DEV.co
MCP Servers · open-webui

mcpo

mcpo is a Python proxy that converts Model Context Protocol (MCP) servers into standard OpenAPI HTTP endpoints. It eliminates the need for custom integration logic by automatically exposing MCP tools as REST APIs with interactive documentation.

Source: GitHub — github.com/open-webui/mcpo
4.3k
GitHub stars
470
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryopen-webui/mcpo
Owneropen-webui
Primary languagePython
LicenseMIT — OSI-approved
Stars4.3k
Forks470
Open issues47
Latest releasev0.0.20 (2026-02-27)
Last updated2026-05-17
Sourcehttps://github.com/open-webui/mcpo

What mcpo is

mcpo wraps MCP stdio/SSE/Streamable-HTTP servers and translates their tool definitions into OpenAPI schemas, serving them via FastAPI with optional API key and OAuth 2.1 authentication. It supports hot-reload config, multiple server types, and tool filtering.

Quickstart

Get the mcpo source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/open-webui/mcpo.gitcd mcpo# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

LLM Agent Integration

Quickly expose MCP tools to LLM agents and applications that natively expect OpenAPI servers, bypassing custom protocol negotiation.

Legacy Tool Bridge

Integrate existing MCP servers with REST-first or OpenAPI-first platforms without rewriting tool definitions or adding glue code.

Standardized Tool Marketplace

Deploy multiple MCP tools under a single HTTP server with auto-generated docs, unified auth, and consistent error handling for end users.

Implementation considerations

  • MCP server command and environment must be available on the host where mcpo runs; consider containerization for consistency.
  • API key auth is simple but not OAuth 2.1 by default on the proxy itself; OAuth is only for downstream MCP servers.
  • Config file hot-reload adds convenience but requires monitoring for deployment—test file watchers in your target environment.
  • Tool filtering via disabledTools is per-config; no runtime RBAC or fine-grained access control on individual tool calls.
  • Reverse proxy setup (--root-path) requires coordination with load balancer or API gateway routing rules.

When to avoid it — and what to weigh

  • Tight Latency Requirements — Proxying adds serialization overhead. For sub-millisecond performance, use native MCP or embed tools directly.
  • Complex Stateful MCP Workflows — mcpo is stateless per request; MCP servers requiring persistent session state across calls may require custom orchestration.
  • Binary or Streaming MCP Tools — Heavy streaming or binary payload handling may not map cleanly to standard REST/JSON OpenAPI; test thoroughly before production.
  • Air-Gapped or Offline-First Deployments — mcpo requires external MCP server processes; no built-in offline fallback or caching layer is mentioned.

License & commercial use

MIT License (MIT). Permissive, OSI-approved license allowing commercial use, modification, and distribution with minimal restrictions (retain license and copyright notice).

MIT License explicitly permits commercial use. However, review downstream MCP server licenses and any proprietary tools wrapped via mcpo to ensure compliance—mcpo itself imposes no commercial restrictions.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

mcpo adds HTTP layer with optional API key auth (simple string comparison, not rate-limiting or JWT by default). OAuth 2.1 dynamic registration supported for downstream servers. No mention of request signing, input validation, logging sanitization, or defense against MCP tool abuse. Host the proxy in a trusted network or behind an authenticating reverse proxy if exposed to untrusted users. Underlying MCP server security posture unchanged.

Alternatives to consider

Native MCP SDK (e.g., mcp.client)

Avoids proxy overhead if your application can directly speak MCP protocol; tighter latency but requires custom integration per client.

Custom REST wrapper (hand-coded)

Full control over schema, auth, and error handling; no auto-generation but higher upfront effort for each tool.

Anthropic Claude Desktop / MCP ecosystem tools

Native MCP support without HTTP proxy if your deployment already runs MCP clients; avoids serialization overhead.

Software development agency

Build on mcpo with DEV.co software developers

Evaluate mcpo for your agent workflow. Test the quick-start with a sample MCP server, then consult Devco for production deployment, authentication hardening, and multi-tool orchestration.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

mcpo FAQ

Can I run multiple MCP servers under one mcpo instance?
Yes, use a config file (JSON) with the mcpServers object; each tool gets its own route and OpenAPI schema. Hot-reload mode allows updates without downtime.
What happens if an MCP server crashes?
mcpo will attempt to restart it if running via config file; behavior depends on process manager. No auto-retry or circuit-breaker documented. Monitor server health externally.
Does mcpo support authentication/authorization per tool?
API key auth applies globally; fine-grained per-tool RBAC is not built in. Use a reverse proxy (e.g., nginx, API gateway) for per-tool auth policies.
Can I deploy mcpo in Kubernetes?
Yes, use the Docker image (ghcr.io/open-webui/mcpo:main) and mount config files as ConfigMaps. Ensure MCP server binaries are available or bundled in the image.

Software developers & web developers for hire

Adopting mcpo is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate mcp servers software in production.

Ready to integrate MCP tools into your AI stack?

Evaluate mcpo for your agent workflow. Test the quick-start with a sample MCP server, then consult Devco for production deployment, authentication hardening, and multi-tool orchestration.