Do I need an MCP gateway if I only have one MCP server?

Usually not, at first. A single MCP server fronting one system is enough to get an agent calling your tools. You start needing a gateway when you run or consume more than one server, when you need a real OAuth flow instead of pasted tokens, when you need to curate or disable specific tools, or when security and platform teams need a single place to see and revoke agent access. Many teams add a gateway the moment a second server appears.

Is an MCP gateway just an API gateway for AI agents?

Conceptually yes. MCP is another protocol for calling APIs, built on the HTTP stack, so the right place to govern it is the same place you govern the rest of your APIs. An MCP gateway applies the API gateway model (authentication, authorization, rate limiting, and observability) to MCP traffic specifically, plus MCP-native features like tool curation and MCP-spec OAuth. Zuplo runs both an API gateway and an MCP gateway on the same platform.

Can an MCP gateway combine multiple MCP servers into one?

Not into a single merged server. A gateway governs many MCP servers at once, but it does so by placing each upstream behind its own governed endpoint. In Zuplo this is called a virtual MCP server: a curated view of one upstream server, exposing only the tools you choose, at its own gateway URL. You curate each upstream individually rather than fusing several servers into one.

What does an MCP gateway add that an MCP server doesn't?

Five things, drawn from what every team rebuilds per server: discovery (a consistent way for agents to find servers), auth translation (a single OAuth authorization server that brokers upstream credentials in front of many credential models), authorization and tool curation (deciding which tools an agent can see and call), observability (one audit trail across every server), and guardrails (protections like rate limiting and prompt-injection scanning on the traffic). An individual MCP server typically implements only its own slice of these.

Does Zuplo provide both MCP servers and an MCP gateway?

Yes. Zuplo can generate an MCP server directly from your existing API's OpenAPI specification, turning endpoints into agent-callable tools without hand-written tool definitions. Zuplo also provides the MCP Gateway (public beta as of June 2026), a spec-compliant gateway that fronts your own and third-party MCP servers with a full OAuth 2.0 authorization server, tool curation via virtual MCP servers, credential brokering, and observability.

Which MCP spec and clients does the Zuplo MCP Gateway support?

The Zuplo MCP Gateway implements the 2025-11-25 MCP specification over streamable HTTP, so any spec-compliant client connects out of the box, including Claude Desktop, Claude Code, Cursor, ChatGPT (including the OpenAI Apps SDK), VS Code, and MCP Inspector.

MCP Server vs. MCP Gateway: What's the Difference and Which Do You Need?

Q: What is the difference between an MCP server and an MCP gateway?

An MCP server is a single endpoint that exposes one set of tools, prompts, and resources to an AI agent over the Model Context Protocol. An MCP gateway sits in front of many MCP servers (your own and third-party) and adds the shared infrastructure each server would otherwise build alone: a single OAuth authorization server, upstream credential brokering, tool curation, authorization, and observability. The server is the thing an agent calls; the gateway is the control plane that governs how agents reach many servers.

Q: What is shadow MCP and how does a gateway help?

Shadow MCP is the AI-era version of shadow IT: employees and agents wire themselves up to MCP servers (Linear, GitHub, Stripe, internal tools) that no platform or security team can see, govern, or revoke. An MCP gateway removes that drift by putting every server behind one governed endpoint with central auth, tool curation, and a single audit trail, so access can be observed and cut off from one place.

An MCP server exposes one set of tools, prompts, and resources to an AI agent over the Model Context Protocol. An MCP gateway sits in front of many MCP servers (your own and third-party) and adds the shared infrastructure each server would otherwise build alone: a single OAuth authorization server, upstream credential brokering, tool curation, authorization, observability, and guardrails. In short, the server is what an agent calls; the gateway is how you govern agents calling many servers.

If you have wired even one AI agent into Linear, GitHub, Stripe, or an internal API, you have already met an MCP server. The moment you run or consume a second one, you meet the problem an MCP gateway solves. This guide draws a clear line between the two, shows the core differences in a table, gives you a decision guide for which you need, and explains how they work together.

What Is an MCP Server?

An MCP server is a program that speaks the Model Context Protocol and exposes a set of tools, prompts, and resources that an AI client (Claude, Cursor, ChatGPT, a custom agent) can discover and invoke. It is the unit an agent actually connects to.

Think of an MCP server as a single API surface designed for agents instead of humans. Where a REST endpoint returns JSON for your frontend, an MCP server advertises a catalog of callable tools (create_issue, list_charges, query_logs) and the agent decides which to call to accomplish a task.

A typical MCP server:

Exposes one system’s capabilities. The Stripe MCP server exposes Stripe tools; the Linear MCP server exposes Linear tools.
Implements its own auth. Each server decides how it accepts credentials: an API key, an OAuth token, a pasted secret.
Maintains its own audit trail, if it has one at all.
Connects to one or a few clients that someone configured by hand.

You can build an MCP server from scratch, or generate one from an API you already have. Zuplo, for example, can turn an existing API’s OpenAPI specification into an MCP server, so every endpoint becomes an agent-callable tool the moment it deploys, with no hand-maintained tool definitions drifting out of sync. (See the Zuplo docs on generating an MCP server from your API.)

One server, fronting one system, is enough to get an agent doing useful work. The trouble starts when you have several.

What Is an MCP Gateway?

An MCP gateway sits in front of many MCP servers and puts each one behind a governed endpoint. It does not replace your servers; it standardizes how agents reach them and adds the cross-cutting concerns that every server would otherwise reimplement on its own.

A year ago the interesting question was “do we expose an MCP server?” Today most teams run or consume several at once: a productized server for the platform they sell, third-party servers like Linear, GitHub, and Atlassian for daily work, and a handful of internal servers for their own APIs. Each one is its own OAuth flow, its own credential model, its own audit trail. That sprawl is where shadow MCP begins: the same drift as shadow IT, where agents get hooked up to servers nobody on the platform team can see, govern, or revoke.

An MCP gateway removes that drift. Distilled to five jobs, a gateway provides:

Discovery: a consistent way for agents to find and connect to servers.
Auth translation: a single OAuth authorization server that brokers upstream credentials in front of many different credential models, so users click “Connect” instead of pasting tokens.
Authorization and tool curation: deciding which tools, prompts, and resources each agent is allowed to see and call.
Observability: one audit trail across every server, so you can see and revoke what agents are doing.
Guardrails: enforcing protections like rate limiting and prompt-injection or PII scanning on the traffic flowing through.

Because MCP is just another protocol for calling APIs, built on the HTTP stack, the right place to govern it is the same place you govern the rest of your APIs: the gateway. The Zuplo MCP Gateway (public beta as of June 2026) implements the 2025-11-25 MCP spec over streamable HTTP and fronts both your own and third-party servers from one control plane.

Virtual MCP servers: how a gateway curates, not merges

A common misconception is that a gateway fuses several MCP servers into one super-server. It does not. A gateway governs many servers, but it does so by giving each upstream its own governed endpoint.

In Zuplo this primitive is the virtual MCP server: a curated view of one upstream server that exposes only the tools, prompts, and resources you pick, at its own gateway URL. You might expose the Stripe MCP server with its destructive tools filtered out, so an agent cannot make a mistake you would spend the afternoon apologizing for. Each upstream is curated individually. You do not combine multiple servers into a single virtual server. (See the MCP Gateway quickstart.)

MCP Server vs. MCP Gateway: Core Differences

Dimension	MCP server	MCP gateway
What it is	An endpoint exposing one system’s tools to an agent	A control plane in front of many MCP servers
Scope	One system (Stripe, Linear, your API)	Many servers, first-party and third-party, at once
What agents see	That server’s full tool catalog	A curated view per server (e.g. Zuplo virtual MCP servers)
Authentication	Each server’s own auth, often pasted tokens	One spec-compliant OAuth authorization server; users click “Connect”
Credentials	Held per server, often on each client/desktop	Brokered centrally by the gateway
Tool curation	All-or-nothing; whatever the server ships	Hand-pick or disable individual tools, prompts, and resources
Observability	Per-server logs, if any	One audit trail across every server
Governance	Decentralized; easy to lose track of (shadow MCP)	Central place to see, govern, and revoke agent access
Who runs it	Whoever owns that system or API	Platform, IT, or security teams
Analogy	A single API or microservice	An API gateway, applied to MCP traffic

The simplest way to hold it in your head: an MCP server is a destination; an MCP gateway is the controlled door every agent passes through to reach those destinations.

Which Do You Need? A Decision Guide

You almost always need at least one MCP server: it is how an agent calls anything at all. The real question is when you also need a gateway. There are two directions a gateway gets deployed, and your answer usually maps to one of them:

Outside-in: you are the API provider. You ship MCP servers to customer agents and need auth, monetization, and tool curation in front of them.
Inside-out: you are the consumer. Your own employees and agents connect to third-party MCP servers, and you need to govern that. (Zuplo runs this internally to govern how its team’s agents reach Linear, Stripe, Notion, QuickBooks, and ClickHouse.)

Your situation	What you need	Why
Getting one agent to call one API or system	MCP server	A single server is enough to expose tools; no control plane required yet.
Prototyping or a hackathon	MCP server	Keep it simple; pasted tokens and one client are fine while you learn.
Exposing your product to customer agents (outside-in)	MCP server + gateway	Customers need real OAuth, curated tools, rate limits, and per-tenant observability.
Running or consuming two or more MCP servers	MCP gateway	One OAuth flow, one audit trail, and central tool curation across all of them.
Employees wiring agents into Linear, GitHub, Stripe, etc. (inside-out)	MCP gateway	Stops shadow MCP; gives security a single place to see and revoke access.
You need to disable or hide specific risky tools	MCP gateway	Curate tools per server without forking the upstream.
You need an audit trail of everything agents do	MCP gateway	Observability across servers lives at the gateway, not in each server.
You are bolting OAuth onto every internal server by hand	MCP gateway	The gateway ships a spec-compliant OAuth authorization server once, for all of them.

If you only ever have one server and one trusted client, a gateway is overkill. The instant a second server, an external consumer, or a security review enters the picture, the gateway stops being optional.

How MCP Servers and Gateways Work Together

These are not competing choices. They are layers. Agents connect to the gateway; the gateway connects to your servers; your servers connect to the underlying systems. The gateway curates and governs; the servers do the work.

AI clients like Claude, Cursor, and ChatGPT all connect to a single MCP gateway that holds OAuth, tool curation, credential brokering, observability, and guardrails. The gateway fans out to one virtual MCP server per upstream (Stripe, Linear, and your own API), and each MCP server connects to its single backing system.

Zuplo is built to cover both layers on one platform:

Build MCP servers from your APIs. Generate a spec-compliant MCP server from an existing OpenAPI definition, so your endpoints become agent tools without hand-written glue.
Govern many servers with the MCP Gateway. Front your own and third-party servers with virtual MCP servers, a full OAuth 2.0 authorization server (with pluggable identity providers like Okta, Auth0, Entra, Google, and WorkOS), credential brokering, tool curation, and observability.

Because a virtual MCP server is a first-class route in Zuplo’s OpenAPI-driven config, a single project can ship a REST API, a GraphQL endpoint, and a governed MCP server side by side: the same place you already manage your other API traffic.

The Bottom Line

An MCP server exposes one system’s tools, prompts, and resources to an agent. It is the thing an agent calls.
An MCP gateway sits in front of many servers and adds shared OAuth, credential brokering, tool curation, authorization, observability, and guardrails. It is how you govern agents calling many servers.
A gateway does not merge servers into one; it gives each upstream a curated, governed endpoint.
You need a server to do anything. You need a gateway the moment you have more than one server, an external consumer, or a security requirement.

If you want both layers without stitching them together yourself, Zuplo generates MCP servers from your APIs and provides the MCP Gateway to govern them, alongside a full API gateway on the same platform. Spin up a free project and try it. No credit card required.

Why Enterprises Need an MCP Gateway. The governance, security, and compliance case for putting a gateway in front of MCP traffic.
What the Best MCP Gateways Do in 2026. The capabilities that separate a real MCP gateway from a thin proxy.
Introducing the Zuplo MCP Gateway. A deep dive on virtual MCP servers, MCP-spec OAuth, and the five whys of an MCP gateway.
Three Gates of AI Infrastructure: API, AI, and MCP Gateways. How the three gateway types relate and where each one fits.
The Search-and-Execute MCP Design Pattern. A practical pattern for building MCP servers that scale to large tool catalogs.
Never Ship an MCP Server Without Rate Limiting. Why MCP servers need the same abuse protection as any public API.
What Is an API Gateway? The Complete Guide. The foundational gateway concepts that MCP gateways build on.