Use MCP servers in Open WebUI with Toolport
Toolport is a free, open source local MCP gateway. Add your servers to Toolport once, flip the Open WebUI toggle, and Open WebUI gets all of them through a single gateway entry, with lazy discovery loading 3 meta-tools instead of every server's full tool list.
Setup
- Download Toolport for Windows, macOS or Linux, and add your MCP servers to it (or import the ones your clients already have; secrets go to your OS keychain).
- Enable the gateway's HTTP endpoint: toggle it in Toolport's settings, or run
conduit-gateway --http(defaults tohttp://localhost:8765, bound to localhost only). - In Open WebUI, add a tool server pointing at
http://localhost:8765/openapi.json. Every Toolport server is now available; search withtoolport_search_tools, call withtoolport_call_tool.
How the connection works
Open WebUI doesn't read an MCP config file; it consumes OpenAPI tool servers. Toolport's
gateway speaks HTTP/OpenAPI natively, so no bridge process (like mcpo) is needed: the
gateway serves /openapi.json plus a POST endpoint per tool, and routes calls
to your MCP servers exactly as it does for every other client.
Running local models?
Lazy discovery asks the model to search for tools before calling them, and small local models (7B class) often aren't up to that flow. With a capable model it works well; with a smaller one, have Toolport expose the full tool catalog instead, which any model with basic tool calling can use. Either way your servers, keys and traffic stay on your machine, which is the point of running local in the first place.
Why route your tools through a gateway?
- One setup, every client. The same servers work in Open WebUI and every other client on your machine; add a server once and they all get it.
- Up to 91% fewer tool tokens. Instead of every server dumping its tool list into context, the agent loads 3 meta-tools and searches on demand (measured).
- Secrets in the OS keychain. API keys are injected at runtime and never sit in Open WebUI's config file.
- Watched by default. Rug-pull and tool-poisoning detection on every tool, plus per-tool governance and a destructive-tool kill switch. How the security works.