At Zuplo, we've made it easy to transform REST APIs into MCP servers with full authentication, rate limiting, and monetization built in. Now, we've extended that same capability to GraphQL.
Watch the demo#
Why GraphQL and MCP?#
GraphQL APIs are powerful, but they present a unique challenge for AI agents. Unlike REST endpoints with discrete operations, GraphQL exposes a flexible query language. An LLM needs to understand the schema before it can construct useful queries.
Zuplo's GraphQL-to-MCP support solves this by automatically generating two MCP server tools:
- Introspection tool - Fetches the GraphQL schema so the LLM understands what queries are available
- Execute tool - Runs GraphQL queries against the endpoint
This two-step approach lets AI systems dynamically discover and interact with any GraphQL API without manual tool definitions for each query type.
Example: Rick and Morty API#
There's a great Rick and Morty GraphQL API that we love to use for examples, and this demo is no different. Here's what the setup looks like:
1. Create a GraphQL route
Add a POST route that forwards to your GraphQL backend. This can be done directly in the Route Designer found in the Zuplo Portal.
Or, you can specify the setup in the OpenAPI document as shown here:
{
"/graphql": {
"post": {
"operationId": "graphql",
"x-zuplo-route": {
"handler": {
"export": "urlRewriteHandler",
"module": "$import(@zuplo/runtime)",
"options": {
"baseUrl": "https://rickandmortyapi.com/graphql"
}
},
"mcp": {
"type": "graphql"
}
}
}
}
}The key is the mcp.type: "graphql" configuration. This tells Zuplo to expose
this endpoint through the MCP server with the introspection and execution
capabilities as specific tools.
2. Add authentication
Drop in an API key authentication policy. Any authentication you add to the GraphQL endpoint carries forward to the MCP server automatically. You can also add rate limiting at this stage as well.
3. Add the MCP server
Include the GraphQL route in your MCP server configuration. This can also be
done by adding a new MCP route in the Route Designer and selecting the
/graphql endpoint as the tool you expose.
You can also specify the MCP options directly on the /graphql endpoint by
clicking the MCP GraphQL button. This allows you to specify that the
endpoint is a GraphQL endpoint, and you can customize how the introspection and
execution MCP tools are named.
Of course, you can also specify that same setup in the OpenAPI specification:
{
"/graphql": {
"post": {
"operationId": "graphql",
"x-zuplo-route": {
"handler": {
"export": "urlRewriteHandler",
"module": "$import(@zuplo/runtime)",
"options": {
"baseUrl": "https://rickandmortyapi.com/graphql"
}
},
"mcp": {
"type": "graphql",
"introspectionTool": {
"name": "rickmorty_schema",
"description": "Fetch the Rick and Morty GraphQL schema"
},
"executeTool": {
"name": "rickmorty_query",
"description": "Execute a query against the Rick and Morty GraphQL API"
}
}
}
}
}
}That's it. In under a minute, you have a production-ready MCP server backed by a GraphQL API.
Testing It Out#
Add the MCP server to your client of choice (OpenAI Playground, MCP Inspector, MCPJam, you can choose!) and ask
"Who was in Season 4, Episode 6 of Rick and Morty? What was the episode called?"
The LLM will then:
- Call the introspection tool to understand the schema
- Construct and execute a GraphQL query
- Return the answer: "Never Ricking Morty" featuring Rick Sanchez, Morty Smith, and others
The whole flow happens automatically because the LLM has access to the schema through introspection and the tools that Zuplo automatically provides.
It is worth noting that introspection needs to stay enabled for the MCP server to work. Without it, the LLM can't discover the schema.
Additional GraphQL Policies#
Zuplo offers a few additional options for working with GraphQL in the form of built-in policies that can be added to any route:
- GraphQL Introspection Filter - Filter which types appear in introspection responses
- GraphQL Disable Introspection - Block introspection on public routes while keeping it available for internal MCP calls
- Complexity Limit - Prevent resource-intensive queries from overwhelming your backend
These policies let you lock down the public GraphQL endpoint while still giving the MCP server what it needs to work correctly.
Get Started#
GraphQL-to-MCP support is available now in Zuplo. Check out the docs to get started, and sign up for a free account if you haven't already.
You can also explore, test and adapt this project, by deploying the MCP Server GraphQL example to your Zuplo account.
