Garmin MCP Gateway
Allows users to connect their Garmin Connect account and access Garmin health and fitness data through Claude.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Garmin MCP Gatewaylist my latest activities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MissingMCP
The MCP servers exist. Connecting them shouldn't be complicated.
A multi-user, OAuth 2.1–protected gateway that hosts the connectors Claude is
missing, so a small trusted circle can connect their own accounts from any
Claude client (iOS, Android, Web, Desktop). The flagship connector is
Garmin Connect: the gateway wraps the
unmodified garmin_mcp worker and
adds OAuth, per-user token isolation, and a reverse proxy. WHOOP
is served the same way but in-process, on WHOOP's own official OAuth v2 API.
The core is adapter-based and supports three forward strategies — worker
(garmin), local (whoop, in-process, no subprocess), and remote (MCP +
header injection, for services with a hosted MCP that lacks its own OAuth) —
see Connectors. The reference deployment runs at
missingmcp.com.
Claude → POST /garmin/mcp (Bearer) → Gateway → 127.0.0.1:<port>/mcp (per-user garmin_mcp) → connect.garmin.comWhy
garmin_mcp is a great MCP server, but it's single-user and stdio-only: each
person has to run it locally with their own Garmin tokens. This gateway makes it a
remote MCP server any Claude client can connect to over HTTP, with a proper
OAuth sign-in flow — so non-technical users just click "connect" and log in with
their Garmin credentials, and never touch a terminal or a token file.
Related MCP server: Whoop MCP Server
Features
OAuth 2.1 — Authorization Code + PKCE (S256) with Dynamic Client Registration. Connect from any Claude client; no manual token wrangling.
Garmin password is never stored — used once to sign in (MFA supported); only the resulting session tokens are persisted.
Encrypted at rest — tokens sealed with AES-256-GCM; the DB is useless without
GATEWAY_SECRET. Bearer tokens are stored only as SHA-256 hashes.Per-user isolation — each account gets its own
garmin_mcpworker bound to127.0.0.1, started on demand and reaped when idle.Hardened — one-time 10-min auth codes, CSRF on forms, per-IP/-token rate limits, the
garmin_mcpworker pinned to a reviewed commit.Off-box backups — periodic encrypted SQLite snapshots to an S3-compatible bucket (see Backups).
Instructional landing page served on
/and as a friendly fallback for unknown paths.
Deploy
Railway (how missingmcp.com runs): one service built from the Dockerfile,
a volume mounted at /data, a single replica (the gateway keeps process-local
state by design), and TLS terminated at the Railway edge. Set the env vars from
Configuration on the service; pushes to main deploy
automatically once the service is connected to the GitHub repo. An optional
Railway bucket enables Backups (railway bucket create backups,
then wire its credentials as the BACKUP_S3_* variables).
Self-hosted (plain Docker):
cp .env.example .env # set GATEWAY_SECRET, PUBLIC_URL, pin GARMIN_MCP_REF
docker build -t missingmcp .
docker run -d --name missingmcp --restart unless-stopped --env-file .env \
-p 127.0.0.1:8080:8080 -v missingmcp-data:/data missingmcpPut any TLS-terminating proxy in front (Caddy, nginx, Traefik). One non-obvious
requirement: /<adapter>/mcp streams SSE, so disable response buffering and
raise the read timeout (nginx: proxy_buffering off; proxy_read_timeout 3600s;).
Then add https://<your-domain>/garmin/mcp as a remote MCP server in Claude.
Local development
uv pip install -e ".[dev]"
uv run --extra dev pytest -q # run the test suite
# Run the gateway locally (no Garmin account needed to exercise the OAuth surface).
# garmin-mcp isn't on PATH locally, so point GARMIN_MCP_CMD at uvx.
GATEWAY_SECRET="$(openssl rand -base64 48)" \
PUBLIC_URL=http://localhost:8088 PORT=8088 DATA_DIR=./.localdata \
GARMIN_MCP_CMD="uvx --python 3.12 --from git+https://github.com/Taxuspt/garmin_mcp garmin-mcp" \
uv run missingmcpA .env file in the working directory is loaded automatically (real environment
variables take precedence), so you can drop the same values there instead.
Connectors
Each connector is mounted under its own path prefix with its own OAuth flow and
its own Bearer tokens (there is no bare /mcp). The landing page on / lists
the available connectors.
Garmin — /garmin/mcp
Sign in with your Garmin Connect email + password (MFA supported). The password
is used once for the Garmin login and discarded; only the resulting Garmin
session tokens are stored (AES-256-GCM encrypted). Each account gets its own
garmin_mcp worker process, bound to 127.0.0.1, started on demand and reaped
when idle.
WHOOP — /whoop/mcp
Sign in on WHOOP's own OAuth page — the gateway never sees your WHOOP password, only the resulting (encrypted, read-only) tokens. Covers recovery, sleep, strain & daily cycles, workouts, and body measurements. Served in-process on WHOOP's official v2 API (no worker subprocess, no shared upstream). Requires the operator to register a WHOOP developer app — see WHOOP connector setup in Configuration.
Rohlík — no longer missing
The gateway briefly served a Rohlík connector (remote strategy: credential
headers injected into the hosted Rohlík MCP). It was retired in 2026-07 when
Rohlík shipped its own OAuth-protected MCP — add
https://mcp.rohlik.cz/mcp directly as a custom connector in Claude and sign
in in the browser (Rohlík's guide).
The remote-forward strategy remains a first-class, tested part of the core
(tests/test_remote_forward.py) for the next service that needs it.
Connecting from Claude
In any Claude client: Settings → Connectors → Add custom connector, or in the CLI:
claude mcp add --transport http garmin https://<your-domain>/garmin/mcp(whoop:claude mcp add --transport http whoop https://<your-domain>/whoop/mcp).Claude opens the gateway's sign-in page — enter the service's email + password (Garmin also prompts for an MFA code when needed), or for WHOOP, sign in on WHOOP's own OAuth page.
Done — the service's tools are now available in Claude.
Configuration
Set via environment (or .env). See .env.example.
Variable | Required | Default | Description |
| yes | — | ≥32-char key for token encryption. Refuses to start with the placeholder. Generate with |
| yes |
| Public URL used in OAuth metadata + redirects. |
| no |
| Listen port. |
| no |
| Where the SQLite DB and per-user token dirs live. |
| no |
| Override the DB path. |
| no |
| Command to spawn the worker. Use a |
| no | pinned SHA in | Docker build arg: commit of |
| no |
| Port range for per-user workers. |
| no |
| Seconds before an idle worker is reaped. |
| no |
| Seconds to wait for a worker to become healthy. |
| no |
| Max concurrent per-user workers. |
| no |
| Bearer token lifetime; user re-authenticates after it. |
| no | — | Shown on the landing page. |
| no | — | Homepage the operator name links to (footer, trust notes). Unset → plain text. |
| no | — | Credentials of your WHOOP developer app (see WHOOP connector setup); both unset ⇒ the whoop connector is disabled. |
| no |
| WHOOP API origin; override only for testing. |
| no | — | S3-compatible bucket for off-box DB backups (see Backups). Backups are disabled unless all four are set. |
| no |
| SigV4 region of the bucket. |
| no |
|
|
| no |
| Hours between backup uploads. First backup runs right after startup. |
| no | — | If set, tees structured + stdlib logs to this file. |
| no |
|
|
WHOOP connector setup
Create an app at https://developer-dashboard.whoop.com (instant self-service).
Redirect URI:
https://<your-domain>/whoop/oauth/callback— exact match required.Scopes:
read:recovery read:cycles read:workout read:sleep read:profile read:body_measurement offline(offlineis required — without it WHOOP issues no refresh token and sessions die after an hour).Put the app's Client ID/Secret into
WHOOP_CLIENT_ID/WHOOP_CLIENT_SECRET.
Note: an unapproved WHOOP app is limited to 10 WHOOP members. To lift the limit, submit the app for approval: https://developer.whoop.com/docs/developing/app-approval/ (requirements: API Terms of Use compliance, tested with ≥1 member, accurate app name / contact email / privacy-policy URL in the dashboard, brand-guidelines compliance, and their Typeform submission).
Operating obligations under the WHOOP API Terms of Use (the gateway's design already covers the technical ones — no WHOOP data stored, encrypted tokens, auto-purge of revoked accounts):
Report any security incident involving WHOOP member data to apisupport@whoop.com without undue delay, and to affected users.
No press release or public announcement that references WHOOP without WHOOP's prior written approval.
Keep the app's Client ID/Secret out of the repo (env vars only) and never reuse them for another application.
When a member revokes the app at WHOOP, the gateway detects it on the next refresh (
invalid_grant), deletes the stored tokens, and revokes the member's gateway access tokens (log eventwhoop-account-revoked).
Backups
When the BACKUP_S3_* variables are set, the gateway uploads a consistent
SQLite snapshot (via the SQLite backup API, WAL-safe) to the bucket right
after startup and then every BACKUP_INTERVAL_HOURS. Keys rotate by weekday
(db/gateway-mon.db … db/gateway-sun.db), giving seven days of retention
with no cleanup logic. Watch the backup-ok / backup-failed log events.
Only the DB is backed up — per-user token dirs under DATA_DIR/users/ are
re-materialized from the DB on demand.
The backup is useless without
GATEWAY_SECRET(account blobs stay AES-256-GCM encrypted inside it) — and that is the point. Keep a copy ofGATEWAY_SECRETsomewhere that is not the bucket and not Railway (e.g. your password manager). Losing the secret = losing every account.
Restore: download the newest object, put it at $DATA_DIR/gateway.db
(delete any stale gateway.db-wal/-shm next to it), set the same
GATEWAY_SECRET, start the gateway. Bearer tokens and logins survive;
workers respawn lazily.
Monitoring
Three helper scripts work directly on the gateway's DB (safe to run while the gateway is live):
python scripts/status.py # snapshot: accounts, their devices (token
# prefixes), usage summary, running workers
python scripts/revoke.py --list # accounts + token counts
python scripts/revoke.py --account [<adapter>:]<key> # kill-switch: revoke ALL the
# account's tokens (bare key = garmin)
python scripts/revoke.py --account <key> --purge # + delete stored account & usage
python scripts/revoke.py --device <hash-prefix> # revoke ONE device (prefix from status.py)
python scripts/usage.py # per-account tool usage + leaderboard
python scripts/usage.py --account [<adapter>:]<key> # one account's per-tool breakdownWith Docker the scripts are baked into the image at /app/scripts; run them
inside the container. status.py finds the DB under /data automatically:
docker exec missingmcp python /app/scripts/status.py
docker logs -f missingmcp # live structured-JSON eventsOn Railway run them over railway ssh; logs live in the Railway dashboard
(railway logs --service gateway for a live tail):
railway ssh --service gateway "python3 /app/scripts/status.py"
railway ssh --service gateway "python3 /app/scripts/revoke.py --account <email>"All logging is structured JSON on stdout (one event per line) with a proper
level attribute — including uvicorn/stdlib records (event stdlib-log) and
each worker's own output (event worker-log, with an account attribute;
lines matching ERROR/Traceback are elevated to error severity). On Railway
that makes everything searchable in the log explorer — filter e.g.
@event:worker-log @account:<email> to trace one user's worker, or
@level:error for problems. Request latency is recorded per call in the
mcp-response event (ttfb_ms, total_ms, bytes, tool, account);
login/verify and worker-spawn events carry ms durations. The gateway also
logs a stats event (accounts / tokens / people-with-token / clients /
active-workers) on startup and whenever those counts change, and status.py
lists the running workers.
How it works
Claude registers a client (DCR) and starts OAuth 2.1 (Authorization Code + PKCE).
On the authorize page the user signs in with Garmin (email + password, + MFA if prompted). The gateway logs in via
garminconnect, stores only the resulting tokens (encrypted), and discards the password.Claude exchanges the code for a Bearer token.
On each
/garmin/mcpcall the gateway ensures the user'sgarmin_mcpworker is running (its own tokens, bound to127.0.0.1) and reverse-proxies to it.
Adapters using the remote strategy replace steps 2 and 4 with a probe-verify against the upstream MCP and a direct header-injected forward — no worker.
Adapters using an upstream-OAuth login (whoop) replace step 2 with a redirect to the provider's own OAuth page; the provider calls back with tokens, which the gateway verifies and persists the same way (verify-then-persist is unchanged). Adapters using the local strategy (whoop) replace step 4: the request is handled in-process — no worker, no shared upstream — and the gateway refreshes the account's rotating WHOOP tokens itself as needed.
Security
Garmin password is never persisted; WHOOP passwords are never even seen (sign-in happens on WHOOP's own OAuth page, read-only scopes).
Tokens encrypted at rest (AES-256-GCM); the DB is useless without
GATEWAY_SECRET.A member revoking the app at WHOOP is detected on the next refresh and their stored tokens are purged automatically.
Bearer tokens stored only as SHA-256 hashes.
OAuth 2.1 PKCE (S256), one-time 10-min codes, CSRF on forms, per-IP/-token rate limits.
Workers bind
127.0.0.1only;garmin_mcpis pinned to a reviewed commit.
Deploy only on infrastructure you control and trust. Back up
DATA_DIR; keepGATEWAY_SECRETseparately.
Before you deploy
Set a real random
GATEWAY_SECRET(openssl rand -base64 48) — the app refuses to start with the placeholder from.env.example.Pin
GARMIN_MCP_REFto a reviewed commit SHA —mainis a floating ref that can change without notice (supply-chain).Revoking access — access tokens expire after
ACCESS_TOKEN_TTL_DAYS(default 90; the user just re-authenticates in Claude). To revoke sooner — a leaked token or a removed user — runpython scripts/revoke.py --account [<adapter>:]<email>(kill-switch for all of that account's tokens). A single device can be revoked with--device <hash-prefix>(prefixes are shown bystatus.py).Run a manual end-to-end smoke test with a real Garmin account (including the MFA path) before connecting real users — the upstream is mocked in the automated tests.
Support
If this gateway is useful to you, you can buy me a beer 🍺.
License
MIT © 2026 Vaclav Slajs
Acknowledgements
Wraps the excellent garmin_mcp by Taxuspt,
unmodified. Garmin and Garmin Connect are trademarks of Garmin Ltd.; this project is
not affiliated with or endorsed by Garmin.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/VelkyVenik/missingmcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server