What it does
mcpo is an MCP-to-OpenAPI proxy that makes any MCP server accessible via standard REST endpoints. It accepts an MCP server command—whether stdio-based, SSE, or HTTP-streaming—and exposes its tools as an OpenAPI-compatible HTTP server with auto-generated interactive documentation. Unlike raw MCP over stdio, it adds explicit security via API key authentication, structured error handling, and standard web-framework features, making MCP tools immediately usable with OpenAPI clients, LLM agents, and platform SDKs without custom integration code.
Who it's for
Backend engineers integrating MCP tools into LLM agents, API platforms, or web applications that expect OpenAPI endpoints; teams building deployments that need to expose internal MCP servers securely to external services or tools constrained to HTTP/REST interfaces.
Common use cases
- Expose a local MCP stdio server as an HTTP API for integration with LLM agents, Claude Desktop, or third-party applications
- Proxy SSE-based or HTTP-streaming MCP servers through a standard OpenAPI endpoint with custom headers and authentication
- Serve multiple independent MCP tools from a single mcpo instance using a config file with hot-reload capability
- Add OAuth 2.1 authentication to MCP servers that require it without modifying the server itself
Setup pitfalls
- Command syntax: everything before
--configures mcpo (port, API key, root path); everything after is the MCP server command - Stdio-based servers must be executable from mcpo's working directory; PATH and environment variables may differ in Docker or containerized deployments
- SSE and HTTP-streaming servers require network reachability and correct headers; verify endpoint and authentication before starting mcpo
- Filesystem access: mcpo can read and write files via exposed tools—audit tool definitions carefully if serving untrusted servers