Skip to main content

Connecting APIs

InstaMCP connects to APIs through OpenAPI or Swagger descriptions.

What Makes a Good API Spec

A useful API spec should include:

  • Clear endpoint paths.
  • HTTP methods.
  • Request parameters.
  • Request body schemas.
  • Response schemas.
  • Authentication requirements.
  • Short, accurate operation descriptions.

Better API descriptions create better tools.

Before connecting an API:

  1. Confirm the API works outside InstaMCP.
  2. Confirm the OpenAPI document is valid.
  3. Confirm authentication headers are known.
  4. Decide which operations are safe for AI use.
  5. Remove operations that should never be exposed.

Public URL vs Raw JSON

Use a public URL when:

  • Your API spec is hosted and stable.
  • You want InstaMCP to read the latest version.

Use raw JSON when:

  • The spec is private.
  • You want to control exactly which version is used.
  • You want to remove internal-only endpoints before import.

APIs That Need User Context

If your API returns different results for different logged-in visitors, you probably need Double-Hop Authentication.

Examples:

  • Customer account APIs.
  • Order history APIs.
  • User profile APIs.
  • Booking management APIs.

APIs That Use Static Credentials

If your API uses one server-side key for all requests, configure that key in the bridge authentication settings.

See Authentication and Headers.

Verification Checklist

  • The bridge imports successfully.
  • Tools appear after import.
  • Auth settings match the API requirements.
  • Test calls return expected data.
  • Sensitive or destructive operations are disabled unless intentionally allowed.