OpenAI Codex Ships 90+ Plugins with MCP Servers Inside

On April 16, 2026, OpenAI shipped a Codex update with more than 90 new plugins, including Atlassian Rovo, CircleCI, CodeRabbit, GitLab Issues, Microsoft Suite, and Render. Plugins are now a packaging unit that bundles skills, app integrations, and MCP servers, and MCP is doing most of the heavy lifting.

The headline is the MCP piece. The Model Context Protocol is how AI agents talk to external tools, with a server publishing callable tools over JSON-RPC so any MCP-aware agent can connect, read the list, and invoke them. With MCP sitting at the center of the new plugin marketplace, Codex agents can discover and call external tools at runtime with no configuration or code changes: an agent points at a URL, reads the tools, authenticates, and calls them.

If your team runs an API, this changes the calculus on who your consumers are and how they find you.

AI Coding Agents Are Now API Consumers

This is a concrete shift in who calls your API and how they discover it, because Codex now has millions of users running parallel agents in the background that discover and invoke APIs through MCP without anyone writing integration code. When an agent needs to deploy to a cloud provider, check CI status, or query an internal service, it looks for an MCP server that exposes the right tools.

The implications for API teams:

• Discovery matters. If your API isn’t exposed as an MCP tool, AI agents can’t find it. The Codex marketplace is becoming a discovery layer for developer tools, and MCP compatibility is the entry ticket.
• Traffic patterns change. Agents make bursty, parallelized calls. They retry aggressively. They don’t read rate limit headers the way a human developer’s code does.
• Authentication needs to be agent-friendly. Agents authenticate programmatically, without browser-based OAuth flows. API keys and machine-to-machine auth matter more than ever.

Codex isn’t alone here either: Claude Code, Cursor, and Gemini CLI all support MCP, and the ecosystem has converged on it as the agent-tooling contract. But Codex’s scale, combined with MCP sitting at the center of the new plugin marketplace, makes it the single largest driver of MCP-based API consumption today.

What API Teams Need to Do Now

If you run an API that developers use, here’s what this means for your roadmap:

1. Expose Your API as MCP Tools

Agents can only use what they can discover, so your endpoints need to show up as MCP tools with clear descriptions, descriptive operation names, parameter schemas, and response formats.

If you already have an OpenAPI spec, you’re most of the way there. Your spec describes operations, parameters, and responses, which is exactly the metadata MCP clients need. A gateway that reads OpenAPI natively can serve those as MCP tools with no conversion step.

2. Secure Agent Access at the Gateway

Agent traffic needs auth and authorization like human traffic, arguably more so: a misconfigured agent can burn through your quota in seconds. You need:

• API key authentication that agents can use without interactive flows
• Rate limiting that accounts for bursty agent behavior
• Per-consumer access controls so you know which agent or user is making each call

3. Monitor Agent Traffic Patterns

Agent traffic has distinct fingerprints, so knowing which tools are called, how often, and by which consumers is critical for capacity planning, pricing, and abuse detection.

How Zuplo Makes This Easy

Zuplo turns your existing API into something AI agents can discover, authenticate against, and call, without deploying separate infrastructure.

MCP Server Handler

The handler turns your gateway routes into MCP tools. Point it at your OpenAPI spec, pick the operations to expose, and every tool call runs through the same auth, rate limiting, and policy pipeline as your regular API traffic.

API Key Authentication

Zuplo’s managed API keys are purpose-built for programmatic access. Keys use a zpka_ prefix with built-in checksum validation and GitHub secret scanning, so leaked keys get flagged automatically. Every key maps to a consumer identity, giving you per-consumer analytics and instant revocation.

Rate Limiting for Agent Traffic

Zuplo’s rate limiting runs at the edge with configurable time windows. You can limit by user, IP, API key, or a custom function, which matters when agent traffic arrives in bursts that look nothing like human request patterns. The complex rate limiting policy adds multiple named counters in a single policy, useful when one tool call triggers multiple backend operations.

OpenAPI-First, MCP-Compatible

Because Zuplo is an OpenAPI-native gateway, any API you define in OpenAPI can be exposed as MCP tools with no MCP-specific code. Add the MCP Server Handler and your API is callable by Codex, Claude Code, Cursor, and any other MCP-compatible client, from 300+ global edge locations.

The Bigger Picture

OpenAI making MCP the connective tissue of its Codex plugin marketplace validates a trend that’s been building for months: MCP is becoming the universal interface between AI agents and their tools. Microsoft’s Agent Framework 1.0 made the same bet. So did Anthropic with Claude Code and Google with Gemini CLI.

MCP compatibility is no longer a nice-to-have. It’s becoming a requirement for any API that wants to be consumed by the fastest-growing category of developers: AI coding agents.

Teams that move first, exposing their APIs as MCP tools with proper auth, rate limiting, and observability, are the ones agents will discover and use. Teams that wait will watch their APIs get wrapped by third-party MCP servers they don’t control, losing visibility into how their APIs are consumed.

Ready to make your API discoverable by AI coding agents? Start with Zuplo for free and deploy your API as an MCP server with authentication and rate limiting in minutes.