DiscordSign up
SKILLS.SH

apollo-mcp-server

Connect AI agents to GraphQL APIs through the Model Context Protocol with built-in introspection and operation tools. Exposes GraphQL operations as MCP tools; supports three operation sources: local files, GraphOS Studio collections, and persisted query manifests Provides four introspection tools (introspect, search, validate, execute) for schema exploration and ad-hoc query testing; minification mode reduces token usage with compact notation Configurable authentication via static headers, dynamic header forwarding, and OAuth; mutation control via explicit confirmation or blocking modes for safety in shared environments Works with Claude Desktop, Claude Code, and Cursor; supports both streamable HTTP (recommended for remote deployments) and stdio transports

INSTALLATION
npx skills add https://github.com/apollographql/skills --skill apollo-mcp-server
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Apollo MCP Server Guide

Apollo MCP Server exposes GraphQL operations as MCP tools, enabling AI agents to interact with GraphQL APIs through the Model Context Protocol.

Quick Start

Step 1: Install

# Linux / MacOS

curl -sSL https://mcp.apollo.dev/download/nix/latest | sh

# Windows

iwr 'https://mcp.apollo.dev/download/win/latest' | iex

Step 2: Configure

Create config.yaml in your project root:

# config.yaml

transport:

  type: streamable_http

schema:

  source: local

  path: ./schema.graphql

operations:

  source: local

  paths:

    - ./operations/

introspection:

  introspect:

    enabled: true

  search:

    enabled: true

  validate:

    enabled: true

  execute:

    enabled: true

Start the server:

apollo-mcp-server ./config.yaml

The MCP endpoint is available at http://127.0.0.1:8000/mcp (streamable_http defaults: address 127.0.0.1, port 8000). The GraphQL endpoint defaults to http://localhost:4000/ — override with the endpoint key if your API runs elsewhere.

Step 3: Connect

Add to your MCP client configuration:

Streamable HTTP (recommended):

Claude Desktop (claude_desktop_config.json):

{

  "mcpServers": {

    "graphql-api": {

      "command": "npx",

      "args": ["mcp-remote", "http://127.0.0.1:8000/mcp"]

    }

  }

}

Claude Code:

claude mcp add graphql-api -- npx mcp-remote http://127.0.0.1:8000/mcp

Stdio (client launches the server directly):

Claude Desktop (claude_desktop_config.json) or Claude Code (.mcp.json):

{

  "mcpServers": {

    "graphql-api": {

      "command": "./apollo-mcp-server",

      "args": ["./config.yaml"]

    }

  }

}

Built-in Tools

Apollo MCP Server provides four introspection tools:

Tool

Purpose

When to Use

introspect

Explore schema types in detail

Need type definitions, fields, relationships

search

Find types in schema

Looking for specific types or fields

validate

Check operation validity

Before executing operations

execute

Run ad-hoc GraphQL operations

Testing or one-off queries

Defining Custom Tools

MCP tools are created from GraphQL operations. Three methods:

1. Operation Files (Recommended)

operations:

  source: local

  paths:

    - ./operations/

Each file must contain exactly one operation. Each named operation becomes an MCP tool.

# operations/GetUser.graphql

query GetUser($id: ID!) {

  user(id: $id) {

    id

    name

    email

  }

}
# operations/CreateUser.graphql

mutation CreateUser($input: CreateUserInput!) {

  createUser(input: $input) {

    id

    name

  }

}

2. Operation Collections

operations:

  source: collection

  id: your-collection-id

Use GraphOS Studio to manage operations collaboratively.

3. Persisted Queries

operations:

  source: manifest

  path: ./persisted-query-manifest.json

For production environments with pre-approved operations.

Reference Files

Detailed documentation for specific topics:

  • Tools - Introspection tools and minify notation

Key Rules

Security

  • Never expose sensitive operations without authentication
  • Use headers configuration for API keys and tokens
  • Disable introspection tools in production (they are disabled by default)
  • Set overrides.mutation_mode: explicit to require confirmation for mutations

Authentication

# Static header

headers:

  Authorization: "Bearer ${env.API_TOKEN}"

# Dynamic header forwarding

forward_headers:

  - x-forwarded-token

# OAuth (streamable_http transport)

transport:

  type: streamable_http

  auth:

    servers:

      - https://auth.example.com/.well-known/openid-configuration

    audiences:

      - https://api.example.com

Token Optimization

Enable minification to reduce token usage:

introspection:

  introspect:

    minify: true

  search:

    minify: true

Minified output uses compact notation:

  • T = type, I = input, E = enum
  • s = String, i = Int, b = Boolean, f = Float, d = ID
  • ! = required, [] = list

Mutations

Control mutation behavior via the overrides section:

overrides:

  mutation_mode: all       # Execute mutations directly

  # mutation_mode: explicit  # Require explicit confirmation

  # mutation_mode: none      # Block all mutations (default)

Common Patterns

GraphOS Cloud Schema

# schema.source defaults to uplink — can be omitted when graphos is configured

graphos:

  apollo_key: ${env.APOLLO_KEY}

  apollo_graph_ref: my-graph@production

Local Development

transport:

  type: streamable_http

schema:

  source: local

  path: ./schema.graphql

introspection:

  introspect:

    enabled: true

  search:

    enabled: true

  validate:

    enabled: true

  execute:

    enabled: true

overrides:

  mutation_mode: all

Production Setup

transport:

  type: streamable_http

endpoint: https://api.production.com/graphql

operations:

  source: manifest

  path: ./persisted-query-manifest.json

graphos:

  apollo_key: ${env.APOLLO_KEY}

  apollo_graph_ref: ${env.APOLLO_GRAPH_REF}

headers:

  Authorization: "Bearer ${env.API_TOKEN}"

health_check:

  enabled: true

Docker

transport:

  type: streamable_http

  address: 0.0.0.0

  port: 8000

endpoint: ${env.GRAPHQL_ENDPOINT}

graphos:

  apollo_key: ${env.APOLLO_KEY}

  apollo_graph_ref: ${env.APOLLO_GRAPH_REF}

health_check:

  enabled: true

Ground Rules

  • ALWAYS configure authentication before exposing to AI agents
  • ALWAYS use mutation_mode: explicit or mutation_mode: none in shared environments
  • NEVER expose introspection tools with write access to production data
  • PREFER operation files over ad-hoc execute for predictable behavior
  • PREFER streamable_http transport for remote and multi-client deployments
  • USE stdio only when the MCP client launches the server process directly
  • USE GraphOS Studio collections for team collaboration
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card