Skip to main content

System Overview

The MCP Gateway supports remote MCP servers using HTTP/SSE transport protocols (StreamableHTTP and SSE). If you have a local STDIO-based MCP server that you want to use with the gateway, see our guide on Converting STDIO MCP Servers to Streamable HTTP.

Security Architecture

The gateway implements defense-in-depth security:
  1. Client Authentication: OAuth 2.1 tokens validated on every request
  2. Authorization: Scope-based access control for MCP operations
  3. Token Isolation: Client tokens never forwarded to upstream servers
  4. Session Security: Cryptographically secure session IDs with token-aligned expiration
  5. Transport Security: TLS encryption for all connections
  6. Audit Logging: Complete request/response audit trail