mcp-openapi-bridge
Can be configured to interact with the GitHub API by pointing to its OpenAPI spec, enabling AI agents to manage GitHub resources (e.g., repos, issues, pulls).
Can be configured to interact with the Kubernetes API by pointing to its OpenAPI spec, enabling AI agents to manage Kubernetes resources (e.g., pods, services, deployments).
Can be configured to interact with the Stripe API by pointing to its OpenAPI spec, enabling AI agents to manage Stripe resources (e.g., charges, customers, payments).
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-openapi-bridgefind pets by status available"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-openapi-bridge
A generic MCP server that bridges any OpenAPI 3.x REST API to Claude Code — automatically generating one tool per endpoint from your spec.
Point it at an OpenAPI spec, set your auth token, and Claude can call every endpoint in your API with full argument validation.
Requirements
Node.js >= 20
Related MCP server: MCP OpenAPI Connector
How it works
Loads your OpenAPI 3.x spec from a local file (
OPENAPI_SPEC_PATH) or URL (OPENAPI_SPEC_URL)Resolves
$refreferences and extracts all operationsRegisters one MCP tool per operation (filtered by
OPENAPI_MAX_TOOLS, tags, or path prefix)Each tool accepts path params, query params, and a
bodyfor request bodies — plus per-callbearer_tokenandcustom_headersoverridesExecutes HTTP requests against
API_BASE_URLand returns the response
Quick start
npm install -g mcp-openapi-bridgeAdd to Claude Code:
claude mcp add mcp-openapi-bridge \
-e API_BASE_URL=https://api.example.com \
-e OPENAPI_SPEC_URL=https://api.example.com/openapi.json \
-e OPENAPI_TOKEN=your-tokenOr with a local spec file:
claude mcp add mcp-openapi-bridge \
-e API_BASE_URL=https://petstore3.swagger.io/api/v3 \
-e OPENAPI_SPEC_PATH=/path/to/openapi.yaml \
-e OPENAPI_TOKEN=your-tokenEnvironment variables
Required
Variable | Description |
| Base URL of the REST API, e.g. |
| Source of the OpenAPI spec (local file or URL) |
Authentication
All auth mechanisms can be combined and are applied simultaneously:
Variable | Description |
| Bearer token → |
| API key value (pair with one of the two below) |
| Header name for API key, e.g. |
| Query param name for API key, e.g. |
| Extra headers for every call: |
Per-call overrides: Every tool also accepts bearer_token and custom_headers arguments. If provided, they override the global env vars for that single request. This lets Claude switch tokens per call without restarting the server.
Filtering (for large specs)
Variable | Description | Default |
| Maximum tools to register |
|
| Comma-separated tags to include | all |
| Comma-separated tags to exclude | none |
| Only include paths starting with this prefix | all |
For APIs with hundreds of endpoints (Stripe, GitHub, Kubernetes), use these to scope down to the subset you need:
OPENAPI_INCLUDE_TAGS=payments,customers
# or
OPENAPI_PATH_PREFIX=/v1/chargesTransport
Variable | Description | Default |
|
|
|
| HTTP port (when |
|
| Bearer token required by the | unauthenticated if unset |
Requests to /mcp are capped at 10MB. See docs/architecture.md
for how stdio and HTTP differ in what's isolated per client, and why API_BASE_URL is
fixed per deployment rather than a per-request parameter.
Tool naming
If the operation has an
operationId, it's used directly (sanitized to[a-zA-Z0-9_]+)Otherwise:
{method}_{path}— e.g.GET /orders/{id}/items→get_orders_id_itemsDuplicate IDs get a numeric suffix:
getOrders,getOrders_2
Tool arguments
Each tool exposes:
Path parameters — by name, required
Query parameters — by name, optional
body— request body for POST/PUT/PATCH (optional or required per spec)Header parameters — as
header_{lowercase_name}bearer_token— per-call bearer overridecustom_headers— per-call extra headers ({"X-Tenant": "abc"})
Generic fallback tool
execute_rest is always registered for arbitrary requests when no specific tool fits:
execute_rest(method, path, query?, body?, headers?, bearer_token?, custom_headers?)Docker
Stdio transport:
docker build -t mcp-openapi-bridge .
docker run -i --rm \
-e API_BASE_URL=https://api.example.com \
-e OPENAPI_SPEC_URL=https://api.example.com/openapi.json \
-e OPENAPI_TOKEN=your-token \
mcp-openapi-bridgeHTTP transport (for AWS Bedrock AgentCore or other hosted deployments):
docker build -f Dockerfile.agentcore -t mcp-openapi-bridge-agentcore .
docker run -p 8080:8080 \
-e API_BASE_URL=https://api.example.com \
-e OPENAPI_SPEC_URL=https://api.example.com/openapi.json \
-e OPENAPI_TOKEN=your-token \
-e MCP_AUTH_TOKEN=your-mcp-access-token \
mcp-openapi-bridge-agentcoreFor public-routable deployments, set MCP_AUTH_TOKEN and configure clients to send Authorization: Bearer <token> to /mcp.
Spec caching
When using OPENAPI_SPEC_URL, the spec is cached locally for 1 hour (in ~/.cache/mcp-openapi-bridge/). Override with OPENAPI_SPEC_CACHE_TTL_SECONDS.
Limitations (v1)
OpenAPI 3.x only (not Swagger 2.0)
Internal
$refonly (no cross-file references)application/jsonbodies only (no multipart/form-data)No cookie parameters
No OAuth2 token flows (static token only)
No per-operation auth override
allOf/anyOf/oneOfschemas fall back toz.any()
License
MIT
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/murilojrpereira/mcp-openapi-bridge'
If you have feedback or need assistance with the MCP directory API, please join our Discord server