OpenAPI to MCP

OpenAPI to MCP Generator and Implementation Guide

Turn an OpenAPI spec into a safer MCP server design: choose endpoints, prune schemas, map auth headers, decide hosted versus local adapters, and wire the result into Claude Code or Cursor.

最后更新: 2026年7月1日

功能对比

Conversion stepWhat to decideWhy it matters
REST/OpenAPI inputPaste a Swagger/OpenAPI URL or spec file, then select only the operations the agent needsBroad specs create too many tools and increase permission risk.
Schema pruningRemove unused request fields, huge response objects, internal IDs, and write-heavy routesSmaller schemas are easier for Claude Code, Cursor, and Codex to call correctly.
Auth headersKeep bearer tokens, API keys, and tenant headers in environment variablesSecrets should never be committed into generated MCP config.
Hosted adapterRun an HTTP MCP adapter when multiple users or remote tools need accessBetter for team access, but requires auth, logging, rate limits, and ownership.
Local adapterRun a stdio server beside the repo for private APIs and local developmentSimpler for one developer and safer for private credentials.

Generator Workflow

Start from a real OpenAPI or Swagger spec, then generate a narrow MCP server plan rather than a one-to-one mirror of every endpoint. Last updated July 1, 2026; verify MCP SDK and client config syntax against current official docs before production rollout.

  • Input: OpenAPI 3.x JSON/YAML, Swagger 2.0 after conversion, or a documented REST endpoint list.
  • Select endpoints by agent task: read tickets, fetch weather, search docs, create draft records, or inspect status.
  • Prune schemas before code generation so the tool exposes stable, minimal inputs.
  • Add safety notes for write operations, destructive endpoints, rate limits, and audit logs.

REST API To MCP Mapping

Each useful API operation becomes an MCP tool with a name, description, input schema, handler, and auth boundary. Prefer names that describe user intent, not raw HTTP verbs.

GET /v1/weather/current -> get_current_weather
POST /v1/issues/search -> search_issues
PATCH /v1/tickets/{id} -> update_ticket_draft

Schema Pruning Rules

OpenAPI specs often contain fields an agent does not need. Prune aggressively before exposing tools to a coding agent.

  • Keep required user-facing parameters and small enums.
  • Remove internal-only fields, raw audit trails, huge nested responses, and write-only secrets.
  • Prefer explicit string enums over broad free-text inputs when the API supports them.
  • Split one large operation into multiple narrow MCP tools when the schema becomes hard to validate.

Auth Headers And Secrets

Generated examples should show placeholder environment variables, never real API tokens. Document which headers are required and who owns token rotation.

headers: {
  Authorization: `Bearer ${process.env.API_TOKEN}`,
  "X-Workspace-ID": process.env.API_WORKSPACE_ID
}

Hosted Versus Local Adapter

Choose local stdio when the API is private, experimental, or used by one developer. Choose a hosted MCP adapter only when the team needs shared access and has reviewed authentication, logging, rate limits, and data retention.

  • Local adapter: fastest for Claude Code and Cursor trials with private credentials.
  • Hosted adapter: better for shared tools, but requires an owner and an access policy.
  • Hybrid adapter: local dev server first, hosted read-only version later.

Claude Code And Cursor Config Examples

Keep config examples minimal and store secrets outside committed files. These snippets are starter shapes, not official config guarantees.

Claude Code / local stdio:
{
  "mcpServers": {
    "api-tools": {
      "command": "node",
      "args": ["dist/openapi-mcp-server.js"],
      "env": { "API_TOKEN": "${API_TOKEN}" }
    }
  }
}

Cursor / local stdio:
{
  "mcpServers": {
    "api-tools": {
      "command": "node",
      "args": ["/absolute/path/dist/openapi-mcp-server.js"]
    }
  }
}

Supporting Keywords

This page also supports convert openapi spec to mcp server, api to mcp converter, REST API to MCP, MCP schema example, and hosted MCP adapter searches.

常见问题

Can I convert any OpenAPI spec to an MCP server?

You can use most stable REST/OpenAPI specs as a starting point, but you should select operations and prune schemas before exposing tools to an agent.

Should the MCP server include every API endpoint?

No. Expose only the endpoints needed for the coding workflow. Broad API mirrors create confusing tools and larger permission risk.

Where should API keys go?

Keep API keys and auth headers in environment variables or a managed secret store. Do not paste real tokens into generated code or committed config.

Is a hosted MCP adapter safer than local stdio?

Not automatically. Hosted adapters need authentication, rate limits, logging, and ownership. Local adapters are often safer for early private API trials.