---
title: "Turn Any GraphQL API into an MCP Server"
description: "Turn any GraphQL API into an MCP server in minutes with Zuplo. Add authentication, rate limiting, and let AI agents query your GraphQL schema automatically."
canonicalUrl: "https://zuplo.com/blog/2025/12/03/mcp-server-graphql"
pageType: "blog"
date: "2025-12-03"
authors: "josh"
tags: "Model Context Protocol"
image: "https://zuplo.com/og?text=Turn%20Any%20GraphQL%20API%20into%20an%20MCP%20Server"
---
At Zuplo, we've made it easy to transform REST APIs into MCP servers with full
authentication, rate limiting, and monetization built in. Now, we've extended
that same capability to GraphQL.

## Watch the demo

<CalloutVideo
  variant="card"
  title="GraphQL to MCP Server Demo"
  description="See how to transform any GraphQL API into an MCP server with automatic schema introspection and query execution."
  videoUrl="https://www.youtube.com/watch?v=E4X0uEujvpo"
  thumbnailUrl="http://i3.ytimg.com/vi/E4X0uEujvpo/hqdefault.jpg"
/>

## Why GraphQL and MCP?

GraphQL APIs are powerful, but they present a unique challenge for AI agents.
Unlike REST endpoints with discrete operations, GraphQL exposes a flexible query
language. An LLM needs to understand the schema before it can construct useful
queries.

Zuplo's [GraphQL-to-MCP support](https://zuplo.com/docs/mcp-server/graphql)
solves this by automatically generating two MCP server tools:

1. **Introspection tool** - Fetches the GraphQL schema so the LLM understands
   what queries are available
2. **Execute tool** - Runs GraphQL queries against the endpoint

This two-step approach lets AI systems dynamically discover and interact with
any GraphQL API without manual tool definitions for each query type.

<CalloutDoc
  title="MCP Servers with GraphQL Documentation"
  description={`Learn how to expose GraphQL APIs as MCP tools with automatic schema introspection and query execution.`}
  href="https://zuplo.com/docs/mcp-server/graphql"
  features={[
    `Auto-generated
introspection`,
    `Query execution tool`,
    `Custom tool support`,
  ]}
/>

## Example: Rick and Morty API

There's a great Rick and Morty GraphQL API that we love to use for examples, and
this demo is no different. Here's what the setup looks like:

**1. Create a GraphQL route**

Add a POST route that forwards to your GraphQL backend. This can be done
directly in the Route Designer found in the Zuplo Portal.

![Setting up the GraphQL endpoint in the Zuplo Route Designer](/media/posts/2025-12-03-mcp-server-graphql/graphql-endpoint.png)

Or, you can specify the setup in the OpenAPI document as shown here:

```json
{
  "/graphql": {
    "post": {
      "operationId": "graphql",
      "x-zuplo-route": {
        "handler": {
          "export": "urlRewriteHandler",
          "module": "$import(@zuplo/runtime)",
          "options": {
            "baseUrl": "https://rickandmortyapi.com/graphql"
          }
        },
        "mcp": {
          "type": "graphql"
        }
      }
    }
  }
}
```

The key is the `mcp.type: "graphql"` configuration. This tells Zuplo to expose
this endpoint through the MCP server with the introspection and execution
capabilities as specific tools.

**2. Add authentication**

Drop in an API key authentication policy. Any authentication you add to the
GraphQL endpoint carries forward to the MCP server automatically. You can also
add rate limiting at this stage as well.

**3. Add the MCP server**

Include the GraphQL route in your MCP server configuration. This can also be
done by adding a new MCP route in the Route Designer and selecting the
`/graphql` endpoint as the tool you expose.

You can also specify the MCP options directly on the `/graphql` endpoint by
clicking the **MCP GraphQL** button. This allows you to specify that the
endpoint is a GraphQL endpoint, and you can customize how the introspection and
execution MCP tools are named.

![Setting up the MCP tools in the Zuplo Route Designer](/media/posts/2025-12-03-mcp-server-graphql/mcp-tools.png)

Of course, you can also specify that same setup in the OpenAPI specification:

```json
{
  "/graphql": {
    "post": {
      "operationId": "graphql",
      "x-zuplo-route": {
        "handler": {
          "export": "urlRewriteHandler",
          "module": "$import(@zuplo/runtime)",
          "options": {
            "baseUrl": "https://rickandmortyapi.com/graphql"
          }
        },
        "mcp": {
          "type": "graphql",
          "introspectionTool": {
            "name": "rickmorty_schema",
            "description": "Fetch the Rick and Morty GraphQL schema"
          },
          "executeTool": {
            "name": "rickmorty_query",
            "description": "Execute a query against the Rick and Morty GraphQL API"
          }
        }
      }
    }
  }
}
```

That's it. In under a minute, you have a production-ready MCP server backed by a
GraphQL API.

## Testing It Out

Add the MCP server to your client of choice (OpenAI Playground, MCP Inspector,
MCPJam, you can choose!) and ask

_"Who was in Season 4, Episode 6 of Rick and Morty? What was the episode
called?"_

The LLM will then:

1. Call the introspection tool to understand the schema
2. Construct and execute a GraphQL query
3. Return the answer: "Never Ricking Morty" featuring Rick Sanchez, Morty Smith,
   and others

The whole flow happens automatically because the LLM has access to the schema
through introspection and the tools that Zuplo automatically provides.

It is worth noting that introspection needs to stay enabled for the MCP server
to work. Without it, the LLM can't discover the schema.

## Additional GraphQL Policies

Zuplo offers a few additional options for working with GraphQL in the form of
built-in policies that can be added to any route. These policies let you lock
down the public GraphQL endpoint while still giving the MCP server what it needs
to work correctly.

<CalloutDoc
  title="GraphQL Introspection Filter"
  description={`Filter which types and fields appear in GraphQL introspection responses.`}
  href="https://zuplo.com/docs/policies/graphql-introspection-filter-outbound"
  features={[`Filter schema types`, `Hide internal fields`, `Outbound policy`]}
/>

<CalloutDoc
  title="GraphQL Disable Introspection"
  description={`Block introspection on public routes while keeping it available for internal MCP calls.`}
  href="https://zuplo.com/docs/policies/graphql-disable-introspection-inbound"
  features={[`Block public introspection`, `Protect schema`, `Inbound policy`]}
/>

<CalloutDoc
  title="GraphQL Complexity Limit"
  description={`Prevent resource-intensive queries from overwhelming your backend.`}
  href="https://zuplo.com/docs/policies/graphql-complexity-limit-inbound"
  features={[
    `Query cost analysis`,
    `Depth limiting`,
    `Protect backend
resources`,
  ]}
/>

## Get Started

GraphQL-to-MCP support is available now in Zuplo. Try it for yourself!

<CalloutSample
  title="GraphQL MCP Server Example"
  description="A complete working example of exposing a GraphQL API as an MCP server with automatic introspection and query execution."
  deployUrl="https://zuplo.com/examples/mcp-server-graphql"
  repoUrl="https://github.com/zuplo/zuplo/tree/main/examples/mcp-server-graphql"
  localCommand="npx create-zuplo-api --example mcp-server-graphql"
/>

<CalloutNextStep
  label="Documentation"
  title="MCP Server GraphQL Docs"
  href="https://zuplo.com/docs/mcp-server/graphql"
/>

<CalloutNextStep
  label="Get Started"
  title="Sign up for a free Zuplo account"
  href="https://portal.zuplo.com/signup"
/>