$ timeahead.in
/servers/blog/about
/ servers/npm/@ivotoby/openapi-mcp-server
npm

@ivotoby/openapi-mcp-server

An MCP server that exposes OpenAPI endpoints as resources

268 stars7k/wkupdated 94d agogithub ↗
☆ Watch this server📋 Install guide⚡ Compare⚑ Claim listing
88good
▣ Overview

What it does

This MCP server bridges OpenAPI specifications to the MCP protocol, automatically exposing REST API endpoints as callable tools. Given an OpenAPI spec (from a URL, file path, stdin, or inline content), it generates MCP tools for each endpoint, enabling Claude, Claude Desktop, and other MCP clients to discover and invoke REST APIs directly. It supports multiple authentication methods—API headers, mutual TLS with client certificates, and custom CA certificates—and offers both stdio and HTTP transport modes.

Who it's for

Backend engineers and DevOps practitioners who want Claude to invoke internal REST APIs or third-party services. Typical users are teams with OpenAPI-documented APIs who want to automate integrations, testing, or API exploration without writing code bindings.

Common use cases

  • Expose an internal REST API's endpoints to Claude Desktop via OpenAPI spec
  • Connect Claude to third-party APIs (Stripe, Slack, etc.) if they publish OpenAPI specs
  • Enable LLMs to autonomously invoke microservice endpoints in a controlled way
  • Build custom MCP servers that wrap and expose existing REST infrastructure

Setup pitfalls

  • OPENAPI_SPEC_PATH and API_BASE_URL are required; if unreachable or malformed, no tools are generated
  • Classified high risk due to filesystem reads and network calls to arbitrary APIs—validate spec sources and endpoints before use
  • TLS setup: if using CLIENT_CERT_PATH, CLIENT_KEY_PATH, and optional CLIENT_KEY_PASSPHRASE, ensure paths are readable and passphrases match
  • API_HEADERS must use comma-separated key:value syntax; misconfigurations or expired credentials will cause endpoint calls to fail
▣ Score BreakdownMCPScore = Σ(raw × weight)
DimensionRawWeighted
Security
35%
100
35.0
Freshness
25%
100
25.0
Adoption
20%
70
14.0
Quality
10%
90
9.0
Trust
10%
50
5.0
Total
88.0
⚿ Capabilities & Risk Explainer
fs readnetworkexecsecrets
◆ Risk level: high
fs read + network + exec + secrets active — can execute code, access credentials, and make external network calls.
⚙ Install config
Claude Desktop · Cursor · Windsurf · VS Code (Copilot) · Claude Code
add to your MCP client config:
{
  "mcpServers": {
    "ivotobyopenapi": {
      "command": "npx",
      "args": [
        "-y",
        "@ivotoby/openapi-mcp-server"
      ]
    }
  }
}
📈 Score historylast 35 snapshots
4/30/20266/13/2026 · 35 snapshots
⚙ Maintenance health
61/ 100 · is this project alive?
contributors (1y)7
top contributor share82%
releases (1y)20
last release96d ago
ci✓ passing
⛁ Raw data
weekly downloads7k
github stars268
forks57
open issues13
license✓ present
readme length35473 chars
last publish3d ago
last commit94d ago
last updated1d ago
install verified✓ pass · 22d ago
owner of this server? claim your listing to get a verified badgeclaim →
🔔 Score drop alerts
get notified by email when this server's score drops 5+ points