A universal MCP server that connects any REST API to AI assistants (Claude, Cursor, etc.) via OpenAPI or Postman specs. Features GraphQL-style field selection, automatic schema inference, mutation support, and smart query suggestions.
anyapi-mcp-server
If it has an API, you can MCP it.
Traditional MCP servers hand-pick a handful of endpoints and call it a day — locking you into whatever subset someone decided was "enough." Why settle for a fraction of an API when you can have all of it?
anyapi-mcp-server is a universal MCP server that connects any REST API to AI assistants like Claude, Cursor, and other LLM-powered tools — just point it at an OpenAPI spec or Postman collection. Every endpoint the API provides becomes available instantly, with GraphQL-style field selection and automatic schema inference. No custom server code, no artificial limits.
Quick start
1. Install
npm install -g anyapi-mcp-server
2. Add to your MCP client (Cursor, Claude Desktop, etc.)
{
"mcpServers": {
"your-api": {
"command": "npx",
"args": [
"-y",
"anyapi-mcp-server",
"--name", "your-api",
"--spec", "path/to/openapi.json",
"--base-url", "https://api.example.com",
"--header", "Authorization: Bearer ${API_KEY}"
],
"env": {
"API_KEY": "your-api-key"
}
}
}
}
3. Use the tools — discover endpoints with list_api, inspect schemas with call_api, fetch data with query_api.
Provider examples
Ready-to-use configurations for popular APIs:
| Provider | Auth | |----------|------| | Cloudflare | API Token or Key + Email | | Datadog | API Key + App Key | | GitHub | Personal Access Token | | Google Workspace | OAuth 2.0 | | Metabase | API Key | | PostHog | Personal API Key | | Slack | Bot/User Token |
These work with any API that has an OpenAPI or Postman spec — the above are just examples. Stripe, Twilio, Shopify, HubSpot, and anything else with a REST API will work the same way.
CLI reference
Required flags
| Flag | Description |
|------|-------------|
| --name | Server name (e.g. cloudflare) |
| --spec | Path or HTTPS URL to an OpenAPI spec (JSON/YAML) or Postman Collection. Remote URLs are cached locally. Supports ${ENV_VAR}. |
| --base-url | API base URL (e.g. https://api.example.com). Supports ${ENV_VAR}. |
Optional flags
| Flag | Description |
|------|-------------|
| --header | HTTP header as "Key: Value" (repeatable). Supports ${ENV_VAR} in values. |
| --log | Path to NDJSON request/response log. Sensitive headers are masked automatically. |
OAuth flags
For APIs that use OAuth 2.0 instead of static tokens. If any of the three required flags is provided, all three are required. All flags support ${ENV_VAR}.
| Flag | Required | Description |
|------|----------|-------------|
| --oauth-client-id | Yes* | OAuth client ID |
| --oauth-client-secret | Yes* | OAuth client secret |
| --oauth-token-url | Yes* | Token endpoint URL |
| --oauth-auth-url | No | Authorization endpoint (auto-detected from spec if available) |
| --oauth-scopes | No | Comma-separated scopes |
| --oauth-flow | No | authorization_code (default) or client_credentials |
| --oauth-param | No | Extra token parameter as key=value (repeatable) |
See the Google Workspace guide for a complete OAuth example.
Tools
The server exposes five tools (plus auth when OAuth is configured):
list_api — Browse endpoints
Discover what the API offers. Call with no arguments to see all categories, provide category to list endpoints in a tag, or search to find endpoints by keyword.
call_api — Inspect an endpoint
Makes a real HTTP request and returns the inferred GraphQL schema (SDL) — not the data itself. Use this to discover the response shape and get suggestedQueries you can copy into query_api.
query_api — Fetch data
Fetches data and returns only the fields you select via a GraphQL query. Supports both reads and writes (mutations for POST/PUT/DELETE/PATCH).
# Read
{ items { id name status } _count }
# Write
mutation { post_endpoint(input: { name: "example" }) { id } }
explain_api — Read the docs
Returns spec documentation for an endpoint (parameters, request body schema, response codes) without making an HTTP request.
batch_query — Parallel requests
Fetches data from up to 10 endpoints concurrently in a single tool call. Each request follows the query_api flow.
auth — OAuth authentication
Only available when --oauth-* flags are configured. Manages the OAuth flow:
action: "start"— returns an authorization URL (or exchanges credentials forclient_credentials)action: "exchange"— completes the authorization code flow (callback is captured automatically)action: "status"— shows current token status
Tokens are persisted and refreshed automatically.
Typical workflow
list_api → discover what's available
↓
explain_api → read the docs for an endpoint
↓
call_api → inspect the response schema
↓
query_api → fetch exactly the fields you need
↓
batch_query → fetch from multiple endpoints at once
How it works
OpenAPI/Postman spec
│
▼
┌─────────┐ ┌─────────────┐ ┌──────────┐ ┌───────────┐ ┌─────────────┐
│list_api │ │ explain_api │ │ call_api │ │ query_api │ │ batch_query │
│(browse) │ │ (docs) │ │ (schema) │ │ (data) │ │ (parallel) │
└─────────┘ └─────────────┘ └──────────┘ └───────────┘ └─────────────┘
│ │ no HTTP │ │ │
▼ ▼ request ▼ ▼ ▼
Spec index Spec index REST API call REST API call N concurrent
(tags, (params, (with retry (cached if REST API calls
paths) responses, + caching) same as + GraphQL
body schema) │ call_api) execution
▼ │
Infer GraphQL ▼
schema from Execute GraphQL
JSON response query against
response data
Features
- Any REST API — provide an OpenAPI (JSON/YAML) or Postman Collection v2.x spec as a file or URL
- Remote spec caching — HTTPS specs are fetched once and cached to
~/.cache/anyapi-mcp/ - GraphQL field selection — query only the fields you need from any response
- Schema inference — automatically builds GraphQL schemas from live API responses
- Multi-sample merging — samples up to 10 array elements for richer schemas
- Mutation support — write operations get typed GraphQL mutations from OpenAPI body schemas
- Smart suggestions —
call_apireturns ready-to-use queries based on the inferred schema - Response caching — 30s TTL prevents duplicate calls across
call_api→query_api - Retry with backoff — automatic retries for 429/5xx with exponential backoff and
Retry-Aftersupport - Multi-format — parses JSON, XML, CSV, and plain text responses
- Pagination — API-level via
params, client-side slicing vialimit/offset - Rich errors — structured error messages with status-specific suggestions and spec context for self-correction
- OAuth 2.0 — Authorization Code (with PKCE) and Client Credentials flows with automatic token refresh
- Env var interpolation —
${ENV_VAR}in base URLs, headers, and spec paths - Request logging — optional NDJSON log with sensitive header masking
Supported spec formats
- OpenAPI 3.x (JSON or YAML)
- OpenAPI 2.0 / Swagger (JSON or YAML)
- Postman Collection v2.x (JSON)
License
Proprietary Non-Commercial. Free for personal and educational use. Commercial use requires written permission. See LICENSE for details.