mcp-openapi-proxy
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinesemcp-openapi-proxy
mcp-openapi-proxy
Turns any OpenAPI 3.x spec into a lightweight MCP stdio navigator/executor. The server always exposes 3 MCP tools and uses identifiers to refer to individual endpoints.
toolNameFor exhaustive reference, see the repository . This skill is the short operational guide for installing the binary, wiring it into an MCP client, and using the current tool contract correctly.
README.mdAlways discover the actual registered tools first; never assume semantic tool names.
可将任意OpenAPI 3.x规范转换为轻量级的MCP stdio导航/执行器。该服务器始终暴露3个MCP工具,并使用标识符来指代各个端点。
toolName如需完整参考,请查看代码仓库的。本skill是安装二进制文件、将其接入MCP客户端、正确使用当前工具契约的精简操作指南。
README.md请务必先发现实际注册的工具,切勿假设工具名称的语义。
Install
安装
bash
go install github.com/rendis/mcp-openapi-proxy/cmd/mcp-openapi-proxy@latestbash
go install github.com/rendis/mcp-openapi-proxy/cmd/mcp-openapi-proxy@latestQuick Start
快速开始
bash
MCP_SPEC=./openapi.yaml \
MCP_BASE_URL=https://api.example.com \
MCP_AUTH_TOKEN=your-token \
mcp-openapi-proxyMCP_BASE_URLserverRecommended setup flow:
- Install
mcp-openapi-proxy - Configure your MCP client:
- Claude Code: create from
.mcp.json.mcp.json.example - Codex global: run
codex mcp add ... - Codex project-local: create manually
./.codex/config.toml
- Claude Code: create
- Choose auth:
- Static token: add
MCP_AUTH_TOKEN - OIDC: add and
MCP_OIDC_ISSUER, then run one of:MCP_OIDC_CLIENT_IDmcp-openapi-proxy loginmcp-openapi-proxy login <mcp_name>mcp-openapi-proxy login --mcp-config ./path/to/.mcp.jsonmcp-openapi-proxy login --mcp-config ./path/to/.mcp.json --server <mcp_name>mcp-openapi-proxy login --codex-server <name>mcp-openapi-proxy login --codex-config ~/.codex/config.tomlmcp-openapi-proxy login --codex-config ~/.codex/config.toml --server <name>
- Static token: add
- Start the MCP client
- Use ,
list_endpoints, anddescribe_endpointcall_endpoint
When is invoked with or Codex config support, it reads the selected server’s from that config entry. Shell env still overrides the config file when both are present.
login.mcp.jsonenvPlain stays env-first. When shell env is not enough, it falls back to:
mcp-openapi-proxy login./.mcp.json- (or
~/.codex/config.toml)$CODEX_HOME/config.toml
If the server name is omitted, discovers eligible servers from the selected config file. It only considers direct values that point to the binary (plain name, full path, or path). Wrapper commands such as , , , or shell scripts are ignored. If more than one eligible server exists, prints the options and prompts you to choose one.
logincommandmcp-openapi-proxy.exegoenvdockerloginIf the source spec comes from , convert it before using the proxy. emits Swagger 2.0, while expects OpenAPI 3.x:
swag initswag initmcp-openapi-proxybash
swag init -g cmd/api/main.go
swagger2openapi ./docs/swagger.json -o ./docs/openapi.json
MCP_SPEC=./docs/openapi.json mcp-openapi-proxybash
MCP_SPEC=./openapi.yaml \
MCP_BASE_URL=https://api.example.com \
MCP_AUTH_TOKEN=your-token \
mcp-openapi-proxy当OpenAPI规范解析后仅包含单个绝对地址时,为可选配置。
serverMCP_BASE_URL推荐设置流程:
- 安装
mcp-openapi-proxy - 配置你的MCP客户端:
- Claude Code:参考创建
.mcp.json.example.mcp.json - Codex全局配置:执行
codex mcp add ... - Codex项目本地配置:手动创建
./.codex/config.toml
- Claude Code:参考
- 选择身份验证方式:
- 静态令牌:添加
MCP_AUTH_TOKEN - OIDC:添加和
MCP_OIDC_ISSUER,然后执行以下任意命令:MCP_OIDC_CLIENT_IDmcp-openapi-proxy loginmcp-openapi-proxy login <mcp_name>mcp-openapi-proxy login --mcp-config ./path/to/.mcp.jsonmcp-openapi-proxy login --mcp-config ./path/to/.mcp.json --server <mcp_name>mcp-openapi-proxy login --codex-server <name>mcp-openapi-proxy login --codex-config ~/.codex/config.tomlmcp-openapi-proxy login --codex-config ~/.codex/config.toml --server <name>
- 静态令牌:添加
- 启动MCP客户端
- 使用、
list_endpoints和describe_endpointcall_endpoint
当调用时如果指定了或Codex配置支持,它会从对应配置项中读取所选服务器的配置。当两者同时存在时,Shell环境变量会覆盖配置文件中的值。
login.mcp.jsonenv单纯执行会优先使用环境变量。当Shell环境变量不足时,会按以下顺序 fallback:
mcp-openapi-proxy login./.mcp.json- (或
~/.codex/config.toml)$CODEX_HOME/config.toml
如果省略服务器名称,会从选中的配置文件中发现符合条件的服务器。它只会识别指向二进制文件的直接值(纯名称、完整路径或路径)。诸如、、或Shell脚本之类的包装命令会被忽略。如果存在多个符合条件的服务器,会打印选项并提示你选择一个。
loginmcp-openapi-proxycommand.exegoenvdockerlogin如果源规范来自,请在使用代理前先转换格式。生成的是Swagger 2.0格式,而需要OpenAPI 3.x格式:
swag initswag initmcp-openapi-proxybash
swag init -g cmd/api/main.go
swagger2openapi ./docs/swagger.json -o ./docs/openapi.json
MCP_SPEC=./docs/openapi.json mcp-openapi-proxyConfiguration
配置
| Variable | Required | Default | Description |
|---|---|---|---|
| Yes | — | Path or URL to OpenAPI 3.x spec (YAML/JSON) |
| No | — | Explicit API base URL. If omitted, the proxy uses a single absolute OpenAPI server when available |
| No | | Prefix for the 3 MCP tools and endpoint |
| No | | Namespace for stored OIDC tokens |
| No | — | Global bearer token fallback |
| No | — | OIDC issuer URL |
| No | — | OIDC client ID |
| No | Spec scopes or | Override OIDC login scopes |
| No | — | Comma-separated |
| No | | Maximum response body size to buffer and return |
| No | | Allow sending credentials over non-loopback |
| No | | Skip deprecated endpoints when generating tools |
| 变量 | 是否必填 | 默认值 | 描述 |
|---|---|---|---|
| 是 | — | OpenAPI 3.x规范的路径或URL(支持YAML/JSON格式) |
| 否 | — | 显式指定API基础URL。如果省略,代理会优先使用OpenAPI规范中提供的单个绝对服务地址 |
| 否 | | 3个MCP工具和端点 |
| 否 | | 存储OIDC令牌的命名空间 |
| 否 | — | 全局Bearer令牌兜底配置 |
| 否 | — | OIDC issuer地址 |
| 否 | — | OIDC客户端ID |
| 否 | 规范中定义的scope或 | 覆盖OIDC登录的scope |
| 否 | — | 每个请求都会携带的额外请求头,格式为逗号分隔的 |
| 否 | | 可缓冲返回的最大响应体大小 |
| 否 | | 允许通过非回环 |
| 否 | | 生成工具时跳过已废弃的端点 |
MCP Client Setup
MCP客户端设置
Claude Code (.mcp.json
)
.mcp.jsonClaude Code (.mcp.json
)
.mcp.jsonGeneric example:
json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_PROFILE": "myapi"
}
}
}
}Static token variant:
json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_PROFILE": "myapi",
"MCP_AUTH_TOKEN": "your-token"
}
}
}
}OIDC variant:
json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_PROFILE": "myapi",
"MCP_OIDC_ISSUER": "https://auth.example.com/realms/myrealm",
"MCP_OIDC_CLIENT_ID": "my-client"
}
}
}
}OIDC login from :
.mcp.jsonbash
mcp-openapi-proxy loginOr select the server explicitly:
bash
mcp-openapi-proxy login my-apiOr with an explicit config path:
bash
mcp-openapi-proxy login --mcp-config ./path/to/.mcp.jsonOr with an explicit config path plus explicit server:
bash
mcp-openapi-proxy login --mcp-config ./path/to/.mcp.json --server my-api通用示例:
json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_PROFILE": "myapi"
}
}
}
}静态令牌配置示例:
json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_PROFILE": "myapi",
"MCP_AUTH_TOKEN": "your-token"
}
}
}
}OIDC配置示例:
json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_PROFILE": "myapi",
"MCP_OIDC_ISSUER": "https://auth.example.com/realms/myrealm",
"MCP_OIDC_CLIENT_ID": "my-client"
}
}
}
}从读取配置执行OIDC登录:
.mcp.jsonbash
mcp-openapi-proxy login或显式选择服务器:
bash
mcp-openapi-proxy login my-api或指定配置文件路径:
bash
mcp-openapi-proxy login --mcp-config ./path/to/.mcp.json或同时指定配置文件路径和服务器:
bash
mcp-openapi-proxy login --mcp-config ./path/to/.mcp.json --server my-apiOpenAI Codex (.codex/config.toml
)
.codex/config.tomlOpenAI Codex (.codex/config.toml
)
.codex/config.tomlGlobal install via Codex CLI:
bash
codex mcp add my-api \
--env MCP_SPEC=./openapi.yaml \
--env MCP_BASE_URL=https://api.example.com \
--env MCP_TOOL_PREFIX=myapi \
--env MCP_AUTH_TOKEN=your-token \
-- mcp-openapi-proxyOIDC variant via Codex CLI:
bash
codex mcp add my-api \
--env MCP_SPEC=./openapi.yaml \
--env MCP_BASE_URL=https://api.example.com \
--env MCP_TOOL_PREFIX=myapi \
--env MCP_AUTH_PROFILE=myapi \
--env MCP_OIDC_ISSUER=https://auth.example.com/realms/myrealm \
--env MCP_OIDC_CLIENT_ID=my-client \
-- mcp-openapi-proxyGlobal Codex installs go into .
~/.codex/config.tomlProject-local Codex config is manual because the visible help does not expose a project-scoped install mode. Use when you want repo-local configuration:
codex mcp add./.codex/config.tomltoml
[mcp_servers.my-api]
command = "mcp-openapi-proxy"
[mcp_servers.my-api.env]
MCP_SPEC = "./openapi.yaml"
MCP_BASE_URL = "https://api.example.com"
MCP_TOOL_PREFIX = "myapi"
MCP_AUTH_TOKEN = "your-token"For this stdio server, use , not :
mcp-openapi-proxy logincodex mcp loginbash
mcp-openapi-proxy login --codex-server my-api
mcp-openapi-proxy login --codex-config ~/.codex/config.toml
mcp-openapi-proxy login --codex-config ~/.codex/config.toml --server my-api
mcp-openapi-proxy login --codex-config ./.codex/config.toml --server my-apicodex mcp loginIf local is ignored, switch to the global path or use a trusted project in Codex.
./.codex/config.toml~/.codex/config.toml通过Codex CLI全局安装:
bash
codex mcp add my-api \
--env MCP_SPEC=./openapi.yaml \
--env MCP_BASE_URL=https://api.example.com \
--env MCP_TOOL_PREFIX=myapi \
--env MCP_AUTH_TOKEN=your-token \
-- mcp-openapi-proxy通过Codex CLI安装的OIDC版本:
bash
codex mcp add my-api \
--env MCP_SPEC=./openapi.yaml \
--env MCP_BASE_URL=https://api.example.com \
--env MCP_TOOL_PREFIX=myapi \
--env MCP_AUTH_PROFILE=myapi \
--env MCP_OIDC_ISSUER=https://auth.example.com/realms/myrealm \
--env MCP_OIDC_CLIENT_ID=my-client \
-- mcp-openapi-proxyCodex全局配置会存入。
~/.codex/config.tomlCodex项目本地配置需要手动设置,因为当前的帮助信息中没有暴露项目范围的安装模式。如果你需要仓库本地配置,请使用:
codex mcp add./.codex/config.tomltoml
[mcp_servers.my-api]
command = "mcp-openapi-proxy"
[mcp_servers.my-api.env]
MCP_SPEC = "./openapi.yaml"
MCP_BASE_URL = "https://api.example.com"
MCP_TOOL_PREFIX = "myapi"
MCP_AUTH_TOKEN = "your-token"对于这个stdio服务器,请使用而非:
mcp-openapi-proxy logincodex mcp loginbash
mcp-openapi-proxy login --codex-server my-api
mcp-openapi-proxy login --codex-config ~/.codex/config.toml
mcp-openapi-proxy login --codex-config ~/.codex/config.toml --server my-api
mcp-openapi-proxy login --codex-config ./.codex/config.toml --server my-apicodex mcp login如果本地被忽略,请切换到全局路径,或在Codex中使用受信任的项目。
./.codex/config.toml~/.codex/config.tomlGemini CLI (~/.gemini/settings.json
)
~/.gemini/settings.jsonGemini CLI (~/.gemini/settings.json
)
~/.gemini/settings.jsonjson
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_TOKEN": "your-token"
}
}
}
}json
{
"mcpServers": {
"my-api": {
"command": "mcp-openapi-proxy",
"env": {
"MCP_SPEC": "./openapi.yaml",
"MCP_BASE_URL": "https://api.example.com",
"MCP_TOOL_PREFIX": "myapi",
"MCP_AUTH_TOKEN": "your-token"
}
}
}
}Authentication
身份验证
Credential resolution order is:
MCP_AUTH_<SCHEME>_*- global
MCP_AUTH_TOKEN - OIDC token cache for
MCP_AUTH_PROFILE
凭证解析顺序为:
MCP_AUTH_<SCHEME>_*- 全局
MCP_AUTH_TOKEN - 对应的OIDC令牌缓存
MCP_AUTH_PROFILE
Static Token (dev/CI)
静态令牌(开发/CI场景)
Set to provide a global bearer fallback for bearer-compatible schemes.
MCP_AUTH_TOKENFor Claude Code, the usual place is .
.mcp.json -> mcpServers.<name>.env.MCP_AUTH_TOKEN设置可以为兼容Bearer的认证方案提供全局Bearer兜底配置。
MCP_AUTH_TOKEN对于Claude Code,通常配置在中。
.mcp.json -> mcpServers.<name>.env.MCP_AUTH_TOKENPer-Scheme Credentials
按认证方案配置凭证
Use the OpenAPI security scheme name, uppercased and sanitized by replacing , , , and spaces with underscores.
.-/- ,
http bearer,oauth2→openIdConnectMCP_AUTH_<SCHEME>_TOKEN - →
http basicandMCP_AUTH_<SCHEME>_USERNAMEMCP_AUTH_<SCHEME>_PASSWORD - →
apiKeyMCP_AUTH_<SCHEME>_KEY
Example:
bash
MCP_AUTH_PARTNER_AUTH_V2_TOKEN=secret-token
MCP_AUTH_ADMIN_BASIC_USERNAME=alice
MCP_AUTH_ADMIN_BASIC_PASSWORD=s3cr3t
MCP_AUTH_X_API_KEY_KEY=dev-key使用OpenAPI安全方案的名称,将其转为大写,并将、、和空格替换为下划线后使用。
.-/- 、
http bearer、oauth2→openIdConnectMCP_AUTH_<SCHEME>_TOKEN - →
http basic和MCP_AUTH_<SCHEME>_USERNAMEMCP_AUTH_<SCHEME>_PASSWORD - →
apiKeyMCP_AUTH_<SCHEME>_KEY
示例:
bash
MCP_AUTH_PARTNER_AUTH_V2_TOKEN=secret-token
MCP_AUTH_ADMIN_BASIC_USERNAME=alice
MCP_AUTH_ADMIN_BASIC_PASSWORD=s3cr3t
MCP_AUTH_X_API_KEY_KEY=dev-keyOIDC PKCE (production)
OIDC PKCE(生产环境)
Standard OIDC discovery (recommended):
bash
MCP_OIDC_ISSUER=https://auth.example.com/realms/myrealm \
MCP_OIDC_CLIENT_ID=my-client \
mcp-openapi-proxy loginIf your MCP client uses or Codex TOML, these forms now read the selected server’s automatically:
.mcp.jsonenvmcp-openapi-proxy loginmcp-openapi-proxy login my-apimcp-openapi-proxy login --mcp-config ./path/to/.mcp.jsonmcp-openapi-proxy login --mcp-config ./path/to/.mcp.json --server my-apimcp-openapi-proxy login --codex-server my-apimcp-openapi-proxy login --codex-config ~/.codex/config.tomlmcp-openapi-proxy login --codex-config ~/.codex/config.toml --server my-api
Keep the same , , and values there so the running server uses the token cache created by .
MCP_AUTH_PROFILEMCP_OIDC_ISSUERMCP_OIDC_CLIENT_IDloginIf the server name is omitted, only considers direct commands from the selected config file. Wrapper commands such as , , , or shell scripts are not eligible for login discovery. When multiple eligible entries exist, lists them and prompts you to choose one.
loginmcp-openapi-proxygoenvdockerloginIf you also set those values in the shell when invoking , the shell values win.
loginApplication-specific discovery:
bash
MCP_BASE_URL=https://api.example.com mcp-openapi-proxy loginCommands:
mcp-openapi-proxy loginmcp-openapi-proxy statusmcp-openapi-proxy logout
Scopes come from when set. Otherwise, if is available, the proxy unions scopes from the OpenAPI security requirements. If neither source is available, it falls back to .
MCP_OIDC_SCOPESMCP_SPECopenid profile email offline_accessTokens are stored at , where comes from or falls back to the tool prefix / .
~/.mcp-openapi-proxy/<profile>-tokens.json<profile>MCP_AUTH_PROFILEdefault标准OIDC发现(推荐):
bash
MCP_OIDC_ISSUER=https://auth.example.com/realms/myrealm \
MCP_OIDC_CLIENT_ID=my-client \
mcp-openapi-proxy login如果你的MCP客户端使用或Codex TOML配置,以下命令现在可以自动读取所选服务器的配置:
.mcp.jsonenvmcp-openapi-proxy loginmcp-openapi-proxy login my-apimcp-openapi-proxy login --mcp-config ./path/to/.mcp.jsonmcp-openapi-proxy login --mcp-config ./path/to/.mcp.json --server my-apimcp-openapi-proxy login --codex-server my-apimcp-openapi-proxy login --codex-config ~/.codex/config.tomlmcp-openapi-proxy login --codex-config ~/.codex/config.toml --server my-api
请保持配置中、和的值一致,这样运行中的服务器可以使用命令创建的令牌缓存。
MCP_AUTH_PROFILEMCP_OIDC_ISSUERMCP_OIDC_CLIENT_IDlogin如果省略服务器名称,只会识别选中的配置文件中直接调用的命令。诸如、、或Shell脚本之类的包装命令不符合登录发现的条件。当存在多个符合条件的条目时,会列出所有选项并提示你选择一个。
loginmcp-openapi-proxygoenvdockerlogin如果你在调用时同时在Shell中设置了这些值,Shell中的值优先级更高。
login应用专属发现:
bash
MCP_BASE_URL=https://api.example.com mcp-openapi-proxy login相关命令:
mcp-openapi-proxy loginmcp-openapi-proxy statusmcp-openapi-proxy logout
如果设置了则使用该配置的scope。否则,如果可用,代理会合并OpenAPI安全要求中的所有scope。如果两个来源都不可用,则会 fallback 到。
MCP_OIDC_SCOPESMCP_SPECopenid profile email offline_access令牌存储在,其中取自, fallback 为工具前缀/。
~/.mcp-openapi-proxy/<profile>-tokens.json<profile>MCP_AUTH_PROFILEdefaultRegistered Tools and Endpoint IDs
注册工具与端点ID
The MCP server always exposes exactly these tools:
{prefix}_list_endpoints{prefix}_describe_endpoint{prefix}_call_endpoint
Always inspect the registered tools first. Do not assume the server exposes one MCP tool per endpoint anymore.
Each OpenAPI endpoint still has a stable :
toolNametext
{prefix}_{method}_{sanitized_path}That is the identifier you pass into and .
toolNamedescribe_endpointcall_endpointFeature Flags API example with :
MCP_TOOL_PREFIX=fe| Operation | Endpoint |
|---|---|
| |
| |
| |
| |
| |
Names like or are not part of the product contract.
fe_list_featuresfe_toggle_featureMCP服务器始终只会暴露以下3个工具:
{prefix}_list_endpoints{prefix}_describe_endpoint{prefix}_call_endpoint
请务必先检查注册的工具。不要再假设服务器会为每个端点暴露单独的MCP工具。
每个OpenAPI端点仍然有稳定的:
toolNametext
{prefix}_{method}_{sanitized_path}toolNamedescribe_endpointcall_endpoint功能开关API示例,:
MCP_TOOL_PREFIX=fe| 操作 | 端点 |
|---|---|
| |
| |
| |
| |
| |
诸如或之类的名称不属于产品契约的一部分。
fe_list_featuresfe_toggle_featureInput and Output Contract
输入输出契约
Recommended agent flow:
- Call
{prefix}_list_endpoints - Pick a
toolName - Call if you need the exact contract
{prefix}_describe_endpoint - Call
{prefix}_call_endpoint
推荐的Agent流程:
- 调用
{prefix}_list_endpoints - 选择一个
toolName - 如果需要确切的契约,调用
{prefix}_describe_endpoint - 调用
{prefix}_call_endpoint
list_endpoints
list_endpointslist_endpoints
list_endpointsInput:
json
{
"q": "feature",
"path_prefix": "/admin",
"method": "PATCH",
"auth": "bearer",
"limit": 25
}Output:
json
{
"items": [
{
"toolName": "fe_patch_admin_features_key_toggle",
"method": "PATCH",
"path": "/admin/features/{key}/toggle",
"description": "Toggle a feature flag",
"requiredAuth": "bearer",
"tags": ["flags", "admin"],
"deprecated": false
}
],
"nextCursor": ""
}输入:
json
{
"q": "feature",
"path_prefix": "/admin",
"method": "PATCH",
"auth": "bearer",
"limit": 25
}输出:
json
{
"items": [
{
"toolName": "fe_patch_admin_features_key_toggle",
"method": "PATCH",
"path": "/admin/features/{key}/toggle",
"description": "Toggle a feature flag",
"requiredAuth": "bearer",
"tags": ["flags", "admin"],
"deprecated": false
}
],
"nextCursor": ""
}describe_endpoint
describe_endpointdescribe_endpoint
describe_endpointInput:
json
{
"toolName": "fe_patch_admin_features_key_toggle"
}Output includes:
- ,
toolName,method,path,summary,descriptiondeprecated - and full
requiredAuthsecurityRequirements parameters.path/query/headers/cookies- with media types, schema, examples, and encoding
requestBody - with status, description, headers, and body schemas
responses - ,
externalDocs,serversbaseURLHint
输入:
json
{
"toolName": "fe_patch_admin_features_key_toggle"
}输出包含:
- 、
toolName、method、path、summary、descriptiondeprecated - 和完整的
requiredAuthsecurityRequirements parameters.path/query/headers/cookies- 包含媒体类型、schema、示例和编码的
requestBody - 包含状态码、描述、请求头和响应体schema的
responses - 、
externalDocs、serversbaseURLHint
call_endpoint
call_endpointcall_endpoint
call_endpointInput:
json
{
"toolName": "fe_patch_admin_features_key_toggle",
"path": {
"key": "checkout"
},
"headers": {
"X-Workspace": "acme"
},
"body": {
"enabled": true
}
}X-WorkspaceheadersMCP_EXTRA_HEADERScall_endpointjson
{
"status": 200,
"content_type": "application/json",
"headers": {
"X-Trace": ["abc123"]
},
"body": {
"id": "item-1"
}
}- API responses preserve the real HTTP response and set
4xx/5xxIsError=true - Proxy/runtime failures return plus
status: 0proxy_error - Binary payloads are represented as base64 wrappers
- Deprecated endpoints are listed by default and only excluded with
MCP_EXCLUDE_DEPRECATED=1
输入:
json
{
"toolName": "fe_patch_admin_features_key_toggle",
"path": {
"key": "checkout"
},
"headers": {
"X-Workspace": "acme"
},
"body": {
"enabled": true
}
}X-WorkspaceheadersMCP_EXTRA_HEADERScall_endpointjson
{
"status": 200,
"content_type": "application/json",
"headers": {
"X-Trace": ["abc123"]
},
"body": {
"id": "item-1"
}
}- API的响应会保留真实的HTTP响应,并设置
4xx/5xxIsError=true - 代理/运行时错误会返回以及
status: 0proxy_error - 二进制 payload 会以base64包装的形式呈现
- 默认会列出已废弃的端点,仅当设置时才会排除
MCP_EXCLUDE_DEPRECATED=1
Multiple APIs
多API支持
Use distinct prefixes to run side-by-side:
json
{
"mcpServers": {
"users-api": { "command": "mcp-openapi-proxy", "env": { "MCP_TOOL_PREFIX": "users", "..." : "..." } },
"billing-api": { "command": "mcp-openapi-proxy", "env": { "MCP_TOOL_PREFIX": "billing", "..." : "..." } }
}
}使用不同的前缀即可并行运行多个代理:
json
{
"mcpServers": {
"users-api": { "command": "mcp-openapi-proxy", "env": { "MCP_TOOL_PREFIX": "users", "..." : "..." } },
"billing-api": { "command": "mcp-openapi-proxy", "env": { "MCP_TOOL_PREFIX": "billing", "..." : "..." } }
}
}Common Mistakes
常见问题
- Missing → startup fails immediately
MCP_SPEC - No usable base URL → set explicitly or declare a single absolute OpenAPI
MCP_BASE_URLserver - Spec generated by → detect
swag initor a generatedswagger: "2.0", convert it withswagger.json, then pointswagger2openapiat the resulting OpenAPI 3.x fileMCP_SPEC - Missing per-scheme auth → configure ,
MCP_AUTH_<SCHEME>_*, or runMCP_AUTH_TOKENmcp-openapi-proxy login - Spec URL unreachable → fails at startup; check network/VPN
- Authenticated calls to non-loopback → blocked unless
http://MCP_ALLOW_INSECURE_HTTP=1 - Treating endpoints as MCP tools → endpoints are discovered as values; only
toolName,list_endpoints, anddescribe_endpointare registeredcall_endpoint - Calling without discovery → list first, then describe if needed, then call with
call_endpointtoolName
For exhaustive reference, examples, and troubleshooting, see the repository .
README.md- 缺少配置 → 启动会立即失败
MCP_SPEC - 无可用的基础URL → 显式设置,或在OpenAPI规范中声明单个绝对
MCP_BASE_URL地址server - 规范由生成 → 检测到
swag init或生成的swagger: "2.0"时,使用swagger.json转换格式,然后将swagger2openapi指向生成的OpenAPI 3.x文件MCP_SPEC - 缺少按认证方案的身份验证配置 → 配置、
MCP_AUTH_<SCHEME>_*,或执行MCP_AUTH_TOKENmcp-openapi-proxy login - 规范URL无法访问 → 启动失败,请检查网络/VPN
- 向非回环地址发起认证请求 → 默认被拦截,除非设置
http://MCP_ALLOW_INSECURE_HTTP=1 - 将端点视为MCP工具 → 端点以值的形式被发现,仅
toolName、list_endpoints和describe_endpoint是注册的工具call_endpoint - 未经过发现就调用→ 先列出端点,必要时查询详情,然后使用
call_endpoint调用toolName
如需完整参考、示例和问题排查,请查看代码仓库的。
README.md