Summary
- Adds
POST /v1/tools/generate-schema-from-openapi to the versioned REST API, mirroring the existing POST /admin/tools/generate-schemas-from-openapi endpoint
- Allows API consumers and integrations to generate MCP tool input/output schemas from an OpenAPI spec without requiring Admin UI access
- Delegates to the existing
openapi_service.fetch_and_extract_schemas() — no new business logic
Changes
- New:
mcpgateway/routers/openapi_schema_router.py — APIRouter with prefix /v1/tools; POST /generate-schema-from-openapi; requires tools.create RBAC permission with no admin bypass; no admin CSRF dependency
- Modified:
mcpgateway/main.py — registers the new router
- New:
tests/unit/mcpgateway/routers/test_openapi_schema_router.py — happy path, input validation, error mapping, permission denial
Request / Response
POST /v1/tools/generate-schema-from-openapi
Content-Type: application/json
{
"url": "https://api.example.com/v1/calculate",
"request_type": "POST",
"openapi_url": ""
}
{
"message": "Schemas generated successfully",
"success": true,
"input_schema": { ... },
"output_schema": { ... },
"spec_url": "https://api.example.com/openapi.json"
}
request_type defaults to GET if omitted. openapi_url is auto-discovered if empty.
Differences from the admin endpoint
|
/admin/tools/generate-schemas-from-openapi |
/v1/tools/generate-schema-from-openapi |
| Router |
admin_router (admin.py) |
New router in mcpgateway/routers/ |
| CSRF |
enforce_admin_csrf |
None |
| RBAC |
tools.create, no admin bypass |
Same |
| Service |
openapi_service |
Same |
Summary
POST /v1/tools/generate-schema-from-openapito the versioned REST API, mirroring the existingPOST /admin/tools/generate-schemas-from-openapiendpointopenapi_service.fetch_and_extract_schemas()— no new business logicChanges
mcpgateway/routers/openapi_schema_router.py—APIRouterwith prefix/v1/tools;POST /generate-schema-from-openapi; requirestools.createRBAC permission with no admin bypass; no admin CSRF dependencymcpgateway/main.py— registers the new routertests/unit/mcpgateway/routers/test_openapi_schema_router.py— happy path, input validation, error mapping, permission denialRequest / Response
request_type defaults to GET if omitted. openapi_url is auto-discovered if empty.
Differences from the admin endpoint
/admin/tools/generate-schemas-from-openapi/v1/tools/generate-schema-from-openapiadmin_router(admin.py)mcpgateway/routers/enforce_admin_csrftools.create, no admin bypassopenapi_service