{"id":"apisql-dev-apisql-mcp","name":"apisql-mcp","homepage":"https://www.apisql.cn/","repo_url":"https://github.com/apisql-dev/apisql-mcp","category":"api-gateway","subcategories":[],"tags":["mcp","sql","database","api-gateway","nodejs","integration"],"what_it_does":"An MCP server (Node.js) that lets MCP clients execute SQL against multiple database types via an apiSQL API gateway, with support for runtime switching between configured data sources (DS/SUDB), and both DDL/DML plus stored procedures/UDFs. It can run over MCP stdio by default and also offers a streamable HTTP transport mode.","use_cases":["Letting LLM/MCP agents query and analyze databases across multiple engines from one integration","Operational analytics/reporting using SQL with dynamic data-source switching","DB access in environments that prefer routing through a gateway rather than direct network exposure","Admin/automation workflows that require executing DDL/DML and stored procedures through an agent"],"not_for":["Untrusted users/agents that should not have broad database modification capabilities","Read-only reporting scenarios where writes/DDL must be strictly prohibited","Environments requiring a local-only database connector without reliance on an external gateway/service","Strict compliance contexts where data residency, audit retention, and security controls must be formally documented"],"best_when":"You have an apiSQL account + gateway configured, want an MCP-friendly single entry point to many SQL engines, and you can enforce least-privilege at the gateway/data-source level.","avoid_when":"You cannot enforce least-privilege (e.g., credentials allow writes/DDL broadly) or you need strong, explicitly documented operational guarantees (error semantics, retries, rate limits, SLAs) from this package itself.","alternatives":["Use a native database driver/connectors per engine (e.g., Postgres/MySQL/SQLite drivers) with a dedicated service layer","Build an MCP server specifically for one database type with tighter controls and explicit idempotency/retry behavior","Use apiSQL gateway APIs directly (if available) rather than via MCP, for better control over request/response semantics","Generic SQL orchestration tools or query gateways that provide read-only and query-limiting modes"],"af_score":58.2,"security_score":64.8,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:39:06.555875+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Bearer token API key (APISQL_MCP_API_KEY) used when calling apiSQL API endpoint"],"oauth":false,"scopes":true,"notes":"README indicates access control via apiSQL platform API key authorization and SUDB permissions, but does not document exact scope model/claims or how granular scopes map to DB actions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information in provided content; apiSQL service is required so costs likely apply externally."},"requirements":{"requires_signup":true,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":58.2,"security_score":64.8,"reliability_score":32.5,"mcp_server_quality":78.0,"documentation_accuracy":74.0,"error_message_quality":0.0,"error_message_notes":"README provides some troubleshooting messages (e.g., missing env vars, data source not found, connection issues), but it does not specify structured MCP error codes or how errors are surfaced through the MCP protocol.","auth_complexity":75.0,"rate_limit_clarity":10.0,"tls_enforcement":85.0,"auth_strength":70.0,"scope_granularity":50.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"Security relies primarily on apiSQL gateway API key authorization and network routing (with a documented recommendation for least-privilege/read-only users). The README includes a real-looking example API key in plaintext, which is a risk as sample handling/rotation guidance is not discussed. No explicit documentation here about TLS requirements, key rotation, secret logging, rate limiting, or audit log retention—only that logs/audit exist via apiSQL.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":35.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"Supports DDL/DML and stored procedures, which are not inherently idempotent; no explicit idempotency guidance is provided.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Credentials/permissions: the server can execute modifying SQL; least-privilege is critical","Dynamic DS/SUDB routing depends on the gateway URL containing /$sudb and on exact data source naming","Agents may issue heavy/long-running queries; there is no documented query timeout/limits here","Transport choice matters: stdio vs streamable-http requires correct client configuration"]}}