infobip-openapi-mcp
Verified Safeby infobip
Overview
Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.
Installation
docker run --rm -ti -p 8080:8080 infobip-sms-mock-mcp:latestEnvironment Variables
- INFOBIP_OPENAPI_MCP_OPEN_API_URL
- INFOBIP_OPENAPI_MCP_API_BASE_URL
- INFOBIP_OPENAPI_MCP_TOOLS_MOCK
- INFOBIP_OPENAPI_MCP_SECURITY_AUTH_ENABLED
- INFOBIP_OPENAPI_MCP_SECURITY_AUTH_AUTH_URL
- SPRING_AI_MCP_SERVER_TYPE
- SPRING_AI_MCP_SERVER_PROTOCOL
Security Notes
The framework itself appears well-engineered with explicit handling for authorization headers in core components (ToolHandler, InitialAuthenticationFilter). Authentication is delegated to a configurable external `auth-url`, which is a good security practice. However, the overall security posture heavily depends on the trustworthiness of the provided OpenAPI specification and configured API endpoints. Malicious OpenAPI specifications or API responses could potentially lead to data exposure or prompt injections into AI agents. The 'JSON double serialization mitigation' helps handle malformed LLM inputs, preventing certain types of errors but should not be seen as a replacement for robust input validation on the underlying API. There are no obvious signs of 'eval' or similar dangerous dynamic code execution patterns on untrusted inputs within the provided source.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.
openapi-mcp-server
Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.