Skip to content

Commit 87edc55

Browse files
author
gitName
committed
[APIM] MCP server updates
1 parent ad57059 commit 87edc55

File tree

2 files changed

+102
-12
lines changed

2 files changed

+102
-12
lines changed
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
---
2+
title: Connect and govern existing MCP server in API Management | Microsoft Docs
3+
description: Learn how to connect and govern an existing Model Context Protocol (MCP) server in Azure API Management.
4+
author: dlepow
5+
ms.service: azure-api-management
6+
ms.topic: how-to
7+
ms.date: 07/14/2025
8+
ms.author: danlep
9+
ms.collection: ce-skilling-ai-copilot
10+
ms.custom:
11+
---
12+
13+
# Connect and govern an existing MCP server
14+
15+
[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
16+
17+
Azure API Management now supports secure integration with external MCP-compatible servers — tool servers hosted outside of API Management — through its built-in [AI gateway](genai-gateway-capabilities.md). This capability adds to existing support for MCP servers [natively exposed in API Management](export-rest-mcp-server.md) from managed REST APIs. Wit this enhancement, organizations can apply consistent governance, security, and observability to all MCP tools, regardless of where they are hosted.
18+
19+
This capability is essential for enterprises building AI agents and copilots that rely on tools distributed across cloud services, open-source runtimes, and internal platforms. With API Management, you can now centralize access, enforce policies, and monitor usage across your entire AI tool ecosystem.
20+
21+
### Example scenarios
22+
23+
- Proxy LangServe or LangChain tool servers through API Management with per-tool authentication and rate limits.
24+
- Securely expose Logic App–based tools to copilots using IP filtering and OAuth.
25+
- Centralize tools from Azure Functions and open-source runtimes into Azure API Center.
26+
- Enable GitHub Copilot, Claude, or ChatGPT to interact securely with tools across your enterprise.
27+
28+
29+
## Prerequisites
30+
31+
- An Azure API Management instance with the AI Gateway feature enabled.
32+
- Access to an external MCP-compatible server (for example, hosted in Azure Logic Apps, Azure Functions, LangServe, or other platforms).
33+
- Appropriate credentials to the MCP server (OAuth 2.0 client credentials or API keys) for secure access.
34+
35+
36+
37+
## Connect an existing MCP Server
38+
39+
1. Navigate to your Azure API Management instance in the Azure portal.
40+
2. In the left-hand menu, select **MCP servers** > **+ Create MCP server**.
41+
2. Choose **Connect existing MCP server**.
42+
3. Enter the following details:
43+
- **Base URL** of the external MCP server.
44+
- **Metadata endpoint** (if available).
45+
- **Tool schema** describing the server’s capabilities.
46+
47+
## Configure access and security Policies
48+
49+
1. Use **Credential Manager** to configure authentication:
50+
- Choose between **OAuth 2.0 client credentials** or **API key**.
51+
- Store secrets securely in **Azure Key Vault**.
52+
2. Apply inbound policies to:
53+
- Inject or modify headers, tokens, and query parameters.
54+
- Validate requests before routing to the external server.
55+
3. Set **rate limits and quotas** to prevent overuse and ensure fair access.
56+
57+
### Step 4: Enable Monitoring and Logging
58+
59+
1. Enable **Azure Monitor** integration to capture:
60+
- Diagnostic logs
61+
- Request/response traces
62+
- Usage metrics
63+
2. Connect logs to your observability stack for auditing and analysis.
64+
65+
### Step 5: Validate the Connection
66+
67+
1. Use a compliant LLM agent (e.g., GitHub Copilot, Semantic Kernel, Copilot Studio) or a test client (e.g., Postman, curl) to call the APIM-hosted MCP endpoint.
68+
2. Ensure the request includes appropriate headers and tokens.
69+
3. Confirm successful routing and response from the external MCP server.
70+
71+
72+
## Summary
73+
74+
With this enhancement, Azure API Management becomes the unified governance layer for both:
75+
- APIs exposed as MCP servers natively in APIM
76+
- External MCP servers hosted across various platforms
77+
78+
By integrating with Azure API Center, all your AI tools become discoverable, auditable, and reusable — regardless of their hosting environment.
79+
80+
## Related content
81+
82+
* [Python sample: Secure remote MCP servers using Azure API Management (experimental)](https://github.com/Azure-Samples/remote-mcp-apim-functions-python)
83+
84+
* [MCP client authorization lab](https://github.com/Azure-Samples/AI-Gateway/tree/main/labs/mcp-client-authorization)
85+
86+
* [Use the Azure API Management extension for VS Code to import and manage APIs](visual-studio-code-tutorial.md)
87+
88+
* [Register and discover remote MCP servers in Azure API Center](../api-center/register-discover-mcp-server.md)
89+

articles/api-management/export-rest-mcp-server.md

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Learn how to expose a REST API in Azure API Management as an MCP se
44
author: dlepow
55
ms.service: azure-api-management
66
ms.topic: how-to
7-
ms.date: 06/27/2025
7+
ms.date: 07/14/2025
88
ms.author: danlep
99
ms.collection: ce-skilling-ai-copilot
1010
ms.custom:
@@ -13,15 +13,21 @@ ms.custom:
1313

1414
# Expose REST API in API Management as an MCP server
1515

16-
[!INCLUDE [api-management-premium-standard-basic](../../includes/api-management-availability-premium-standard-basic.md)]
17-
16+
[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
1817

1918
In API Management, you can expose a REST API managed in API Management as a remote [Model Context Protocol (MCP)](https://www.anthropic.com/news/model-context-protocol) server. Expose one or more of the API operations as tools that MCP clients can call using the MCP protocol.
2019

20+
In addition to exposing your OpenAPI and HTTP endpoints as MCP servers, you can expose REST APIs managed in API Management such as the following:
21+
22+
* [Azure function app](import-function-app-as-api.md), for accessing serverless APIs
23+
* [Azure logic app](import-logic-app-as-api.md), for automating workflows
24+
* [Azure container app](container.md), for deploying containerized APIs
25+
26+
2127
Using API Management to expose remote MCP servers provides centralized control over authentication, authorization, and monitoring. It simplifies the process of exposing APIs as MCP servers while helping to mitigate common security risks and ensuring scalability.
2228

2329
> [!IMPORTANT]
24-
> This feature is being introduced in preview in the classic Basic, Standard, and Premium tiers. It's being released first to the **AI Gateway Early** [update group](configure-service-update-settings.md). After joining the group, it can take 2 hours to access MCP server features.
30+
> This feature is currently in preview. Review the [prerequisites](#prerequisites) to access MCP server features.
2531
2632
In this article, you learn how to:
2733

@@ -33,7 +39,8 @@ In this article, you learn how to:
3339

3440
## Prerequisites
3541

36-
+ Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md). Currently only the **Premium**, **Standard**, and **Basic** tiers of API Management support MCP servers.
42+
+ If you don't already have an API Management instance, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md). Your API Management instance must be in one of the supported service tiers for preview: classic Basic, Standard, Premium, Basic v2, Standard v2, or Premium v2.
43+
+ If your instance is in the classic Basic, Standard, or Premium tier, you must join the **AI Gateway Early** [update group](configure-service-update-settings.md) to access MCP server features. It can take up to 2 hours for the update to be applied.
3744
+ Make sure that your instance manages a REST API that you'd like to expose as an MCP server. To import a sample API, see [Import and publish your first API](import-and-publish.md).
3845
> [!NOTE]
3946
> Only HTTP APIs from API Management can be exposed as MCP servers.
@@ -42,13 +49,7 @@ In this article, you learn how to:
4249

4350
## Expose API as an MCP server
4451

45-
46-
1. In the Azure portal, access the MCP server preview at the following URL. The preview can ony be used in the supported API Management tiers:
47-
48-
```
49-
https://portal.azure.com/?Microsoft_Azure_ApiManagement=mcp
50-
```
51-
1. Navigate to your API Management instance.
52+
1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
5253
1. In the left menu, select **APIs** > **MCP Servers** > **+ Create new MCP Server**.
5354
1. In **API**, select a REST API to expose as an MCP server.
5455
1. Select one or more **API Operations** to expose as tools. You can select all operations or only specific operations.

0 commit comments

Comments
 (0)