HaoYan-A/open-api-mcp
3.2
If you are the rightful owner of open-api-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
The Open API MCP Server is a robust solution for AI assistants to access and interact with OpenAPI specifications, featuring comprehensive support for OAuth 2.0 authentication.
Tools
6
Resources
0
Prompts
0
Open API MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with access to OpenAPI specifications, supporting OAuth 2.0 authentication flows.
Features
- 📖 OpenAPI Support: Load and parse OpenAPI 2.0, 3.0, and 3.1 specifications
- 🔐 OAuth 2.0 Authentication: Full support for Password, Client Credentials, and Authorization Code flows
- 🔑 Multiple Auth Methods: API Key, Bearer Token, Basic Auth, and OAuth 2.0
- 🔍 Smart Search: Search and filter API endpoints by path, method, tags, or keywords
- 📝 Detailed Schemas: Get complete request/response schemas for any endpoint
- 🚀 API Execution: Call APIs directly with automatic authentication
- 📊 Request Logging: Track all API calls with detailed logs
Installation
Option 1: Using npx (Recommended)
No installation required! Use npx to run directly:
npx @yanhao-an/open-api-mcp
Option 2: Global Installation
npm install -g @yanhao-an/open-api-mcp
open-api-mcp
Option 3: From Source (Development)
git clone https://github.com/HaoYan-A/open-api-mcp.git
cd open-api-mcp
npm install
npm run build
npm start
Configuration
Create a .env file in the project root:
# Required: OpenAPI Specification URL
OPENAPI_SPEC_URL=http://127.0.0.1/v3/api-docs
# Authentication Mode
# Options: none, apiKey, bearer, basic, oauth2
AUTH_MODE=oauth2
# OAuth 2.0 Configuration (if AUTH_MODE=oauth2)
OAUTH_FLOW=clientCredentials
OAUTH_CLIENT_ID=your-client-id
OAUTH_CLIENT_SECRET=your-client-secret
OAUTH_TOKEN_URL=https://auth.example.com/oauth/token
OAUTH_SCOPE=read write
# Logging
LOG_LEVEL=info
LOG_REQUESTS=true
LOG_RESPONSES=true
Authentication Modes
1. OAuth 2.0 - Client Credentials Flow
Best for machine-to-machine communication:
AUTH_MODE=oauth2
OAUTH_FLOW=clientCredentials
OAUTH_CLIENT_ID=your-client-id
OAUTH_CLIENT_SECRET=your-client-secret
OAUTH_TOKEN_URL=https://auth.example.com/oauth/token
OAUTH_SCOPE=api.access
2. OAuth 2.0 - Password Flow
For username/password authentication:
AUTH_MODE=oauth2
OAUTH_FLOW=password
OAUTH_CLIENT_ID=your-client-id
OAUTH_CLIENT_SECRET=your-client-secret
OAUTH_USERNAME=user@example.com
OAUTH_PASSWORD=your-password
OAUTH_TOKEN_URL=https://auth.example.com/oauth/token
OAUTH_SCOPE=read write
3. OAuth 2.0 - Authorization Code Flow
For user authorization with redirect:
AUTH_MODE=oauth2
OAUTH_FLOW=authorizationCode
OAUTH_CLIENT_ID=your-client-id
OAUTH_CLIENT_SECRET=your-client-secret
OAUTH_AUTH_URL=https://auth.example.com/oauth/authorize
OAUTH_TOKEN_URL=https://auth.example.com/oauth/token
OAUTH_REDIRECT_URI=http://localhost:3000/callback
OAUTH_CODE=<authorization-code-from-redirect>
4. API Key Authentication
AUTH_MODE=apiKey
API_KEY=your-api-key
API_KEY_HEADER=Authorization
API_KEY_PREFIX=Bearer
5. Bearer Token
AUTH_MODE=bearer
BEARER_TOKEN=your-bearer-token
6. Basic Authentication
AUTH_MODE=basic
BASIC_AUTH_USER=username
BASIC_AUTH_PASS=password
Usage
Running the Server
# Development mode
npm run dev
# Production mode
npm start
# Test with MCP Inspector
npm run inspect
Using with Claude Desktop
Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"open-api": {
"command": "npx",
"args": ["-y", "@yanhao-an/open-api-mcp"],
"env": {
"OPENAPI_SPEC_URL": "http://127.0.0.1/v3/api-docs",
"AUTH_MODE": "oauth2",
"OAUTH_FLOW": "clientCredentials",
"OAUTH_CLIENT_ID": "your-client-id",
"OAUTH_CLIENT_SECRET": "your-client-secret",
"OAUTH_TOKEN_URL": "https://auth.example.com/oauth/token"
}
}
}
}
Or if you installed it globally:
{
"mcpServers": {
"open-api": {
"command": "open-api-mcp",
"args": [],
"env": {
"OPENAPI_SPEC_URL": "http://127.0.0.1/v3/api-docs",
"AUTH_MODE": "oauth2",
"OAUTH_FLOW": "clientCredentials",
"OAUTH_CLIENT_ID": "your-client-id",
"OAUTH_CLIENT_SECRET": "your-client-secret",
"OAUTH_TOKEN_URL": "https://auth.example.com/oauth/token"
}
}
}
}
MCP Tools
1. listApi
List all available API endpoints with optional filtering.
Parameters:
tag(optional): Filter by tag namelimit(optional): Maximum results (default: 50)offset(optional): Skip results (default: 0)
Example:
{
"tag": "users",
"limit": 20
}
2. searchApi
Search for API endpoints by keyword.
Parameters:
query(required): Search querymethod(optional): HTTP method filtertag(optional): Tag filter
Example:
{
"query": "user",
"method": "GET"
}
3. getApiSchema
Get detailed schema for a specific endpoint.
Parameters:
path(required): API path (e.g.,/users/{id})method(required): HTTP method
Example:
{
"path": "/api/users/{id}",
"method": "GET"
}
4. callApi
Execute an API request with authentication.
Parameters:
path(required): API pathmethod(required): HTTP methodparams(optional): Query parametersbody(optional): Request bodyheaders(optional): Additional headers
Example:
{
"path": "/api/users",
"method": "POST",
"body": {
"name": "John Doe",
"email": "john@example.com"
}
}
5. getAuthStatus
Get current authentication status and configuration.
6. getApiInfo
Get OpenAPI document information (title, version, base URL, tags).
Project Structure
open-api-mcp/
├── src/
│ ├── auth/ # Authentication management
│ │ ├── auth-manager.ts # Main auth manager
│ │ ├── oauth2-handler.ts # OAuth 2.0 orchestrator
│ │ ├── token-manager.ts # Token storage
│ │ └── flows/ # OAuth 2.0 flow implementations
│ ├── openapi/ # OpenAPI document handling
│ │ ├── loader.ts # Load from URL
│ │ ├── parser.ts # Parse and index
│ │ └── cache.ts # Document caching
│ ├── api/ # API execution
│ │ └── caller.ts # HTTP client with auth
│ ├── tools/ # MCP tools
│ │ └── index.ts # Tool registration
│ ├── logger.ts # Logging utility
│ ├── types.ts # TypeScript types
│ └── index.ts # Main entry point
├── package.json
├── tsconfig.json
└── .env
Development
# Install dependencies
npm install
# Build TypeScript
npm run build
# Watch mode
npm run watch
# Test with inspector
npm run inspect
OAuth 2.0 Flow Details
Token Management
- Automatic Refresh: Tokens are automatically refreshed when expired
- Token Caching: Valid tokens are cached to reduce auth requests
- Expiry Buffer: Tokens are refreshed 60 seconds before expiry
Flow Selection Guide
- Client Credentials: Best for server-to-server, no user context
- Password Flow: For trusted applications with username/password
- Authorization Code: For user-authorized access with redirect flow
Logging
The server provides detailed logging for debugging:
# Log levels: debug, info, warn, error
LOG_LEVEL=debug
# Enable/disable request logging
LOG_REQUESTS=true
# Enable/disable response logging
LOG_RESPONSES=true
Request logs include:
- Timestamp
- HTTP method and URL
- Authentication mode
- Request parameters and body
- Response status and data
- Request duration
Troubleshooting
"Failed to load OpenAPI document"
- Verify
OPENAPI_SPEC_URLis correct and accessible - Check network connectivity
- Ensure the URL returns valid OpenAPI JSON/YAML
"OAuth 2.0 flow failed"
- Verify OAuth credentials (client ID, secret)
- Check token URL is correct
- Ensure required scopes are available
- Review server logs for specific error messages
"Token refresh failed"
- Verify refresh token is valid
- Check if refresh tokens are supported by the auth server
- Try re-authenticating to get a new token
License
MIT
Contributing
Contributions are welcome! Please feel free to submit issues or pull requests.