UNPKG

graphql-mcp

Version:

A Model Context Protocol server that enables LLMs to interact with GraphQL APIs through dynamic schema introspection and query execution

github.com/noamski/graphql-mcp

noamski/graphql-mcp

158 lines (136 loc) 3.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# Authentication Examples The GraphQL MCP server supports all standard GraphQL authentication methods through headers. ## Environment Variable Authentication ### GitHub Personal Access Token ```bash export GRAPHQL_ENDPOINT="https://api.github.com/graphql" export GRAPHQL_AUTH_TOKEN="ghp_your_personal_access_token" ``` ### API Key Authentication ```bash export GRAPHQL_ENDPOINT="https://api.example.com/graphql" export GRAPHQL_API_KEY="your-api-key-here" ``` ### Custom Headers (JSON format) ```bash export GRAPHQL_ENDPOINT="https://api.example.com/graphql" export GRAPHQL_HEADERS='{"Authorization": "Bearer token", "X-Custom": "value"}' ``` ## Claude Desktop Configuration ### GitHub API ```json { "mcpServers": { "github-graphql": { "command": "graphql-mcp", "env": { "GRAPHQL_ENDPOINT": "https://api.github.com/graphql", "GRAPHQL_AUTH_TOKEN": "ghp_your_github_token" } } } } ``` ### Shopify Storefront API ```json { "mcpServers": { "shopify-graphql": { "command": "graphql-mcp", "env": { "GRAPHQL_ENDPOINT": "https://shop.myshopify.com/api/2024-01/graphql.json", "GRAPHQL_HEADERS": "{\"X-Shopify-Storefront-Access-Token\": \"your_storefront_token\"}" } } } } ``` ### Hasura with Admin Secret ```json { "mcpServers": { "hasura-graphql": { "command": "graphql-mcp", "env": { "GRAPHQL_ENDPOINT": "https://your-app.hasura.app/v1/graphql", "GRAPHQL_HEADERS": "{\"x-hasura-admin-secret\": \"your_admin_secret\"}" } } } } ``` ## Programmatic Authentication ### Via configure_graphql Tool ```javascript await client.callTool({ name: 'configure_graphql', arguments: { endpoint: 'https://api.github.com/graphql', headers: { 'Authorization': 'Bearer ghp_your_token', 'User-Agent': 'MyApp/1.0', 'Content-Type': 'application/json' }, timeout: 30000, maxDepth: 10, maxComplexity: 100, disabledResolvers: ['sensitiveQuery', 'adminMutation'] } }); ``` ## Security Features ### Query Limiting ```bash export GRAPHQL_MAX_DEPTH="5" # Prevent deep nesting export GRAPHQL_MAX_COMPLEXITY="50" # Limit query complexity export GRAPHQL_TIMEOUT="30000" # 30 second timeout ``` ### Resolver Blocking ```bash export GRAPHQL_DISABLED_RESOLVERS="adminUsers,deleteUser,sensitiveData" ``` ## Common Authentication Patterns ### 1. Bearer Token (OAuth2, JWT) ```json { "headers": { "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } } ``` ### 2. API Key in Header ```json { "headers": { "X-API-Key": "your-api-key", "X-Client-ID": "your-client-id" } } ``` ### 3. Basic Authentication ```json { "headers": { "Authorization": "Basic dXNlcjpwYXNzd29yZA==" } } ``` ### 4. Custom Authentication Headers ```json { "headers": { "X-Custom-Auth": "custom-token", "X-Tenant-ID": "tenant-123", "X-Version": "v1" } } ``` ## Testing Authentication After configuring authentication, use the `get_status` tool to verify: ```javascript const status = await client.callTool({ name: 'get_status', arguments: {} }); // Should show: configured: true, headersConfigured: true ```