Does it support OpenAPI 3.x and Swagger 2.0?

Yes. Both. JSON specs only in v0 (most published APIs offer JSON variants). YAML support is a small follow-up — open an issue if you need it.

What about $ref resolution?

$refs to #/components/schemas/... in OpenAPI 3 (or #/definitions/... in Swagger 2) are resolved one hop deep. That means nested model references in parameters and request bodies get flattened so agents see real fields, not bare $ref pointers. Petstore's POST /pet correctly emits id, name, category, photoUrls, etc.

Can I execute the operations, not just see schemas?

Yes. POST /api/v1/tools/execute with { url, tool, args }. wmcp.sh constructs the HTTP request from the operation's method + path + parameter locations (path / query / header / body) and returns the response. Live for any tool with an openapi_request action.

integration · openapi

Turn any OpenAPI spec into MCP tools.

Q: What does the OpenAPI to MCP conversion produce?

One MCP tool per path × method in the spec. Tool name comes from operationId (falls back to method_path). Input schema is built from parameters + requestBody, with $refs to #/components/schemas/ resolved one hop deep. Each tool has an openapi_request action so agents can execute the call directly through wmcp.sh.

Q: How does this differ from openapi-mcp-generator or Speakeasy?

Codegen tools (openapi-mcp-generator, Speakeasy Gram, run-llama/fastmcp) require generating + hosting an MCP server you maintain. wmcp.sh is a hosted endpoint — POST a spec URL, get tools back. No code, no server, no upgrades. Trade-off: less customization. Win: instant integration.

Q: How does authentication work?

Three modes. (1) Public APIs (no auth) work directly. (2) Pass an explicit auth header via the _auth pseudo-arg in tool execute calls. (3) Connect the provider via wmcp.sh's OAuth dashboard (Stripe, GitHub, Google, Slack, Notion, Linear) — the worker auto-injects your stored token when the API host matches a connected provider.

Point wmcp.sh at any OpenAPI 3.x or Swagger 2.0 spec URL. Get back agent-callable tools — typed input schemas, live execute, $ref resolution. No codegen, no build step, no server to maintain.

Last updated 2026-05-27 · works with Claude, OpenAI, LangChain, and any MCP client

Try it

Hand a spec URL, get the tools.

No signup. Free tier handles 100 reads/day per IP.

try: Petstore v3 Petstore v2 (Swagger) Frankfurter FX

// Paste an OpenAPI spec URL and click Get tools.

How it works

The mapping

Mechanical, deterministic, and consistent across every spec.

OpenAPI concept	becomes
path × method (e.g. `POST /pet`)	one MCP tool
operationId	tool name (fallback: `method_path`, sanitized)
summary / description	tool description (300 char cap)
parameters (path / query / header)	inputSchema properties, with `required` tracked
requestBody.content[application/json].schema	inputSchema properties (refs resolved one hop)
$ref to `#/components/schemas/X`	inlined from the spec root (Swagger: `#/definitions/X`)
servers[0].url	baseUrl for the openapi_request action (with relative URL resolution)
everything else	preserved in the action context for the execute call

Positioning

Hosted vs. codegen

Three established ways to bridge OpenAPI to MCP. They make different tradeoffs.

Capability	openapi-mcp-generator (CLI)	Speakeasy Gram (managed)	wmcp.sh (hosted)
Setup	Generate code, host the server	Upload spec, configure platform	POST a URL
You maintain	Generated code + runtime	Platform account	Nothing
Spec change	Re-generate + re-deploy	Re-upload + republish	Auto-refresh (24h cache)
Cost (free tier)	Self-hosted costs only	Free + paid platform tiers	100 reads/day free
Customization	Full (edit generated code)	Platform-bounded	Adapter-bounded (PR welcome)
Auth handling	You wire it up per service	Platform manages tokens	OAuth vault (Stripe/GH/etc auto-injected)
Best for	Deep customization, isolated infra	Teams managing many specs	"Just give my agent access — now"

Authentication

The auth most people get wrong

Three modes, from no-auth public APIs to full OAuth via wmcp.sh's token vault.

1. Public APIs

No header required. Most "open" APIs (Petstore, Frankfurter, public NOAA endpoints) just work. Agents call tools/execute and the worker fires the request unauthenticated.

2. Explicit auth

Pass _auth in the tool args. Value goes verbatim into the Authorization header.

{ "_auth": "Bearer sk_…",
  "customer_email": "…" }

3. Connected OAuth

Connect Stripe / GitHub / Google / Slack / Notion / Linear once at /dashboard. When you call an OpenAPI tool whose host matches a connected provider, the worker auto-injects your encrypted token. Agents never see auth args.

Integrate

Three lines into any agent stack

cURL — raw HTTP, drop into any pipeline.

curl 'https://wmcp.sh/api/v1/tools?url=https://petstore3.swagger.io/api/v3/openapi.json'

Python — pip install wmcp

from wmcp import WmcpClient
from wmcp.anthropic import to_anthropic_tools

client = WmcpClient()
spec   = "https://petstore3.swagger.io/api/v3/openapi.json"
tools  = client.tools(spec)               # wmcp Tool list
anthropic_tools = to_anthropic_tools(tools)  # Anthropic SDK shape

JavaScript / TypeScript — npm install @wmcp/sdk

import { WmcpClient } from "@wmcp/sdk";
import { toOpenAITools } from "@wmcp/sdk/openai";

const client = new WmcpClient();
const tools  = await client.tools("https://petstore3.swagger.io/api/v3/openapi.json");
const openaiTools = toOpenAITools(tools);

Claude tool_use — one round trip

const { tools } = await (await fetch(
  `https://wmcp.sh/api/v1/tools?url=${encodeURIComponent(specUrl)}`
)).json();
const msg = await anthropic.messages.create({
  model: "claude-opus-4-7",
  tools: tools.map(t => ({
    name: t.name,
    description: t.description,
    input_schema: t.inputSchema || { type: "object", properties: {} }
  })),
  messages: [{ role: "user", content: "Find a pending pet by status and return its name." }]
});

FAQ

Frequently asked

What does the OpenAPI → MCP conversion produce?

One MCP tool per path × method in the spec. Tool name from operationId (fallback: method_path, sanitized). inputSchema built from parameters + requestBody, with $refs to #/components/schemas/ resolved one hop deep. Each tool has an openapi_request action so agents can execute the call directly through wmcp.sh.

How does this differ from openapi-mcp-generator or Speakeasy?

Codegen tools (openapi-mcp-generator, Speakeasy Gram, run-llama/fastmcp) require generating + hosting an MCP server you maintain. wmcp.sh is a hosted endpoint — POST a spec URL, get tools back. No code, no server, no upgrades. The trade-off: less customization. The win: instant integration, no build step. See the comparison table above.

How does authentication work?

Three modes — public APIs need none, you can pass an explicit _auth header in tool args, or you can connect the provider once at /dashboard and wmcp.sh auto-injects your stored OAuth token when calls hit that provider's API host. The vault is AES-GCM-256 encrypted at rest.

OpenAPI 3.x and Swagger 2.0?

Both. JSON specs only in v0 (most published APIs offer JSON variants of any YAML). YAML support is a small follow-up — open a GitHub issue if you need it.

$ref resolution depth?

One hop. Refs to #/components/schemas/Pet (or #/definitions/Pet in Swagger 2) get inlined. Nested refs inside the resolved schema stay as $ref — agents handle the second hop fine because the field shape is still inspectable. For Petstore's POST /pet, you get id, name, category, photoUrls, tags, status at the top level.

Can I execute the operations, not just fetch schemas?

Yes. POST /api/v1/tools/execute with { url, tool, args }. wmcp.sh constructs the HTTP request from the operation's method + path template + parameter locations (path / query / header / body) and returns the response wrapped as { ok, value: { status, data } }. Live for every tool with an openapi_request action.

How long are specs cached?

24 hours. Spec contents rarely change between versions; the 24h TTL means a single OpenAPI ingest serves many agents fast. Pass ?fresh=1 to bypass cache during development.

Making your API agent-callable

If you're shipping an API and want it to show up as MCP tools for Claude / Cursor / Codex users, the 5 things to get right are at /agent-ready/api. The cornerstone diagnostic is at /agent-ready. Or have us ship your spec + MCP server: /managed ($499 starter).