MCP Gateway Overview
Enterprise-grade MCP service gateway providing unified MCP service access, authentication, and access control for AI Agents.
Publish Guide
Admins register and manage MCP Servers, configure connections, authentication, and access control for secure team access to MCP services.
View Publish GuideUsage Guide
Team members browse the MCP Hub, discover available services, view capabilities, and get configuration for AI Agent integration.
View Usage GuideCore Features
Standardized Authentication
Eliminates the need for each MCP Server to implement its own authentication. The gateway handles API Key validation, OAuth 2.0 + PKCE authorization flow.
User Identity Passthrough
Automatically injects an RS512-signed JWT id_token for each request, enabling MCP Servers to directly obtain caller identity information.
Granular Access Control
Controls access to each MCP Server at three levels — visible to all, department-only, or specific users.
End-to-End Audit Trail
Complete logging of caller, target service, request content, and response status for every request, with log archiving for analysis.
Secure Credential Storage
MCP Server credentials are encrypted with AES-256-CBC and verified with SHA-256 hashing, ensuring credentials remain confidential.
Real-time Monitoring & Alerts
30-second heartbeat checks with real-time connection status display. Visualize success rate, response time, and call trends.
Request Flow
https://mcp.gateway.ai/{serverCode}/mcpX-MCP-Id-Token header, processes the request and returns the responseProtocol Support
The gateway supports three MCP transport protocols: HTTP, SSE, and WebSocket, with automatic protocol detection and adaptation, including SSE/HTTP fallback.
Important Notes
- The server code (serverCode) cannot be modified after creation. Choose a meaningful English identifier carefully.
- OAuth 2.0 mode only supports services that declare grant_types_supported including both authorization_code and refresh_token.
- Credentials (API Key, Token, passwords, etc.) are encrypted with AES-256-CBC. Leave fields empty during editing to keep existing values.
- The gateway performs automatic heartbeat checks every 30 seconds. Automatic reconnection is triggered after 5 consecutive failures.
- Ensure the MCP Server endpoint is accessible by the gateway. Internal network deployment requires network connectivity configuration.
- User identity is passed through the X-MCP-Id-Token header. MCP Servers must verify the JWT signature using the tenant's public key.