mcp-openapi-server
Verified Safeby ivo-toby
Overview
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
Installation
npx @ivotoby/openapi-mcp-server --api-base-url "https://api.example.com" --openapi-spec "https://api.example.com/openapi.json"Environment Variables
- TRANSPORT_TYPE
- HTTP_PORT
- HTTP_HOST
- ENDPOINT_PATH
- API_BASE_URL
- OPENAPI_SPEC_PATH
- OPENAPI_SPEC_FROM_STDIN
- OPENAPI_SPEC_INLINE
- API_HEADERS
- SERVER_NAME
- SERVER_VERSION
- TOOLS_MODE
- DISABLE_ABBREVIATION
- PROMPTS_PATH
- PROMPTS_INLINE
- RESOURCES_PATH
- RESOURCES_INLINE
- BEATPORT_TOKEN
Security Notes
The server implements several security best practices including preventing HTTP header injection (CRLF), blocking user-controlled system headers (e.g., Host, Content-Length), and redacting sensitive data from authentication error responses (401/403). The HTTP transport validates Origin headers for localhost to prevent DNS rebinding attacks but notes that production implementations should use a whitelist, which is good practice. No 'eval' or obvious malicious patterns were found. Hardcoded secrets are explicitly placeholders.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
openapi-mcp-server
Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.
rest-to-mcp-adapter
Transforms REST API specifications (OpenAPI, Swagger, OpenAPI Actions) into Model Context Protocol (MCP) tools, enabling AI agents like Claude and GPT to interact with any REST API.
swagger2mcp
Transforms OpenAPI/Swagger specifications into Model Context Protocol (MCP) servers, enabling secure and accurate LLM interaction with APIs.