Swagger MCP connector for AI agents

CALL ANY TOOL

Manage APIs, retrieve OpenAPI specs, and update developer portal content in SwaggerHub. Same toolkit, every framework, no auth plumbing.

swagger_apis_list

List APIs

List all APIs in the authorized SwaggerHub organization with version, status, and last-updated metadata.

Parameters

Name

Type

Required

Description

query

string

Optional

Filter APIs by name or keyword

limit

integer

Optional

Max APIs to return

swagger_api_definition_get

Get API definition

swagger_api_create

Create API

swagger_api_validate

Validate spec

swagger_portal_get

Get portal content

Build your Agent

Drop the toolkit in, point it at the user, and your agent can manage SwaggerHub APIs and specs from the first run.

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["swaggermcp"], toolNames: ["swagger_apis_list", "swagger_api_definition_get", "swagger_api_create"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["swaggermcp"], toolNames: ["swagger_apis_list", "swagger_api_definition_get", "swagger_api_create"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["swaggermcp"], toolNames: ["swagger_apis_list", "swagger_api_definition_get", "swagger_api_create"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/swaggermcp",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your API agent to start managing OpenAPI definitions in SwaggerHub.

Search & recall

Copy the prompt

Copied

List all APIs in the [org] SwaggerHub organization.

Copy the prompt

Copied

Get the OpenAPI spec for [API name] version [X.Y].

Copy the prompt

Copied

Find all APIs with [keyword] in the name or description.

Action & validate

Copy the prompt

Copied

Validate this OpenAPI spec for errors and warnings.

Copy the prompt

Copied

Create a new API [name] with this spec in SwaggerHub.

Copy the prompt

Copied

List all POST endpoints in the [API name] spec.

SEE HOW AUTH WORKS

Developers authorize Swagger MCP once. Their SwaggerHub credentials stay vaulted, every API action runs under their permissions, and every call is logged.

1

Authorize

Your user connects

Swagger MCP

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Swagger MCP

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Swagger MCP

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Swagger MCP

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other developer tool connectors.

No items found.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Swagger MCP today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access SwaggerHub as the user or a shared account?

As the user. Each developer authorizes once and API actions are attributed to that user's SwaggerHub identity.

Where is the Swagger MCP OAuth token stored?

In Scalekit's AES-256 vault, namespaced per tenant. Tokens never appear in prompts or LLM context.

Can I restrict the agent to read-only API access?

Yes. Use listScopedTools to allow spec retrieval and listing without granting API creation or update permissions.

What happens when a developer revokes Swagger MCP access?

The next tool call fails closed for that user. Other developers remain unaffected. Revocation is logged.

Can the agent validate and push a spec in one workflow?

Yes. A single agent can validate an OpenAPI spec with swagger_api_validate and then create it with swagger_api_create in the same workflow.

Swagger MCP

Tools your agent reaches for on Swagger MCP, scoped per user.