All Products
Search

This Product

    API Gateway:MCP service management

    Document Center

    API Gateway:MCP service management

    Last Updated:Nov 12, 2025

    Model Context Protocol (MCP) is an open-source protocol designed to standardize how applications provide context to Large Language Models (LLMs). It serves as an interface for AI applications, allowing models to connect flexibly and securely to various data sources and tools. This topic describes how to create and use MCP services.

    Feature description

    AI Gateway provides the MCP service management feature to allow smooth migration from REST APIs to MCP services. The feature supports two protocols: SSE and Streamable HTTP. This feature also integrates an authentication mechanism based on consumer identity to provide technical support for enterprise-level API governance.

    Create an MCP service

    1. Log on to the AI Gateway console.

    2. In the left-side navigation pane, click Instance. In the top navigation bar, select a region.

    3. On the Instance page, click the ID of the desired instance.

    4. In the left-side navigation tree, click MCP Management. Then, click Create MCP Service.

    5. In the Create MCP Service panel, configure the following parameters, and then click Save And Publish.

      Parameter

      Description

      Example

      Name

      Configure a custom the name for the MCP service.

      demo

      Description

      Enter a custom description of the MCP service.

      Test

      MCP Access Point

      Domain Name

      Specify the domain name that is used to access the MCP service. You can select multiple domain names.

      Note

      You cannot create more than one MCP service with the same domain name in the same instance.

      www.aliyun.com

      Path (SSE)

      The system generates a path (SSE) based on the service name.

      /mcp-servers/{your-mcp-server-name}/sse

      Path (Streamable HTTP)

      The system generates a path (Streamable HTTP) based on the service name.

      /mcp-servers/{your-mcp-server-name}

      Backend Services

      Specify the service to which you want to forward API requests.

      test

      Consumer Authentication

      Specify whether to enable authentication. If this feature is enabled, only authorized consumers can access the MCP service.

      Enabled

    Add tools to an MCP service

    1. Log on to the AI Gateway console.

    2. In the left-side navigation pane, click Instance. In the top navigation bar, select a region.

    3. On the Instance page, click the ID of the desired instance.

    4. In the left-side navigation tree, select MCP Management. Then, click Details in the card of the desired service, and click Add Tool.

    5. Add tools by using one of the following two methods:

      Method 1: Use a Swagger file (recommended)

      1. Import a Swagger file to create or incrementally update MCP tools: Upload an Open API file from your local computer or paste the API definition into the edit box, and then click Generate Now.

      2. Update and confirm the MCP tool list: You can see the generated MCP tool description file and further confirm and modify the information.

      3. (Optional) Enable backend service authentication: You can add authentication and authorization configurations based on your business requirements. The following table describes the authentication configuration:

        Parameter

        Description

        Basic

        The username and password are Base64-encoded in the format of username: password and sent in the Authorization field of the HTTP request header.

        Bearer

        The client first obtains a token, usually a JSON Web Token (JWT), by using the logon interface. Each subsequent request includes this token in the Authorization header. In most cases, the token is for temporary use and has a configurable validity period.

        API Key

        The server assigns a unique string to the client as an access credential. The client submits the credential in a Header or Query parameter in each request.

      Method 2: Use custom YAML code

      1. You can manually create MCP tools by using custom YAML.

      2. Click YAML Example. You can modify the generated YAML example.

      3. (Optional) Enable backend service authentication: You can add authentication and authorization configurations based on your business requirements. The following table describes the authentication configuration:

        Parameter

        Description

        Basic

        The username and password are Base64-encoded in the format of username: password and sent in the Authorization field of the HTTP request header.

        Bearer

        The client first obtains a token, usually a JSON Web Token (JWT), by using the logon interface. Each subsequent request includes this token in the Authorization header. In most cases, the token is for temporary use and has a configurable validity period.

        API Key

        The server assigns a unique string to the client as an access credential. The client submits the credential in a Header or Query parameter in each request.

    6. Click OK. You can view the tool list and tool description information on the Tools tab.

    Consumer authentication

    1. Log on to the AI Gateway console.

    2. In the left-side navigation pane, click Instance. In the top navigation bar, select a region.

    3. On the Instance page, click the ID of the desired instance.

    4. In the left-side navigation tree, select MCP Management. Then, click Details in the card of the desired service, and click the Consumer Authentication tab.

    5. Select the Consumer Authentication tab, click Configuration Information on the right side of Edit, and turn on Enable Status. After configuring the relevant parameters, click Confirm.

      Important

      • After consumer authentication is enabled, a consumer cannot access the API unless the consumer is authorized.

      • We recommend that you use the API Key authentication method for the best compatibility.

      Configuration Item

      Description

      Enable Status

      Turn on or off the consumer authentication switch. By default, this switch is turned off.

      Authentication Method

      Consumer authentication currently supports two methods: API Key and JWT.

      • An API key is a simple authentication method. When a client accesses an API, the client must add an API key to the request in a specified way. After receiving the request, the gateway verifies the validity and permissions of the API key.

      • JSON Web Token (JWT) is used to securely transmit information between a client and a server in the form of JSON objects. The transmitted information can be verified and trusted because the JWT can be signed by using the hash-based message authentication code (HMAC) algorithm or a public/private key pair of the Rivest-Shamir-Adleman (RSA) or Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. You can use JWTs to authenticate users and perform access control.

    6. In the Consumers section, click Authorize, and select a consumer. If none exist, click Create Consumer from the drop-down list to add one. Then, click Add.

    Debug MCP services by using MCP Inspector

    Note

    We recommend that you start MCP Inspector locally for MCP debugging.

    MCP Inspector is a debugging tool provided by the MCP community. It can be used for the entire debugging process of MCP services.

    1. Install the Node.js environment.

    2. MCP Inspector installation command: npx @modelcontextprotocol/inspector node build/index.js.

    3. Select the transport type: Choose SSE for Transport Type.

    4. Enter the URL address: Obtain it from the right side of the MCP service details page.

    5. (Optional) If consumer authentication is configured, click Authentication to expand the authorization configuration and fill in the token corresponding to the consumer identity. Header Name is Authentication and does not need to be modified. Enter HereIsToken in Bearer Token.

    6. Click Connect to establish a connection. After the connection is successful, you can see the List Tools button in the middle. Click List Tools to get all tools of the MCP service.

    7. (Optional) To debug a specific tool, click the tool name, fill in the necessary parameters on the right, and click Run Tool to debug the tool call.