ENABLED
- APOLLO_MCP_CORS__ORIGINS
- APOLLO_MCP_CORS__ALLOW_ANY_ORIGIN
Security Notes
The project demonstrates strong security practices including configurable OAuth 2.1 authentication (JWT validation, OIDC discovery), controlled HTTP header forwarding with a hop-by-hop blocklist, and comprehensive CORS configuration with validation checks. It leverages environment variables for sensitive API keys (e.g., APOLLO_KEY) rather than hardcoding. While `allow_any_origin: true` in CORS settings could be a misconfiguration risk if enabled improperly by users, it is an explicit configuration option. The `xtask` development tool interacts with GitHub API, but this is separated from the main server runtime. Overall, the core server appears robust and well-designed for secure operation.
Similar Servers
tmcp
OAuth 2.1 authorization helper for Model Context Protocol (MCP) servers.
rust-mcp-sdk
A high-performance, asynchronous Rust SDK for building Model Context Protocol (MCP) servers and clients.
rust-mcp-schema
Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema, serving as a foundational library for building compatible LLM applications and external data source integrations.
1xn-vmcp
An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.