MCP Proxies Explained – What Is An MCP Proxy and Should You Use One?
A Model Context Protocol (MCP) proxy acts as a central router for all your MCP traffic and connections. MCP proxies sit between your MCP servers and clients and process all requests and responses from both components in the MCP transaction.
MCP proxies offer a straightforward approach to consolidating your disparate MCP connections in one location, enabling you to enforce essential security, observability, and access controls.
In this blog, we’ll explore what an MCP proxy is and why using one is beneficial, particularly for enterprises. We’ll also clarify the confusion over MCP proxies and MCP gateways, explaining which type of solution each of these terms actually refers to and whether a simple proxy or a complete gateway is better suited for your organization.
What Is An MCP Proxy?
An MCP proxy is an intermediary software that sits between MCP servers and clients. The proxy receives requests from MCP clients and forwards them to MCP servers. The MCP server then sends responses to the proxy, which processes and forwards these responses to the MCP client.
An MCP proxy acts as a central hub or router to standardize and centralize your MCP connections. This enables you to aggregate multiple MCP servers and tools, implement and standardize authentication/authorization controls, and easily administer which servers and tools are available to clients.
What is the difference between an MCP proxy and an MCP gateway?
Many people confuse MCP proxies and MCP gateways. This confusion is understandable because MCP gateways include an MCP proxy, but MCP gateways have a range of capabilities in addition to those provided by an MCP proxy, including:
- Controlling which users/agents can access which MCP servers and tools
- Enforcement of security policies
- Runtime, bi-directional prompt inspection and sanitization
- Session-level context management
- Refinement of MCP server responses (to reduce LLM context-window utilization and token consumption)
- Load balancing, caching, request queuing, and other measures to maintain performance
- End-to-end logging that is fully traceable and configurable, with user and session IDs for security and performance observability
- Advanced telemetry and enterprise-specific analytics, including token usage and costs
Here’s a table summarizing the key differences between MCP proxies and gateways:
| Capability / Functionality | MCP Proxies | MCP Gateways |
|---|---|---|
| Primary Role | Simple request forwarding between MCP clients and servers. | Acts as an intermediary that manages, routes, and secures MCP traffic between clients and servers. |
| Security Controls | Typically minimal or no security enforcement. | Comprehensive security: authentication, authorization, prompt sanitization, RBAC, zero-trust identity management. |
| Context Management | No or limited context/state handling between calls. | Maintains session context and state for multi-step workflows and chained operations. |
| Policy Enforcement | Generally lacks policy enforcement capabilities. | Enforces organization-wide policies: rate limiting, access control, tool use restrictions. |
| Logging & Observability | Basic logging if any; mainly traffic pass-through logs. | Detailed, comprehensive logging and observability for audit and performance monitoring. |
| Tool & Server Management | None or very limited management or discovery of tools/servers. | Centralized management of MCP servers and tools with dynamic discovery and filtering capabilities. |
| Operational Efficiency | No optimization of request routing or batching. | Optimizes routing, batching, session reuse to improve efficiency and scalability. |
| Response Handling | Pass-through of responses without modification. | Sanitizes and transforms responses to remove malicious content and reduce bloat. |
| Multi-Tenancy Support | Rarely supports multi-user/tenant isolation. | Supports multi-tenancy with strict isolation of data and sessions per user/team. |
| Usage Context | Often used for basic network traffic relay or simple MCP setups. | Designed for enterprise-scale AI deployments requiring robust controls and governance. |
Does An MCP Gateway Include An MCP Proxy?
Yes, essentially, an MCP gateway includes an MCP proxy with additional important functionality (see above). You can think of a proxy as one component in a gateway.
The MCP gateway’s additional functionality provides:
- Comprehensive protection against MCP-based security risks
- Granular access controls
- End-to-end observability
- Usage controls and performance improvements
An MCP gateway is the logical interface for controlling access, where security policies and access controls are defined. The proxy acts as the enforcement layer for these security policies and access controls.
Gateways also manage session-level context and can modify server responses to moderate and refine them before they reach the client.
Shaping server responses prevents prompt injection attacks, or inadvertently dangerous prompts, and can remove surplus information that would unnecessarily consume the AI-agent’s limited context window.
What Are The Benefits of An MCP Proxy?
An MCP proxy acts like a router, orchestrating transactions between MCP clients and MCP servers, which provides several important benefits, key amongst them are:
- Essential/Basic MCP Logs: All MCP traffic flows through the proxy and can be logged by it, producing retrievable logs that provide a foundational level of observability. MCP gateways build on this with more advanced logging.
- Access Controls: You can use some MCP proxies to enforce authentication protocols like OAuth, role-based access controls, and other components of MCP identity management. This may require additional middle-ware (such as IdPs) and configuration on your part.
- Control at Scale: MCP proxies centralize all your MCP traffic through a single point, allowing you to easily monitor and manage the MCP servers your organization uses.
- Cross-Compatibility: MCP proxies can normalize varying MCP server implementations, enabling interoperability.
Reduces Complexity: The proxy simplifies, streamlines, and standardizes the process of connecting to servers using various setups and transport methods, making it easier for clients to connect without user intervention.
Should You Use An MCP Proxy?
All organizations seeking to use MCP servers should centralize MCP traffic through a single, manageable node. However, while an MCP proxy is one method to funnel, observe, and control MCP traffic, it is not the most comprehensive approach available.
An MCP gateway, or “MCP manager,” builds on the foundations of an MCP proxy to provide the necessary security protections, user and identity management, logging and observability, and performance improvements that enterprise organizations require to adopt MCP servers successfully and securely.
In short, yes, you should use an MCP proxy; however, it would be better to use an MCP gateway, such as MCP Manager.
Get your 1-1 demo of MCP Manager, where we can talk through MCP security risks and how MCP Manager mitigates them. Or you can watch a shorter video overview first.
