api-to-mcp
Allows connecting to any GraphQL API by introspecting its schema and exposing queries and mutations as MCP tools.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@api-to-mcpconnect my OpenAPI spec to MCP"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
api-to-mcp
Turn any API into an MCP server in one command.
Connect OpenAPI REST and GraphQL APIs directly to Claude, Cursor, or any MCP client — no code required.
npx @sgaluza/api-to-mcp rest https://api.example.com/openapi.yamlOpenAPI spec / GraphQL schema
│
▼
api-to-mcp (stdio)
│
├── tool: getUser
├── tool: listIssues
├── tool: createIssue
└── tool: ...
│
▼
Claude / Cursor / any MCP clientTable of Contents
Related MCP server: mcpify
Quick start
# REST — from a remote OpenAPI spec
npx @sgaluza/api-to-mcp rest https://api.example.com/openapi.yaml
# REST — from a local file
npx @sgaluza/api-to-mcp rest ./openapi.yaml
# GraphQL — from an endpoint (auto-introspects schema)
npx @sgaluza/api-to-mcp graphql https://api.example.com/graphql
# GraphQL — from a local SDL file
npx @sgaluza/api-to-mcp graphql ./schema.graphqlEvery operationId (REST) or operation name (GraphQL) becomes an MCP tool. If an operation has no operationId, a name is generated from the method and path (e.g. GET /users/{id} → get_users_id).
OpenAPI / REST
Authentication
Pass credentials via --header flags, environment variables, or a config file.
Header flags — added to every outgoing request:
npx @sgaluza/api-to-mcp rest ./openapi.yaml \
-H "X-API-Key: pk_live_xxx" \
-H "X-Workspace-Id: ws_abc"Environment variables:
# Bearer token → Authorization: Bearer <token>
API2MCP_BEARER_TOKEN=eyJhbG... npx @sgaluza/api-to-mcp rest ./openapi.yaml
# API key — header name detected from securitySchemes in the spec
API2MCP_API_KEY=pk_live_xxx npx @sgaluza/api-to-mcp rest ./openapi.yaml
# Raw Authorization header value (e.g. Linear API keys use "lin_api_xxx" without Bearer)
API2MCP_AUTH_TOKEN=lin_api_xxx npx @sgaluza/api-to-mcp rest ./openapi.yamlAuth resolution order (highest priority wins):
Priority | Source | Result |
1 (highest) |
| Used as-is |
2 |
|
|
3 |
| Header name from |
4 |
| Raw |
5 (lowest) |
| Overridden by any env var above |
Legacy aliases
OPENAPI_BEARER_TOKEN,OPENAPI_API_KEY,OPENAPI_SPEC_URLare still supported.
JWT password authentication
Some APIs authenticate with a username/password login endpoint that returns a short-lived JWT. api-to-mcp handles the full token lifecycle automatically:
Lazy login — token is fetched on the first request, not at startup
Auto-refresh — token is proactively refreshed 5 minutes before expiry
401 retry — if the server returns 401, the token is force-refreshed and the request is retried once
Deduplication — concurrent requests share a single in-flight login call
npx @sgaluza/api-to-mcp rest https://api.example.com/openapi.yaml \
--auth-type jwt-password \
--auth-login-url https://api.example.com/auth/login \
--auth-username-field userName \
--auth-password-field password \
--auth-token-path jwt \
--auth-refresh-url https://api.example.com/auth/refresh-tokenFlag | Env variable | Default | Description |
|
| — | Enable JWT password auth |
|
| — | Login endpoint (POST) |
|
|
| Request body field for username |
|
|
| Request body field for password |
|
|
| Path to JWT in login response: simple ( |
|
| — | Optional token refresh endpoint (GET) |
Credentials are passed via environment variables (never as CLI flags):
API2MCP_USERNAME=alice API2MCP_PASSWORD=s3cret \
npx @sgaluza/api-to-mcp rest https://api.example.com/openapi.yaml \
--auth-type jwt-password \
--auth-login-url https://api.example.com/auth/loginConfig file:
auth:
type: jwt-password
loginUrl: https://api.example.com/auth/login
usernameField: userName # default: username
passwordField: password # default: password
tokenPath: jwt # default: token
refreshUrl: https://api.example.com/auth/refresh-tokenMCP client config (credentials injected via env):
{
"mcpServers": {
"my-api": {
"command": "npx",
"args": [
"-y", "@sgaluza/api-to-mcp", "rest",
"https://api.example.com/openapi.yaml",
"--auth-type", "jwt-password",
"--auth-login-url", "https://api.example.com/auth/login",
"--auth-username-field", "userName",
"--auth-token-path", "jwt"
],
"env": {
"API2MCP_USERNAME": "alice",
"API2MCP_PASSWORD": "s3cret"
}
}
}
}Base URL override
Override the base URL extracted from servers[0].url in the spec. Useful when the spec is hosted on a different domain than the API (e.g. staging spec + production API):
npx @sgaluza/api-to-mcp rest https://staging.example.com/openapi.json \
--base-url https://api.example.comFlag | Env variable | Config key | Description |
|
|
| Override base URL from spec's |
Config file
Store your spec URL, auth, and options in a file instead of passing flags every time.
Auto-discovery: api-to-mcp.yml, api-to-mcp.yaml, or api-to-mcp.json in the current directory.
Explicit path: --config path/to/config.yml
# api-to-mcp.yml
spec: https://api.example.com/openapi.yaml
auth:
bearer: eyJhbG... # → Authorization: Bearer <token>
# apiKey: pk_live_xxx # → header from securitySchemes
# token: lin_api_xxx # → raw Authorization header
headers: # arbitrary headers (lowest priority)
X-Workspace-Id: ws_abc
options:
readonly: true # only GET/HEAD operations
baseUrl: https://api.example.com # override spec's servers[0].url
only:
- getIssue
- listIssues
exclude:
- deleteEverything
bind:
teamId: TEAM_ABCPriority: CLI flags > environment variables > config file.
Filtering tools
Read-only mode — expose only GET and HEAD operations:
npx @sgaluza/api-to-mcp rest ./openapi.yaml --readonlyWhitelist — expose only specific operations by operationId:
npx @sgaluza/api-to-mcp rest ./openapi.yaml \
--only "getIssue,listIssues,getProject"Blacklist — expose everything except specific operations:
npx @sgaluza/api-to-mcp rest ./openapi.yaml \
--exclude "deleteIssue,archiveProject,purgeWorkspace"
--onlyand--excludeare mutually exclusive.
Overriding tool descriptions
Sometimes an OpenAPI spec has poor or missing descriptions on generated tools (e.g. undocumented enum values, ambiguous parameter names). You can override any tool's description without modifying the spec.
Config file:
# api-to-mcp.yml
overrides:
post_api_quote_items: "Get paginated quotes. IMPORTANT: sorter.property must be PascalCase (Created, Number, Client, Status), sorter.direction must be Asc or Desc."
getUser: "Fetch a single user by ID."Environment variable (takes priority over config file):
API2MCP_OVERRIDE_post_api_quote_items="Get paginated quotes. IMPORTANT: sorter.property must be PascalCase..."Only the description field is replaced — the tool name, input schema, and all other properties remain unchanged.
Pre-binding parameters
Pre-bind a path or query parameter to a fixed value with --bind key=value. The parameter is removed from the MCP tool's input schema — the bridge injects it automatically on every call.
Useful when you want Claude to operate within a specific workspace, team, or project without being able to change it.
# Always query within team TEAM_ABC
npx @sgaluza/api-to-mcp rest ./openapi.yaml \
--bind "teamId=TEAM_ABC"
# Scope to a specific project
npx @sgaluza/api-to-mcp rest ./openapi.yaml \
--bind "projectId=PROJ_XYZ" \
--bind "env=production"The bridge warns if a bound key is not found in any tool (likely a typo):
Warning: --bind key 'temId' not found in any tool. Check for typos.Note: The
bodyparameter (POST/PUT/PATCH request bodies) cannot be pre-bound.
Environment variables
Variable | Description |
| OpenAPI spec URL or file path (alternative to positional argument) |
| Override base URL from spec's |
| Bearer token → |
| API key → header name from |
| Raw |
| Auth type — currently supports |
| JWT login endpoint URL |
| Username for JWT password auth |
| Password for JWT password auth |
| Request body field for username (default: |
| Request body field for password (default: |
| Path to JWT in login response (default: |
| JWT refresh endpoint URL |
| Override description for a specific tool (e.g. |
MCP client configuration
Add to your mcp_settings.json, claude_desktop_config.json, or equivalent:
Minimal:
{
"mcpServers": {
"my-api": {
"command": "npx",
"args": ["-y", "@sgaluza/api-to-mcp", "rest", "https://api.example.com/openapi.yaml"],
"env": {
"API2MCP_API_KEY": "pk_live_xxx"
}
}
}
}GitHub — read-only with bearer token:
{
"mcpServers": {
"github": {
"command": "npx",
"args": [
"-y", "@sgaluza/api-to-mcp", "rest",
"https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.json",
"--readonly"
],
"env": {
"API2MCP_BEARER_TOKEN": "ghp_xxxxxxxxxxxx"
}
}
}
}Linear — scoped to a team, specific operations:
{
"mcpServers": {
"linear": {
"command": "npx",
"args": [
"-y", "@sgaluza/api-to-mcp", "rest",
"https://api.linear.app/rest/openapi.yaml",
"--bind", "teamId=TEAM_ABC",
"--only", "listIssues,getIssue,createIssue,updateIssue"
],
"env": {
"API2MCP_BEARER_TOKEN": "lin_api_xxx"
}
}
}
}Using a config file:
{
"mcpServers": {
"my-api": {
"command": "npx",
"args": ["-y", "@sgaluza/api-to-mcp", "rest", "--config", "/path/to/api-to-mcp.yml"]
}
}
}GraphQL
# Auto-introspect schema from a GraphQL endpoint
npx @sgaluza/api-to-mcp graphql https://api.example.com/graphql
# Load schema from a local SDL file
npx @sgaluza/api-to-mcp graphql ./schema.graphqlAll queries and mutations become MCP tools. The same flags apply: --header, --readonly (queries only, no mutations), --only, --exclude, --bind, --config.
MCP client config:
{
"mcpServers": {
"my-graphql-api": {
"command": "npx",
"args": ["-y", "@sgaluza/api-to-mcp", "graphql", "https://api.example.com/graphql"],
"env": {
"API2MCP_BEARER_TOKEN": "eyJhbG..."
}
}
}
}How it works
Each API operation is converted to an MCP tool at startup:
REST (OpenAPI):
OpenAPI | MCP tool |
| Tool name (fallback: |
| Tool description |
Path params | Required input parameters |
Query params | Optional input parameters |
|
|
| Base URL for all requests |
GraphQL:
GraphQL | MCP tool |
Query / Mutation name | Tool name |
Description from schema | Tool description |
Arguments | Input parameters |
Return type fields | Included in description |
When Claude calls a tool, the bridge:
Substitutes path parameters into the URL template
Appends query parameters
Serialises
bodyas JSON (for POST/PUT/PATCH)Injects pre-bound values and auth headers
Returns the response body as the tool result
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sgaluza/api-to-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server