Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

swagger-mcp

MCP.Pizza Chef: dcolley

Swagger MCP Server ingests Swagger/OpenAPI specifications and exposes them as MCP tools, supporting multiple authentication methods including Basic Auth, Bearer Token, API Key, and OAuth2. It enables real-time communication via Server-Sent Events and offers TypeScript support, allowing developers to integrate and interact with APIs seamlessly through the Model Context Protocol.

Use This MCP server To

Expose Swagger/OpenAPI APIs as MCP tools for LLM integration Authenticate API requests using Basic Auth, Bearer Token, API Key, or OAuth2 Enable real-time API event streaming with Server-Sent Events (SSE) Generate TypeScript clients for typed API interactions Integrate external REST APIs into AI workflows via MCP Test and explore APIs through MCP without manual coding Securely proxy API calls with authentication through MCP server

README

Swagger MCP Server

A server that ingests and serves Swagger/OpenAPI specifications through the Model Context Protocol (MCP).

Features

  • Loads Swagger/OpenAPI specifications
  • Supports multiple authentication methods:
    • Basic Auth
    • Bearer Token
    • API Key (header or query)
    • OAuth2
  • Automatically generates MCP tools from API endpoints
  • Server-Sent Events (SSE) support for real-time communication
  • TypeScript support

Security

This is a personal server!! Do not expose it to the public internet. If the underlying API requires authentication, you should not expose the MCP server to the public internet.

TODO

  • secrets - the MCP server should be able to use secrets from the user to authenticate requests to the API
  • Comprehensive test suite

Prerequisites

  • Node.js (v18 or higher)
  • Yarn package manager
  • TypeScript

Installation

  1. Clone the repository:
git clone https://github.com/dcolley/swagger-mcp.git
cd swagger-mcp
  1. Install dependencies:
yarn install
  1. Create a .env file based on the example:
cp .env.example .env

  1. Configure your Swagger/OpenAPI specification:

    • Place your Swagger file in the project (e.g., swagger.json)
    • Or provide a URL to your Swagger specification

  2. Update the configuration in config.json with your server settings:

{
  "server": {
    "host": "localhost",
    "port": 3000
  },
  "swagger": {
    "url": "url-or-path/to/your/swagger.json",
    "apiBaseUrl": "https://api.example.com",  // Fallback if not specified in Swagger
    "defaultAuth": {  // Fallback if not specified in Swagger
      "type": "apiKey",
      "apiKey": "your-api-key",
      "apiKeyName": "api_key",
      "apiKeyIn": "header"
    }
  }
}

Note: The server prioritizes settings from the Swagger specification over the config file:

  • If the Swagger file contains a servers array, the first server URL will be used as the base URL
  • If the Swagger file defines security schemes, they will be used for authentication
  • The config file settings serve as fallbacks when not specified in the Swagger file

Usage

  1. Start the development server:
yarn dev
  1. Build for production:
yarn build
  1. Start the production server:
yarn start

API Endpoints

  • GET /health - Check server health status
  • GET /sse - Establish Server-Sent Events connection
  • POST /messages - Send messages to the MCP server

Testing

Run the test suite:

# Run tests once
yarn test

# Run tests in watch mode
yarn test:watch

# Run tests with coverage report
yarn test:coverage

Authentication

The server supports various authentication methods. Configure them in the config.json file as fallbacks when not specified in the Swagger file:

Basic Auth

{
  "defaultAuth": {
    "type": "basic",
    "username": "your-username",
    "password": "your-password"
  }
}

Bearer Token

{
  "defaultAuth": {
    "type": "bearer",
    "token": "your-bearer-token"
  }
}

API Key

{
  "defaultAuth": {
    "type": "apiKey",
    "apiKey": "your-api-key",
    "apiKeyName": "X-API-Key",
    "apiKeyIn": "header"
  }
}

OAuth2

{
  "defaultAuth": {
    "type": "oauth2",
    "token": "your-oauth-token"
  }
}

Development

  1. Start the development server:
yarn dev

License

This project is licensed under the Apache 2.0 License.

Environment Variables

  • PORT: Server port (default: 3000)
  • API_USERNAME: Username for API authentication (fallback)
  • API_PASSWORD: Password for API authentication (fallback)
  • API_TOKEN: API token for authentication (fallback)
  • DEFAULT_API_BASE_URL: Default base URL for API endpoints (fallback)
  • DEFAULT_SWAGGER_URL: Default Swagger specification URL

swagger-mcp FAQ

How does swagger-mcp handle API authentication?
It supports Basic Auth, Bearer Token, API Key (header or query), and OAuth2 authentication methods to securely access APIs.
Can swagger-mcp stream real-time data from APIs?
Yes, it supports Server-Sent Events (SSE) for real-time communication with compatible APIs.
Is swagger-mcp safe to expose publicly?
No, it is intended as a personal server and should not be exposed to the public internet to avoid security risks.
What prerequisites are needed to run swagger-mcp?
Node.js v18 or higher, Yarn package manager, and TypeScript are required to install and run swagger-mcp.
Does swagger-mcp generate code for API interaction?
Yes, it automatically generates MCP tools from API endpoints and supports TypeScript for typed client generation.
How do I install swagger-mcp?
Clone the GitHub repo, then install dependencies using Yarn as described in the installation instructions.
Can swagger-mcp handle multiple APIs simultaneously?
It is designed to load and serve Swagger/OpenAPI specs, so it can be configured to handle multiple APIs by running multiple instances or configurations.
What is the purpose of the TODO secrets feature?
To allow the MCP server to securely use user-provided secrets for authenticating requests to the underlying API.