anyapi-mcp-server

If it has an API, you can MCP it.

Traditional MCP servers hand-pick a handful of endpoints and call it a day — locking you into whatever subset someone decided was "enough." Why settle for a fraction of an API when you can have all of it?

anyapi-mcp-server is a universal MCP server that connects any REST API to AI assistants like Claude, Cursor, and other LLM-powered tools — just point it at an OpenAPI spec or Postman collection. Every endpoint the API provides becomes available instantly, with GraphQL-style field selection and automatic schema inference. No custom server code, no artificial limits.

Quick start

1. Install

npm install -g anyapi-mcp-server

2. Add to your MCP client (Cursor, Claude Desktop, etc.)

{
  "mcpServers": {
    "your-api": {
      "command": "npx",
      "args": [
        "-y",
        "anyapi-mcp-server",
        "--name", "your-api",
        "--spec", "path/to/openapi.json",
        "--base-url", "https://api.example.com",
        "--header", "Authorization: Bearer ${API_KEY}"
      ],
      "env": {
        "API_KEY": "your-api-key"
      }
    }
  }
}

3. Use the tools — discover endpoints with list_api, inspect schemas with call_api, fetch data with query_api.

Provider examples

Ready-to-use configurations for popular APIs:

| Provider | Auth | |----------|------| | Cloudflare | API Token or Key + Email | | Datadog | API Key + App Key | | GitHub | Personal Access Token | | Google Workspace | OAuth 2.0 | | Metabase | API Key | | PostHog | Personal API Key | | Slack | Bot/User Token |

These work with any API that has an OpenAPI or Postman spec — the above are just examples. Stripe, Twilio, Shopify, HubSpot, and anything else with a REST API will work the same way.

CLI reference

Required flags

| Flag | Description | |------|-------------| | --name | Server name (e.g. cloudflare) | | --spec | Path or HTTPS URL to an OpenAPI spec (JSON/YAML) or Postman Collection. Remote URLs are cached locally. Supports ${ENV_VAR}. | | --base-url | API base URL (e.g. https://api.example.com). Supports ${ENV_VAR}. |

Optional flags

| Flag | Description | |------|-------------| | --header | HTTP header as "Key: Value" (repeatable). Supports ${ENV_VAR} in values. | | --log | Path to NDJSON request/response log. Sensitive headers are masked automatically. |

OAuth flags

For APIs that use OAuth 2.0 instead of static tokens. If any of the three required flags is provided, all three are required. All flags support ${ENV_VAR}.

| Flag | Required | Description | |------|----------|-------------| | --oauth-client-id | Yes* | OAuth client ID | | --oauth-client-secret | Yes* | OAuth client secret | | --oauth-token-url | Yes* | Token endpoint URL | | --oauth-auth-url | No | Authorization endpoint (auto-detected from spec if available) | | --oauth-scopes | No | Comma-separated scopes | | --oauth-flow | No | authorization_code (default) or client_credentials | | --oauth-param | No | Extra token parameter as key=value (repeatable) |

See the Google Workspace guide for a complete OAuth example.

Tools

The server exposes five tools (plus auth when OAuth is configured):

list_api — Browse endpoints

Discover what the API offers. Call with no arguments to see all categories, provide category to list endpoints in a tag, or search to find endpoints by keyword.

call_api — Inspect an endpoint

Makes a real HTTP request and returns the inferred GraphQL schema (SDL) — not the data itself. Use this to discover the response shape and get suggestedQueries you can copy into query_api.

query_api — Fetch data

Fetches data and returns only the fields you select via a GraphQL query. Supports both reads and writes (mutations for POST/PUT/DELETE/PATCH).

# Read
{ items { id name status } _count }

# Write
mutation { post_endpoint(input: { name: "example" }) { id } }

explain_api — Read the docs

Returns spec documentation for an endpoint (parameters, request body schema, response codes) without making an HTTP request.

batch_query — Parallel requests

Fetches data from up to 10 endpoints concurrently in a single tool call. Each request follows the query_api flow.

auth — OAuth authentication

Only available when --oauth-* flags are configured. Manages the OAuth flow:

• action: "start" — returns an authorization URL (or exchanges credentials for client_credentials)
• action: "exchange" — completes the authorization code flow (callback is captured automatically)
• action: "status" — shows current token status

Tokens are persisted and refreshed automatically.

Typical workflow

list_api          → discover what's available
     ↓
explain_api       → read the docs for an endpoint
     ↓
call_api          → inspect the response schema
     ↓
query_api         → fetch exactly the fields you need
     ↓
batch_query       → fetch from multiple endpoints at once

How it works

OpenAPI/Postman spec
        │
        ▼
   ┌─────────┐  ┌─────────────┐  ┌──────────┐  ┌───────────┐  ┌─────────────┐
   │list_api │  │ explain_api │  │ call_api │  │ query_api │  │ batch_query │
   │(browse) │  │   (docs)    │  │ (schema) │  │  (data)   │  │ (parallel)  │
   └─────────┘  └─────────────┘  └──────────┘  └───────────┘  └─────────────┘
        │          │ no HTTP          │               │             │
        ▼          ▼ request          ▼               ▼             ▼
   Spec index   Spec index     REST API call    REST API call  N concurrent
   (tags,       (params,       (with retry      (cached if     REST API calls
    paths)       responses,     + caching)       same as        + GraphQL
                 body schema)       │            call_api)      execution
                                    ▼               │
                               Infer GraphQL        ▼
                               schema from     Execute GraphQL
                               JSON response   query against
                                               response data

Features

• Any REST API — provide an OpenAPI (JSON/YAML) or Postman Collection v2.x spec as a file or URL
• Remote spec caching — HTTPS specs are fetched once and cached to ~/.cache/anyapi-mcp/
• GraphQL field selection — query only the fields you need from any response
• Schema inference — automatically builds GraphQL schemas from live API responses
• Multi-sample merging — samples up to 10 array elements for richer schemas
• Mutation support — write operations get typed GraphQL mutations from OpenAPI body schemas
• Smart suggestions — call_api returns ready-to-use queries based on the inferred schema
• Response caching — 30s TTL prevents duplicate calls across call_api → query_api
• Retry with backoff — automatic retries for 429/5xx with exponential backoff and Retry-After support
• Multi-format — parses JSON, XML, CSV, and plain text responses
• Pagination — API-level via params, client-side slicing via limit/offset
• Rich errors — structured error messages with status-specific suggestions and spec context for self-correction
• OAuth 2.0 — Authorization Code (with PKCE) and Client Credentials flows with automatic token refresh
• Env var interpolation — ${ENV_VAR} in base URLs, headers, and spec paths
• Request logging — optional NDJSON log with sensitive header masking

Supported spec formats

• OpenAPI 3.x (JSON or YAML)
• OpenAPI 2.0 / Swagger (JSON or YAML)
• Postman Collection v2.x (JSON)

License

Proprietary Non-Commercial. Free for personal and educational use. Commercial use requires written permission. See LICENSE for details.