Every API is now a tool surface. Cursor pulls OpenAPI specs into context during integration tasks. Claude.ai calls MCP tools natively. Codex generates code from tagged operation lists. If your API isn't agent-readable, you don't get the integration — competitors do. Five things to ship: a stable OpenAPI URL, tagged operations, MCP-spec OAuth, agent-friendly rate limits, idiomatic code samples.
Already publishing OpenAPI? Free with wmcp.sh, 5 min. No spec yet? We ship one for $499.
When a developer asks Cursor "integrate Stripe", Cursor pulls Stripe's OpenAPI spec + docs into context and generates working code in 30 seconds. When the same developer asks about a competitor's API and it's not agent-callable, they don't get an integration — they get hand-rolled HTTP calls or move on. Same dynamic at the consumer-agent level: Claude calls APIs through MCP tools; APIs without MCP exposure don't get called.
Internal API docs in Confluence, Notion, or a custom docs site — usable by humans, invisible to agents. Without a machine-readable spec at a stable URL, every integration is hand-built.
→ Agent says: "I don't know how to call this API." Falls back to scraping docs (slow, lossy).
Fix: Generate OpenAPI 3 from your framework's route annotations (FastAPI, Hono, NestJS, ASP.NET, Spring Boot — all one-line config). Host at /openapi.json at a stable URL. wmcp.sh ingests it and emits one MCP tool per operation.
Stripe's spec is 400+ endpoints. Most agent frameworks struggle past 50 tools (context burn, decision paralysis). Without tags or curation, the agent gets overwhelmed and picks wrong.
→ Agent ingests 400 tools, asks for an answer about customer billing, can't disambiguate.
Fix: Tag your operations by domain (customers / charges / subscriptions / etc.). wmcp.sh respects OpenAPI tags — callers fetch ?tag=customers and get the 30 relevant tools, not 400.
"Sign in with our SDK" or "go to dashboard and create an API key" works for human integrators. It doesn't work when an AI agent is the integrator on the user's behalf.
→ Agent hits 401, can't progress, escalates to user. Friction.
Fix: Ship OAuth 2.1 + PKCE + Dynamic Client Registration (RFC 7591). Claude.ai, Cursor, Codex, MCP-spec clients natively drive this. Alternative: support a _auth pseudo-arg where the user provides their key via the agent's UI. wmcp.sh handles both patterns.
Agents share IPs (Cloudflare workers, AWS Lambda, residential proxies). IP-based rate limits cause legit agents to share quotas with bots. Plus: rate limit info only in 429 response body means agents discover the limit by being rate-limited, not by self-throttling.
→ Agent gets 429 mid-task. No retry-after-friendly headers. Tool call fails.
Fix: Per-API-key rate limits (not per-IP). Always emit X-RateLimit-Remaining + X-RateLimit-Reset + Retry-After headers. Anthropic's Messages API is the gold standard — agents read those headers and self-throttle.
Even with an OpenAPI spec, an agent generating code from your API benefits massively from idiomatic examples ("how do you usually create a customer?"). Without them, agents construct technically-correct-but-awkward calls.
→ Agent generates code that compiles but does the obvious-wrong thing.
Fix: In your OpenAPI spec, add x-codeSamples on key operations with idiomatic curl + Python + TypeScript snippets. Or expose a /openapi/cookbook sidecar — wmcp.sh will surface it to agents.
Generate from your framework's annotations. Host at /openapi.json. Stable URL, no auth to fetch.
Group by domain (customers, billing, etc.) so agents can fetch subsets. Keeps tool counts <50.
PKCE + DCR (RFC 7591). DefiLlama's MCP is the canonical example. wmcp.sh proxies it transparently if you can't ship today.
Per-key (not per-IP) + X-RateLimit-* headers so agents self-throttle. Anthropic-style.
curl -I https://your-api.com/openapi.json. Returns 200 + application/json? Good. If 404, fix step 1.curl 'https://wmcp.sh/api/v1/tools?url=https://your-api.com/openapi.json' and count tools[].X-RateLimit-* headers present? If not, add them at your API gateway / framework level.No code changes on your API. Just point wmcp.sh at your spec URL.
# Example: Stripe ships their spec at a public URL
curl 'https://wmcp.sh/api/v1/tools?url=https://raw.githubusercontent.com/stripe/openapi/master/openapi/spec3.json'
# Returns ~400 MCP tools, fully typed. Or with tag filter:
curl 'https://wmcp.sh/api/v1/tools?url=...spec3.json&tag=customers'
# Returns only ~30 customer-related tools — fits in any agent's tool budget.
# Or for your API specifically:
curl 'https://wmcp.sh/api/v1/tools?url=https://YOUR-API.com/openapi.json'
# Each operation in your spec becomes:
{
"name": "create_customer",
"description": "Create a new customer",
"inputSchema": { ... }, // derived from your operation params
"action": { "kind": "openapi_request", ... }
}If you already have an OpenAPI spec, you're done. Point any agent at https://wmcp.sh/api/v1/tools?url=<your-spec-url>.
?tag=customersNo OpenAPI yet? We generate one from your codebase + ship MCP-spec OAuth + write the agent cookbook. White-label at mcp.yourapi.com available.
/openapi.json with no auth required to fetch, (2) tag operations so agents can filter, (3) agent-friendly auth — OAuth 2.1 with PKCE + DCR for consumer agents. wmcp.sh handles ingestion + filtering + auth-injection automatically._auth arg — simplest; (b) OAuth 2.1 + PKCE — needed for consumer agents (Claude.ai, Cursor); (c) MCP-spec OAuth — PKCE + DCR + discovery endpoint. DefiLlama's MCP is the canonical (c) example. Build (c) if starting today — every modern MCP client supports it./openapi/agent-subset.json; expose a meta-tool list_capabilities that returns short descriptions. wmcp.sh respects tags — callers fetch ?tag=customers and get the slice they need.X-RateLimit-* + Retry-After headers. Anthropic Messages API is the gold standard.Each of these takes a published OpenAPI spec and turns it into agent-callable tools. Same pattern works for your API:
The general-purpose adapter. Drop any OpenAPI spec URL, get MCP tools.
Stripe ships the canonical OpenAPI. wmcp.sh's Stripe integration as the worked example.
GitHub's published OpenAPI + OAuth — repos, issues, PRs, gists, workflows as MCP.
GraphQL + OAuth — issues, projects, comments as agent-callable tools.