DEV Community

Kyle Fuehri
Kyle Fuehri

Posted on

I replaced 2,000 lines of MCP boilerplate with one CLI command

#mcp #ai #opensource #devtools

The Problem

If you've ever wanted Claude, Cursor, or Copilot to talk to a REST API via MCP, you know the drill: write a transport layer, define tool schemas, handle OAuth, manage credentials, wrap errors... ~200 lines of boilerplate. Per API.

Want Claude to talk to Stripe AND GitHub AND Slack? That's 600+ lines before you've done anything useful.

What I Tried

  • Manual MCP servers — works, but painful at scale
  • Hosted MCP platforms — vendor lock-in, pricing concerns
  • Code generation — still need to maintain the output

Then I had a realization.

The Insight: OpenAPI Specs Already Have Everything

Stripe's OpenAPI spec is 50,000 lines. It describes every endpoint, parameter, auth scheme, and response shape. An MCP server needs exactly this information:

  • Endpoints (paths + methods) → MCP tools
  • Parameters (request schemas) → tool input schemas
  • Auth (securitySchemes) → OAuth/API key config
  • Base URLs (servers) → request routing

Why are we rewriting this by hand?

How APIFold Works

Point it at any OpenAPI or Swagger spec:

npx apifold serve stripe-openapi.yaml
Enter fullscreen mode Exit fullscreen mode

That's it. 30 seconds later you have a production-ready MCP server. Claude, Cursor, or Copilot connect directly and make real HTTP calls.

What happens under the hood:

  1. Parses OpenAPI 3.0/3.1 or Swagger 2.0
  2. Generates MCP tool definitions from each endpoint
  3. Handles auth — OAuth 2.0 with PKCE, API keys, Bearer tokens
  4. Encrypts credentials in an AES-256-GCM vault
  5. Serves via SSE or Streamable HTTP transport

The Registry

Pre-built configs for APIs you actually use:

  • Stripe
  • GitHub
  • Slack
  • Notion
  • HubSpot
  • Twilio
  • OpenAI

Growing weekly — submit a PR to add your API.

Security

This isn't a toy. Production features include:

  • OAuth 2.0 with PKCE — full authorization code flow with automatic token refresh
  • AES-256-GCM credential vault — credentials encrypted at rest
  • Per-request credential injection — keys never leak into tool definitions
  • Input validation — JSON Schema validation before every API call

Open Source

APIFold is open source:

  • Core transformer: MIT-licensed on npm
  • Full platform: AGPL-3.0

GitHub: github.com/Work90210/APIFold

What's Next

  • Registry expansion (community-driven)
  • Hosted version for teams
  • Webhook support for event-driven workflows

Try It 

npx apifold serve your-api-spec.yaml
Enter fullscreen mode Exit fullscreen mode

Website: apifold.dev

I'd love to hear: what APIs are you trying to connect your AI agents to? I'll add them to the registry.

Top comments (0)