|
| 1 | +--- |
| 2 | +title: Overview of MCP servers in Azure API Management |
| 3 | +description: Learn about Model Context Protocol (MCP) servers in Azure API Management, their architecture, and how they enable AI agents to access external data sources. |
| 4 | +author: dlepow |
| 5 | +ms.service: azure-api-management |
| 6 | +ms.topic: concept-article |
| 7 | +ms.date: 07/18/2025 |
| 8 | +ms.author: danlep |
| 9 | +ms.custom: |
| 10 | +--- |
| 11 | + |
| 12 | +# About MCP servers in Azure API Management |
| 13 | + |
| 14 | +This article introduces features in Azure API Management that you can use to manage Model Context Protocol (MCP) servers. MCP servers allow AI agents to access external data sources, such as databases or APIs, through a standardized protocol. |
| 15 | + |
| 16 | +Use API Management to securely expose and govern API operations as tools for large language models (LLMs) and AI agents like GitHub Copilot, ChatGPT, Claude, and more. API Management provides centralized control over MCP server authentication, authorization, and monitoring. It simplifies the management of MCP servers while helping to mitigate common security risks and ensuring scalability. |
| 17 | + |
| 18 | + |
| 19 | +## MCP concepts and architecture |
| 20 | + |
| 21 | +AI agents are becoming widely adopted because of enhanced LLM capabilities. However, even the most advanced models face limitations because of their isolation from external data. Each new data source potentially requires custom implementations to extract, prepare, and make data accessible for the models. |
| 22 | + |
| 23 | +The [model context protocol](https://www.anthropic.com/news/model-context-protocol) (MCP) helps solve this problem. MCP is an open standard for connecting AI models and agents with external data sources such as local data sources (databases or computer files) or remote services (systems available over the internet, such as remote databases or APIs). |
| 24 | + |
| 25 | +MCP follows a client-server architecture where a host application can connect to multiple servers. Whenever your MCP host or client needs a tool, it connects to the MCP server. The MCP server then connects to, for example, a database or an API. MCP hosts and servers connect with each other through the MCP protocol. |
| 26 | + |
| 27 | +The following diagram illustrates the MCP architecture: |
| 28 | + |
| 29 | +:::image type="content" source="media/mcp-server-overview/mcp-architecture.png" alt-text="Diagram of model context protocol (MCP) architecture."::: |
| 30 | + |
| 31 | +The architecture consists of the following components: |
| 32 | + |
| 33 | +| Component | Description | |
| 34 | +|----------------|-------------------------------------------------------------------------------------------------| |
| 35 | +| **MCP hosts** | LLM applications such as chat apps or AI assistants in your IDEs (like GitHub Copilot in Visual Studio Code) that need to access external capabilities | |
| 36 | +| **MCP clients**| Protocol clients, inside the host application, that maintain 1:1 connections with servers | |
| 37 | +| **MCP servers**| Lightweight programs that each expose specific capabilities and provide context, tools, and prompts to clients | |
| 38 | +| **MCP protocol**| Transport layer in the middle | |
| 39 | + |
| 40 | +The MCP architecture is built on [JSON-RPC 2.0 for messaging](https://modelcontextprotocol.io/docs/concepts/architecture). Communication between clients and servers occurs over defined transport layers, and supports primarily two modes of operation: |
| 41 | + |
| 42 | +* **Remote MCP servers** - MCP clients connect to MCP servers over the internet, establishing a connection using HTTP and server-sent events (SSE), and authorizing the MCP client access to resources on the user's account using OAuth. |
| 43 | + |
| 44 | +* **Local MCP servers** MCP clients connect to MCP servers on the same machine, using standard input/output as a local transport method. |
| 45 | + |
| 46 | +Azure API Management supports the remote MCP server mode, using native features of API Management and [capabilities of the AI gateway](./genai-gateway-capabilities.md). |
| 47 | + |
| 48 | +> [!NOTE] |
| 49 | +> MCP server support in API Management is in preview. In preview, API Management supports MCP server tools, but doesn't currently support MCP resources or prompts. |
| 50 | +
|
| 51 | + |
| 52 | +## MCP server endpoints |
| 53 | + |
| 54 | + |
| 55 | +[TBD] |
| 56 | +<!-- Add a section about MCP server endpoints, including SSE and Streamable HTTP endpoints --> |
| 57 | + |
| 58 | +## Expose MCP servers in API Management |
| 59 | + |
| 60 | +API Management supports two ways to expose MCP servers: |
| 61 | + |
| 62 | +* **Expose a REST API as an MCP server** - Use this option to expose any REST API managed in API Management as an MCP server, including APIs imported from Azure resources. The API operations are exposed as tools that can be called by MCP clients. For more information, see [Expose REST API in API Management as MCP server](export-rest-mcp-server.md). |
| 63 | + |
| 64 | + |
| 65 | + |
| 66 | +* **Expose an existing MCP server** - Use this option to expose an existing MCP-compatible server, such as a LangChain or LangServe tool server, or an MCP server created in Azure Logic Apps, or Azure Functions. For more information, see [Expose an existing MCP server](expose-existing-mcp-server.md). |
| 67 | + |
| 68 | + |
| 69 | +## Govern MCP servers |
| 70 | + |
| 71 | +Configure one or more API Management [policies](../articles/api-management/api-management-howto-policies.md) to help manage the MCP server. The policies are applied to all API operations exposed as tools in the MCP server and can be used to control access, authentication, and other aspects of the tools. |
| 72 | + |
| 73 | +Configure policies such as the following:: |
| 74 | + |
| 75 | +* **Rate limiting and quota enforcement** - Limit the number of requests per time period to the MCP server's tools, and set usage quotas for clients or subscriptions. |
| 76 | +* **Authentication and authorization** - Require and validate incoming requests using JSON web tokens (JWT) or Microsoft Entra ID tokens for secure access. |
| 77 | +* **IP filtering** - Restrict access to the MCP server's tools based on client IP addresses. |
| 78 | +* **Caching** - Cache responses from the MCP server's tools to improve performance and reduce backend load. |
| 79 | + |
| 80 | + |
| 81 | +## Secure access to the MCP server |
| 82 | + |
| 83 | +You can secure both inbound access to the MCP server (from an MCP client to API Management) and outbound access (from API Management to the MCP server backend). |
| 84 | + |
| 85 | +### Secure inbound access |
| 86 | + |
| 87 | +One option to secure inbound access is to configure a policy to validate a JSON web token (JWT) in the incoming requests. This ensures that only authorized clients can access the MCP server. Use the [validate-jwt](../articles/api-management/validate-jwt-policy.md) or [validate-azure-ad-token](../articles/api-management/validate-azure-ad-token-policy.md) policy to validate the JWT token in the incoming requests. For example: |
| 88 | + |
| 89 | +<!-- update to validate-azure-ad-token-policy.md if preferred --> |
| 90 | +```xml |
| 91 | +<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid."> |
| 92 | + <openid-config url="https://login.microsoftonline.com/{tenant-id}/v2.0/.well-known/openid-configuration" /> |
| 93 | + <audiences> |
| 94 | + <audience>your-client-id</audience> |
| 95 | + </audiences> |
| 96 | + <issuers> |
| 97 | + <issuer>https://sts.windows.net/{tenant-id}/</issuer> |
| 98 | + </issuers> |
| 99 | +</validate-jwt> |
| 100 | + |
| 101 | +``` |
| 102 | + |
| 103 | +> [!IMPORTANT] |
| 104 | +> When you use an MCP server in API Management, incoming headers like **Authorization** aren't automatically passed to your backend API. If your backend needs a token, you can add it as an input parameter in your API definition. Alternatively, use policies like `get-authorization-context` and `set-header` to generate and attach the token, as noted in the following section. |
| 105 | +
|
| 106 | + |
| 107 | +### Secure outbound access |
| 108 | + |
| 109 | +You can use API Management's [credential manager](../articles/api-management/credentials-overview.md) to securely inject secrets or tokens for calls to a backend API. At a high level, the process is as follows: |
| 110 | + |
| 111 | +1. Register an application in a supported identity provider. |
| 112 | +1. Create a credential provider resource in API Management to manage the credentials from the identity provider. |
| 113 | +1. Configure a connection to the provider in API Management. |
| 114 | +1. Configure `get-authorization-context` and `set-header` policies to fetch the token credentials and present them in an **Authorization** header of the API requests. |
| 115 | + |
| 116 | +For a step-by-step guide to call an example backend API using credentials generated in credential manager, see [Configure credential manager - GitHub](../articles/api-management/credentials-how-to-github.md). |
| 117 | + |
| 118 | + |
| 119 | +## Monitoring |
| 120 | + |
| 121 | +To monitor MCP servers in Azure API Management, you can use API Management's built-in [integration with Azure Monitor](monitor-api-management.md) for gateway activity. This allows you to: |
| 122 | + |
| 123 | +* Track diagnostic logs, request/response traces, and usage metrics for MCP server endpoints. |
| 124 | +* Analyze traffic patterns, performance, and errors using Azure Monitor workbooks, metrics, and logs. |
| 125 | +* Send logs to Azure Log Analytics for advanced querying and analysis. |
| 126 | +* Use [Azure Application Insights](api-management-howto-app-insights.md) for detailed telemetry and performance monitoring of MCP servers. |
| 127 | +* Set up alerts for specific events or thresholds. |
| 128 | +* View monitoring data in the Azure portal under your API Management instance’s **Monitoring** or **Logs** panes. |
| 129 | + |
| 130 | +For more information, see [Monitor API Management](monitor-api-management.md). |
| 131 | + |
| 132 | + |
| 133 | +## Discover MCP servers |
| 134 | + |
| 135 | +Use [Azure API Center](../api-center/register-discover-mcp-server.md) to register and discover MCP servers in your organization. Azure API Center provides a centralized location for managing MCP servers, including those exposed in API Management and those hosted outside of API Management. |
| 136 | + |
| 137 | + |
| 138 | + |
| 139 | +## Availability |
| 140 | + |
| 141 | +<!-- availability in workspaces?--> |
| 142 | + |
| 143 | + |
| 144 | +MCP servers in API Management are available in the following service tiers: |
| 145 | + |
| 146 | +* **Classic tiers**: Basic, Standard, Premium |
| 147 | +* **v2 tiers**: Basic v2, Standard v2, Premium v2 |
| 148 | + |
| 149 | +> [!NOTE] |
| 150 | +> In the classic tiers, you must join the [AI Gateway Early update group](configure-service-update-settings.md) to access MCP server features, and access the portal at a feature-specific URL. |
| 151 | +
|
| 152 | +## Related content |
| 153 | + |
| 154 | +* [Python sample: Secure remote MCP servers using Azure API Management (experimental)](https://github.com/Azure-Samples/remote-mcp-apim-functions-python) |
| 155 | + |
| 156 | +* [MCP client authorization lab](https://github.com/Azure-Samples/AI-Gateway/tree/main/labs/mcp-client-authorization) |
| 157 | + |
| 158 | +* [Use the Azure API Management extension for VS Code to import and manage APIs](../articles/api-management/visual-studio-code-tutorial.md) |
| 159 | + |
| 160 | +* [Register and discover remote MCP servers in Azure API Center](../articles/api-center/register-discover-mcp-server.md) |
| 161 | + |
| 162 | +* [Expose REST API in API Management as an MCP server](../articles/api-management/export-rest-mcp-server.md) |
| 163 | + |
| 164 | +* [Expose and govern existing MCP server](../articles/api-management/expose-existing-mcp-server.md) |
0 commit comments