FastAPI-MCP
Author: tadata-org
Description: Expose FastAPI endpoints as Model Context Protocol (MCP) tools with built-in authentication/authorization via native FastAPI dependencies (Depends). FastAPI-first (not just OpenAPI conversion), preserves request/response schemas and endpoint docs, and uses ASGI transport for efficient in-process communication. Typical usage: `mcp = FastApiMCP(app)` then `mcp.mount()` to serve an auto-generated MCP server at `/mcp`. Install via `uv add fastapi-mcp` or `pip install fastapi-mcp`. Docs: https://fastapi-mcp.tadata.com/ (examples in `examples/`).
Stars: 11.6k
Forks: 920
License: MIT License
Category: Open Source
Overview
Installation
uv add fastapi-mcppip install fastapi-mcpfrom fastapi import FastAPI
from fastapi_mcp import FastApiMCP
app = FastAPI()
mcp = FastApiMCP(app)
# Mount the MCP server directly to your FastAPI app
mcp.mount()FastApiMCP
Create an MCP server wrapper around an existing FastAPI app, exposing the app’s endpoints as MCP tools (with FastAPI dependency-based auth preserved).
mount
Mount the auto-generated MCP server onto the FastAPI application so it is served under the app (default shown at /mcp).
FAQs
How does FastAPI-MCP handle authentication, and does it fully support FastAPI's Depends() security dependencies in production?
FastAPI-MCP's authentication support is currently in alpha stage, meaning it's not fully production-ready despite reusing FastAPI's Depends() mechanism. While it preserves existing dependency injection patterns, the alpha designation signals potential stability issues. Teams should test auth thoroughly in staging environments and monitor for breaking changes across FastAPI-MCP versions before deploying authentication-protected endpoints to production.
What are the best practices for securing an MCP server?
Best practices for securing MCP servers include implementing transport-layer authentication using OAuth 2.1, restricting tool access through endpoint filtering, running servers in isolated environments with network policies, validating inputs via Pydantic schemas, implementing rate limiting, and monitoring for anomalous patterns. For production, use SSE over HTTP and require explicit authorization for destructive operations.
What are the common challenges when setting up an MCP server?
Common setup challenges include transport protocol selection, since clients like Claude Desktop require stdio bridges while others use direct SSE connections. Tool naming rules cause issues when auto-generated operation IDs contain hyphens or start with numbers. Schema validation failures occur when Pydantic models don't align with MCP expectations. Rate limiting and timeout management are critical for long-running endpoints.
How do you troubleshoot connectivity issues with an MCP server?
Start with JSON config validation using an online validator, then confirm the server command runs in your terminal with matching PATH. Check server logs for crashes or authentication failures, especially token scope mismatches. For remote servers, verify the exact URL from documentation and add required headers. Test incrementally after each fix by restarting your IDE.
What are the differences between SSE and HTTP transport in FastAPI-MCP, and why should I avoid HTTP transport in v0.4.0?
SSE (Server-Sent Events) maintains a persistent connection for real-time bidirectional communication between client and server, while HTTP transport uses request-response polling. Beyond the v0.4.0 bug causing request hangs, HTTP transport adds latency from repeated connection overhead and lacks the streaming capabilities needed for long-running agent tasks, making SSE the architecturally superior choice for MCP's interactive nature.
How do I debug FastAPI-MCP when tools don't appear in the MCP Inspector or AI agent clients?
First, confirm your FastAPI server runs and the MCP endpoint is accessible. Check server logs for registration errors. Verify Pydantic models have proper type hints, as malformed schemas block tool discovery. Test the endpoint directly with curl before connecting the inspector. Ensure middleware isn't blocking MCP headers or content negotiation.