Alibaba Cloud OpenAPI MCP Server provides a standardized protocol to call cloud resource APIs using natural language, and enables secure access and tuning through OAuth, static AccessKey credentials, and RAM permission management.-OpenAPI Explorer(OpenAPI)-阿里云帮助中心

Model Context Protocol (MCP) is a standardized protocol that enables a large language model (LLM) to interact with external tools and data sources. Alibaba Cloud OpenAPI MCP Server allows you to call Alibaba Cloud APIs and manage your cloud resources using natural language.

Select a usage option

Select an edition

Alibaba Cloud OpenAPI MCP Server is available in the following two editions:

Item	Core edition	Custom edition
Setup speed	Fast. Get the endpoint immediately after signing in to the console.	Medium. You need to create a server and select APIs.
API coverage	Covers all Alibaba Cloud OpenAPI.	Covers only the selected APIs.
API matching method	The LLM uses semantic search to automatically find and call APIs. More specific prompts may be needed when multiple APIs have similar functions.	Selected APIs are directly exposed as tools, allowing the LLM to call them without searching.
Tuning capability	Not supported.	Supported. You can modify API descriptions and parameters.
Number of servers	One per account.	Multiple servers can be created for different scenarios.
Use cases	Quick start, exploratory operations, and cross-product workflows.	Fixed business processes, clear API requirements, and scenarios that require tuning.

Use the Core Edition for a quick start or for operations that span multiple cloud products.
Use the Custom Edition if you have specific APIs in mind and want the LLM to call them directly without searching.

Select an authentication method

After selecting an edition, you must also choose an authentication method. OpenAPI MCP Server supports the following two authentication methods:

OAuth authentication (interactive authentication): Automatically redirects to a browser to sign in. You must sign in again after the token expires.
Static credential authentication: Connects by using static credentials after a one-time pre-check, with no browser required.

Item	OAuth authentication	AccessKey authentication
Use cases	Desktop clients with browser interaction, daily development, and exploratory operations.	Headless servers, CI/CD pipelines, and unattended AI agent integrations.
Authorization method	Browser redirect for user sign-in and authorization.	The AccessKey is passed through an environment variable. No browser redirect is required.
Permission identity	Identity of the user who grants authorization.	Identity of the RAM user associated with the AccessKey.
Security	Short-lived tokens provide higher security.	Long-lived static credentials require careful risk management.

Prerequisites

Before you use OpenAPI MCP Server, complete the following preparations based on your selected authentication method.

OAuth authentication

This method is suitable for desktop clients that support browser interaction. Permissions are tied to the user, tokens are short-lived, and security is higher.

You must have an Alibaba Cloud account. If you use a RAM user, grant it the required permissions. For more information, see Grant a RAM user permissions to operate an MCP server.
Use an administrator account to go to the RAM console > OAuth Applications > Third-party Applications page, and then install and assign the official OpenAPI MCP Server application. Otherwise, OAuth authorization for the MCP service fails. For more information, see Install and authorize a third-party application.

Static credential authentication

This method is suitable for scenarios without browser interaction, such as CI/CD pipelines, CLI environments, and AI agent integrations. It supports passing AccessKey (AK) credentials through environment variables. If you are already signed in to Alibaba Cloud CLI locally, the MCP proxy automatically reuses existing credentials and no extra configuration is required.

Python (>= 3.13) and uv are installed.
You have registered an Alibaba Cloud account and created an AccessKey. The RAM user or RAM role associated with the AccessKey has the AliyunOpenAPIMCPServerStaticCredentialAccess system policy attached. You can go to the RAM console to attach this policy to a RAM user.
Before first use, you must run a pre-check command to verify that your account has been authorized. This one-time check applies to your entire Alibaba Cloud account and can be performed on any device with a browser, not just the machine running the MCP server. uvx alibabacloud.mcp-proxy@latest --server-url <MCP connection URL> pre-check

MCP server endpoint

The client configuration process is the same for both the Core and Custom editions. The only difference is how you obtain the MCP server endpoint.

Core edition

After you sign in, the system automatically assigns an MCP server endpoint for the Core Edition, covering all Alibaba Cloud OpenAPI through a built-in combination of tools.

Sign in to the Alibaba Cloud OpenAPI MCP service console.
In the left-side navigation pane, click the Core tab. The page displays the Streamable HTTP endpoint and SSE endpoint.
To modify OAuth or advanced settings, click the corresponding Modify button:
- Multi-account MCP: Manage MCP servers centrally in multi-account scenarios. For more information, see Use OpenAPI MCP Server in a multi-account scenario.
- Public access: After you enable public access, the MCP service can be accessed over the public network. This is suitable for local development and debugging, cross-region collaboration, or external system integration.
- Custom VPC allowlist: Suitable for scenarios with strict network security requirements.

Custom edition

For the Custom Edition, you must first create an MCP server and select the required APIs. Each selected API is exposed directly to the LLM as a tool, allowing the LLM to call it directly without semantic search.

Sign in to the Alibaba Cloud OpenAPI MCP service console.
In the left-side navigation pane, click Custom > Create to open the MCP configuration page.
Enter the following information:
- Name: The name must be 3 to 16 characters long and can contain only lowercase letters, digits, underscores (_), and hyphens (-). For example, mcp-demo.
- Document Language: Select the language for the API descriptions in the tools.
- OAuth Configuration:
  - Alibaba Cloud Official OAuth: Suitable for local clients, such as TONGYI Lingma, Cherry Studio, and Cursor.
  - Custom OAuth: Suitable for self-built platforms or third-party services, such as self-deployed Dify, AgentScope, and Claude Web/Mobile.
- Multi-account MCP: Manage MCP servers centrally in multi-account scenarios. For more information, see Use OpenAPI MCP Server in a multi-account scenario.
- Cloud Product and API List: Configure API tools for the MCP service.
- Terraform Tools: Define MCP tools by using Terraform HCL code. Terraform Tools supports only resource creation, not modification. For more information, see Use Terraform Tools in OpenAPI MCP Server.
- System Tools: Official pre-configured tools that are automatically integrated into the MCP service when selected.
- MCP Instructions: A prompt that tells the LLM how to use this MCP. The client must support the Instructions field of the MCP standard protocol.
- Remarks: Add descriptive information for the MCP service.
Click Create and confirm the risk warning. After the server is created, the page displays the Streamable HTTP endpoint and SSE endpoint.

Note

We recommend that you select no more than 30 APIs for a single MCP server. If you need to use more APIs, create multiple MCP servers.

If you use MCP in a VPC environment, use the VPC endpoint that is displayed on the page.

Client configuration

After you obtain the server endpoint, configure the connection in your client. This configuration applies to both the Core and Custom editions. The Alibaba Cloud OpenAPI MCP service console provides built-in configuration templates for common clients such as Cherry Studio, TONGYI Lingma/Cursor/Windsurf/VSCode, Claude Code, and Codex. MCP is broadly compatible, and other clients or programs that support the protocol can also be configured accordingly.

Two authentication methods are supported:

OAuth authentication (interactive authentication): Automatically redirects to a browser for authorization.
Static credential authentication: Uses an AccessKey passed through an environment variable or credentials from the Alibaba Cloud CLI.

Important

An AccessKey is a long-term static credential. If leaked, it can be persistently exploited. When you use an AccessKey, you must follow these security practices. For more information, see Create an AccessKey.

Do not use your Alibaba Cloud account's AccessKey. Instead, use a RAM user's AccessKey with only the minimum required permissions.
Do not hardcode the AccessKey into version-controlled files, such as mcp.json. We recommend that you inject it through environment variables or a key management service.
We recommend that you rotate your AccessKey regularly to reduce the risk of credential leakage.

OAuth authentication (default)

This method opens the local browser to guide the user through authorization, making it ideal for desktop clients with a GUI and for daily development or exploratory tasks.

Log on to the Alibaba Cloud OpenAPI MCP service console and go to the MCP service endpoint page for the Core or Custom Edition. Click One-click Configuration and select OAuth authentication (default). Then, select the corresponding client tab and follow the configuration template to complete the configuration. If a user authorization page is displayed in the browser during the process, click Authorize.

Cherry Studio

Prerequisites: You have installed Cherry Studio.

You can complete the configuration in one of the following ways:

One-click configuration: On the configuration template page in the console, click One-click Configuration for Cherry Studio and follow the prompts.
Manual configuration: In Cherry Studio, go to Settings > MCP Servers, select Add > Quick Create, enter a name, select Streamable HTTP for the type, and enter the Streamable HTTP endpoint address in the URL field. Alternatively, you can select Import from JSON and paste the configuration JSON from the page.

After saving the configuration, your browser automatically redirects to the Alibaba Cloud OAuth authorization page. After you grant authorization, the MCP service starts.

TONGYI Lingma/Cursor/Windsurf/VSCode

Prerequisites: You have installed Node.js and npm.

You can complete the configuration in one of the following ways:

One-click configuration (Only supported by Cursor): On the configuration template page in the console, click One-click Configuration for Cursor and follow the prompts.
Manual configuration: Paste the configuration JSON from the console page into your client's MCP configuration file.

Configuration method for each client:

TONGYI Lingma: Open the TONGYI Lingma plug-in, click MCP tools on the introduction page, and click + in the upper-right corner of the pop-up window to add a tool manually. Enter a custom name, select STDIO for Type, enter npx for Command, and enter mcp-remote-alibaba-cloud "<Streamable HTTP endpoint>" for Arguments.
Cursor: In the menu bar, choose File > Preferences > Cursor Settings > Tools & Integrations, click Add Custom MCP, and paste the JSON into the mcp.json file and save it. The configuration file is typically located at ~/.cursor/mcp.json or .cursor/mcp.json in your project's root directory.
Windsurf: Paste the JSON into ~/.windsurf/mcp.json or .windsurf/mcp.json in your project's root directory.
VSCode: Search for MCP in Settings and add the configuration as prompted.

After saving the configuration, you must complete the OAuth authorization through a browser the first time you use it. If the browser does not open automatically, restart the application.

Claude Code

Prerequisites: You have installed Claude Code.

Run the following command in your terminal to add the MCP server. Make sure to replace <Streamable HTTP endpoint> with the actual address obtained from the console:

claude mcp add openapi-mcp-core -- npx mcp-remote-alibaba-cloud "<Streamable HTTP endpoint>"

Run the following command to query the added MCP server:

claude mcp list

If a user authorization page appears in your browser during configuration or use, click Authorize.

Codex

Prerequisites: You have installed the Codex CLI.

Run the following command in your terminal to add the MCP server. Make sure to replace <Streamable HTTP endpoint> with the actual address obtained from the console:

codex mcp add openapi-mcp-core -- npx mcp-remote-alibaba-cloud "<Streamable HTTP endpoint>"

Run the following command to query the added MCP server:

codex mcp list

If a user authorization page appears in your browser during configuration or use, click Authorize.

Static credential authentication

Static credential authentication is completed through the local proxy alibabacloud.mcp-proxy without browser redirection. This method is suitable for scenarios such as automated pipelines, pure command-line environments, and unattended AI Agents.

Log on to the Alibaba Cloud OpenAPI MCP service console, go to the MCP service endpoint page of the Core or Custom Edition, click One-click Configuration, and select Static Credential Authentication. Then, select the corresponding client tab and complete the configuration according to the configuration template.

Note

If you have logged in to the Alibaba Cloud CLI locally (aliyun configure), the proxy automatically reads the CLI credentials. You do not need to set the env environment variable in the configuration.

Cherry Studio

Prerequisites:

You have installed Cherry Studio, Python (>= 3.13), and uv.
Your AccessKey has the AliyunOpenAPIMCPServerStaticCredentialAccess system policy attached.
Before the first use, you must run the pre-check command from the console to verify your account's authorization status. This command can be run on any device with a browser and does not need to be the same machine that runs the proxy.

You can complete the configuration in the following way:

In Cherry Studio, go to Settings > MCP Servers > Add > Import from JSON and paste the configuration. Make sure to replace AccessKey ID/Secret with your actual keys. If you have already configured Alibaba Cloud CLI, you can remove the env field to reuse the local credentials.

After completing the configuration, restart Cherry Studio and send a test request, such as querying the list of ECS instances in a region. If the API is called as expected, the static credential authentication is successful.

TONGYI Lingma/Cursor/Windsurf/VSCode

Prerequisites:

You have installed TONGYI Lingma/Cursor/Windsurf/VSCode, Python (>= 3.13), and uv.
Your AccessKey has the AliyunOpenAPIMCPServerStaticCredentialAccess system policy attached.
Before the first use, you must run the pre-check command from the console to verify your account's authorization status. This command can be run on any device with a browser and does not need to be the same machine that runs the proxy.

Configuration method for each client:

TONGYI Lingma: In the plug-in's MCP tools page, add a tool manually. Select STDIO for Type, enter uvx for Command, and enter alibabacloud.mcp-proxy@latest --server-url "<Streamable HTTP endpoint>" for Arguments. Then, add ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET in the environment variables.
Cursor: Paste the JSON into ~/.cursor/mcp.json or .cursor/mcp.json in the project's root directory. Replace the AccessKey ID and secret.
Windsurf: Paste the JSON into ~/.windsurf/mcp.json or .windsurf/mcp.json in the project's root directory. Replace the AccessKey ID and secret.
VSCode: Search for MCP in Settings and add the configuration as prompted.

If you have already configured Alibaba Cloud CLI, you can remove the environment variable configuration to reuse the local credentials.

After completing the configuration, save the settings and restart the client. Send a test request to confirm that the API is called as expected. This indicates that the static credential authentication is successful.

Claude Code

Prerequisites:

You have installed Claude Code, Python (>= 3.13), and uv.
Your AccessKey has the AliyunOpenAPIMCPServerStaticCredentialAccess system policy attached.
Before the first use, you must run the pre-check command from the console to verify your account's authorization status. This command can be run on any device with a browser and does not need to be the same machine that runs the proxy.

You can complete the configuration in the following way:

Run the following command in your terminal to add the MCP server. Make sure to replace <Access Key ID>, <Access Key Secret>, and <Streamable HTTP endpoint> with your actual values.

If you have already configured Alibaba Cloud CLI, you can remove the environment variable configuration to reuse the local credentials.

claude mcp add openapi-mcp-core --env ALIBABA_CLOUD_ACCESS_KEY_ID=<Access Key ID> --env ALIBABA_CLOUD_ACCESS_KEY_SECRET=<Access Key Secret> -- uvx alibabacloud.mcp-proxy@latest --server-url "<Streamable HTTP Endpoint>"

Run the following command to query the added MCP server:

claude mcp list

Codex

Prerequisites:

You have installed Codex, Python (>= 3.13), and uv.
Your AccessKey has the AliyunOpenAPIMCPServerStaticCredentialAccess system policy attached.
Before the first use, you must run the pre-check command from the console to verify your account's authorization status. This command can be run on any device with a browser and does not need to be the same machine that runs the proxy.

You can complete the configuration in the following way:

Run the following command in your terminal to add the MCP server. Make sure to replace <Access Key ID>, <Access Key Secret>, and <Streamable HTTP endpoint> with your actual values.

If you have already configured Alibaba Cloud CLI, you can remove the environment variable configuration to reuse the local credentials.

codex mcp add openapi-mcp-core --env ALIBABA_CLOUD_ACCESS_KEY_ID=<Access Key ID> --env ALIBABA_CLOUD_ACCESS_KEY_SECRET=<Access Key Secret> -- uvx alibabacloud.mcp-proxy@latest --server-url "<Streamable HTTP Endpoint>"

Run the following command to query the added MCP server:

codex mcp list

MCP server usage

After configuration, you can use natural language in your client to manage cloud resources. For more integration methods, see More ways to integrate MCP.

Core Edition: Describe your needs directly in natural language. The LLM automatically finds matching APIs, gets their parameter definitions, and executes the API calls without requiring you to specify API names or parameters. For example, if you enter "Help me query ECS instances in the China (Hangzhou) region", the LLM automatically finds and calls the DescribeInstances API.
Custom Edition: The APIs you configure are directly exposed as tools to the LLM, which shortens the call path by eliminating the need for search and matching. When multiple APIs have similar functions, the Custom Edition ensures that the LLM calls the specific API you intended.

Cherry Studio

From the menu in the text input box, select your MCP server.
Select the openapi-mcp-core server and confirm that a green checkmark appears to the right of the entry, which indicates that it is enabled.
Test the MCP functionality. For example, query the ECS instances in a specific region:
```
Please help me query the list of ECS instances with regionId cn-chengdu and set x_mcp_region_id.
```
Note
If the API selection or parameter settings are incorrect, try optimizing your prompt. For the Custom Edition, you can also use MCP tuning to resolve the issue.

Cursor

Select a model and an API key. Because Cursor has requirements for LLM providers (see Supported providers), you must refer to its documentation when you select a model and an API key. This example uses the default values.
In the Cursor dialog box, click Add Context and select your MCP server.
In the dialog box, enter a natural language query to test the MCP functionality, such as "Help me query the number of ECS instances in the China (Chengdu) region, and only display the instance count." After you press Enter, click Run tool as prompted to continue.
View the MCP execution result. If the API selection or parameter settings are incorrect, try optimizing your prompt. For the Custom Edition, you can also use MCP tuning to resolve the issue.

TONGYI Lingma

In TONGYI Lingma, select an agent and enter your prompt. For example, you can query the ECS instance list in the China (Chengdu) region and set x_mcp_region_id.
Follow the prompts in TONGYI Lingma to execute the MCP tool.
View the result. If the API selection or parameter settings are incorrect, try optimizing your prompt. For the Custom Edition, you can also use MCP tuning to resolve the issue.

Cline

In the Cline dialog window, enter a natural language query to test the MCP functionality, such as "Help me query the number of ECS instances in the China (Chengdu) region."
Cline automatically selects the DescribeInstances tool from the configured MCP server and extracts the value for the RegionId parameter from your input.
View the MCP execution result. If the API selection or parameter settings are incorrect, try optimizing your prompt. For the Custom Edition, you can also use MCP tuning to resolve the issue.

MCP tuning (Custom Edition only)

The Core Edition uses built-in tools to automatically handle API searches and calls. It does not support tuning.

The large language model (LLM) might select the wrong API or pass incorrect parameters. If this happens, modify the API's overview, description, and request parameter descriptions on the server. This helps the LLM understand and call the API more accurately.

Example 1: Errors or inaccurate data occur when operating on resources outside the cn-hangzhou region

Internally, MCP uses x_mcp_region_id to switch Endpoint. If the LLM fails to understand from the input that it needs to pass x_mcp_region_id, it operates on resources in the cn-hangzhou region by default.

Resolve this issue using one of the following two methods:

Explicitly instruct the LLM to set x_mcp_region_id in the query.

Find the list of ECS instances for regionId cn-qingdao, and set x_mcp_region_id.

Adjust the API overview or the description of the RegionId request parameter on the MCP server.
For example, add "Pass the user-specified region to x_mcp_region_id" to the API overview. Or, add "If the RegionId parameter exists, pass it along with x_mcp_region_id" to the description of RegionId.
Steps:
1. Go to Custom API MCP SERVER, and click Edit in the Actions column for the target MCP service.
2. Select the API to tune and click Edit in its Actions column.
3. Modify the overview, API request description, or API parameter descriptions.
4. Save the changes. Then, disconnect from and reconnect to the MCP service on the client to apply the changes.

Example 2: Deleting optional API parameters

Some optional parameters are not used in specific scenarios. Delete these parameters on the MCP server. After they are deleted, the LLM ignores them when generating parameters. This reduces the error rate and lowers Token consumption.

MCP access control

After an AI agent integrates with OpenAPI MCP Server, it supports two modes: programmatic identity access and user identity access.

Programmatic identity access

The agent accesses cloud resources using its own identity and permissions. For example, after configuring a RAM role for a custom MCP in Model Studio, the agent automatically obtains the permissions of that role. When a user performs an operation through the agent, the operation uses the agent's permissions, not the user's.

Alternatively, use static credential authentication for programmatic identity access. Pass the AccessKey (AK) ID and secret through environment variables in the client or agent configuration. The alibabacloud.mcp-proxy agent then completes the authentication. This method is suitable for unattended scenarios, such as self-built agents and CI/CD integrations. The agent performs operations using the RAM identity associated with the AK. The scope of access must also be controlled at the agent or AK level.

Note:

The agent must obtain a union of permissions for all potential operations. Therefore, control the scope of access at the agent level.
ActionTrail records the agent's identity, which is a RAM user or RAM role. For end-to-end auditing, record caller information at the agent level and associate it with ActionTrail.
In static credential authentication scenarios, follow the principle of least privilege. Grant the RAM user associated with the AK only the AliyunOpenAPIMCPServerStaticCredentialAccess policy and the API permissions required for your business. Avoid using an Alibaba Cloud account AK or granting broad permissions.

Applicable scenarios: Server-side agents, such as those in Model Studio, and automation scenarios, such as self-built agents and CI/CD integrations that use static credential authentication.

User identity access

The agent itself does not have permission to access cloud resources. It can perform operations on behalf of a user only after the user initiates an OAuth authorization flow. The tasks that the agent can perform are limited by the user's own permissions, following the principle of least privilege. ActionTrail records the identity of the user who performs the operation.

Applicable scenarios: Client-side agents, such as Cherry Studio, TONGYI Lingma, Qwen Code, Cursor, Claude Code, Dify, AgentScope, and LangGraph, or scenarios that require user identity proxying.

More ways to integrate MCP

Configure a custom OAuth application in Dify to integrate with OpenAPI MCP Server. For more information, see Integrate OpenAPI MCP Server in Dify.
In a custom agent, use the official MCP SDK to complete the custom OAuth authorization process and integrate mainstream agent frameworks. For more information, see Integrate OpenAPI MCP Server in an agent.
In Model Studio, integrate with OpenAPI MCP Server by importing an MCP. After the integration, you can add and call the MCP in a Model Studio application. The application can be published to multiple channels, such as DingTalk, WeChat, and Mobi. For more information, see Integrate OpenAPI MCP Server in Model Studio.
In Model Studio, use a bearer token to automatically authorize OpenAPI MCP Server and skip the manual authorization step. For more information, see Use a Model Studio MCP bearer token for long-term access.

FAQ

Can all APIs in Tools be called from the MCP client?

Not necessarily. The success of an API call depends on the permissions of the RAM user. This can be the user who initiates OAuth authentication or the user associated with the AccessKey (AK) for authentication. If a RAM user lacks permission to call an API, the large language model (LLM) also cannot call it.

Solution: Grant the required API permissions to the RAM user. For more information, see Manage RAM user permissions.

Important

To prevent the LLM from calling resource deletion APIs due to misinterpretation, which could affect your services, do not grant resource deletion permissions to the RAM user.

Permission denied when creating an MCP Server as a RAM user

Solution:

Grant the system policy AliyunOpenAPIMCPServerFullAccess to the RAM user. For more information, see Manage RAM user permissions.
Grant a custom policy to the RAM user:
1. Use an administrator account to create a custom policy in the RAM console. For more information, see Create a custom policy.
  The following is the content of the policy:
  Click to view the policy for MCP Server operations
  This policy includes permissions to create, update, query, and delete MCP Servers, and to query MCP system tools.
```
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "openapiexplorer:*Mcp*",
        "ram:*Application*"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}
```
2. Use an administrator account to grant the custom permission to the target RAM user. For more information, see Manage RAM user permissions.

If an MCP Server connection endpoint is exposed, can it be misused by others?

No. When a client uses the endpoint, OAuth authentication starts an authorization process. This process requires the user to log in and grant access. The system checks if the RAM user's Alibaba Cloud account matches the MCP Server's Alibaba Cloud account. Access is granted only if they match. For static credential authentication, access is restricted by the permissions of the RAM user associated with the AK. An unauthorized party cannot exceed this scope of permissions.

How to choose between static credential authentication and OAuth authentication?

Choose the authentication method that suits your use case:

OAuth authentication: Suitable for desktop client scenarios that involve browser interaction. Permissions are tied to the user, and the token is short-lived for higher security. Use OAuth for daily development and exploratory operations.
Static credential authentication (AK): Suitable for scenarios where browser redirection is inconvenient, such as automated pipelines, command-line-only environments (servers without a graphical user interface (GUI)), and unattended AI Agent integrations. Permissions are tied to the RAM identity associated with the AK. You must manage the security of the credentials yourself.

What should I do if an AccessKey Secret is leaked?

Immediately disable or delete the AccessKey in the RAM console.
Create a new AccessKey and update your client configuration.
Check the ActionTrail logs for the period of the leak to identify any unauthorized calls.