MCP Directory

How to add openapi-to-mcp to Windsurf

Turn any OpenAPI spec into an MCP server, exposing your API endpoints as strongly typed tools. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.

Last updated June 14, 2026 · 33 · stdio · apikey

Windsurf config for openapi-to-mcp

dotnet tool install --global openapi-to-mcp
{
  "mcpServers": {
    "openapi-to-mcp": {
      "command": "openapi-to-mcp",
      "args": [
        "https://petstore3.swagger.io/api/v3/openapi.json"
      ]
    }
  }
}

Setup steps

  1. 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
  2. 2Paste the openapi-to-mcp config below.
  3. 3Fill in placeholder secrets, then save.
  4. 4Click Refresh in the MCP panel.
  5. 5openapi-to-mcp's tools become available to Cascade.

Before you start

  • .NET SDK (to install via `dotnet tool install`), or download a prebuilt executable from the releases page
  • An OpenAPI 2.0 or 3.0 specification (JSON or YAML; OpenAPI 3.1 is not yet supported)
  • Credentials (bearer token or OAuth2 client/refresh credentials) if the target API requires authentication

What openapi-to-mcp can do in Windsurf

Dynamically generated per OpenAPI operation

There are no fixed tools. Each operation (endpoint) in the supplied OpenAPI spec is exposed as one MCP tool. Path/query/JSON-body parameters are derived from the operation's JSON schema, and the raw API response is returned. The tool name comes from the `x-mcp-tool-name` extension, the `operationId`, or `{httpMethod}_{escaped_path}`, per the chosen `--tool-naming-strategy`; the description comes from `x-mcp-tool-description`, `operation.description`, or `path.description`.

Security

Bearer tokens and OAuth2 client secrets/passwords are passed as command-line args in the MCP config and forwarded as the Authorization header on every call (including when fetching a remote spec). Avoid committing config files containing these credentials. The server forwards API responses as-is, so be mindful of which spec/host you point it at.

openapi-to-mcp + Windsurf FAQ

Where is the Windsurf config file?

Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the openapi-to-mcp config there under the "mcpServers" key and restart the client.

Is openapi-to-mcp safe to use with Windsurf?

Bearer tokens and OAuth2 client secrets/passwords are passed as command-line args in the MCP config and forwarded as the Authorization header on every call (including when fetching a remote spec). Avoid committing config files containing these credentials. The server forwards API responses as-is, so be mindful of which spec/host you point it at.

Which OpenAPI versions are supported?

OpenAPI 2.0 and 3.0 are supported. 3.1 is not (pending OpenAPI 3.1 support in microsoft/OpenAPI.NET). Specs may be JSON or YAML, local or remote, but only local $refs are supported.

What transports are supported?

Only STDIO transport is currently supported.

How does the server know which host to call?

It uses, in order: the `--host-override` option, the spec's first server URL if absolute, then the host of the remote OpenAPI URL provided. If none resolve to an absolute host, an error is thrown.

View repo Full openapi-to-mcp page