Post

Kong MCP Gateway

Kong's MCP Gateway is the enterprise play: if you already run Kong for APIs and LLMs, adding MCP governance is a configuration change, not a new infrastructure component.

Posted
By
3 min read
Kong MCP Gateway

Kong’s MCP Gateway is the enterprise play: if you already run Kong for APIs and LLMs, adding MCP governance is a configuration change, not a new infrastructure component. The tradeoff is the enterprise license requirement.

What It Is

Kong MCP Gateway is a reverse proxy and governance layer for MCP servers, built as a plugin on Kong Gateway Enterprise (v3.12+, October 2025). It sits in front of MCP servers and provides authentication, authorization, rate limiting, guardrails, observability, and auto-generation of MCP endpoints from existing REST APIs.

It is not a separate product – it extends the same Kong Gateway that handles your API and LLM traffic. One gateway for everything.

Key Features

OAuth 2.1 Authentication (MCP Spec-Aligned)

Kong implements OAuth 2.1 as defined in the MCP specification (June 2025 revision). Kong acts as the OAuth Resource Server, validating tokens and applying consistent security policies across all MCP servers. Also supports OIDC, JWT, and ACLs.

REST to MCP Auto-Generation

Kong can automatically convert existing REST API endpoints managed by Kong into MCP-compatible tools – no manual code required. This is unique to Kong and massively accelerates MCP adoption for organizations with large existing API catalogs.

1
2
3
4
5
6
7
8

Existing REST APIs registered in Kong
              |
              v
    [Kong MCP Auto-Generation]
              |
              v
    MCP-compatible tool endpoints
    (available to AI agents via MCP protocol)

Tool-Level Access Control

  • RBAC policies per MCP server, per tool, per agent
  • ACLs to restrict which agents can call which tools
  • Team-based permissions via Kong Konnect

Rate Limiting

Token-based and request-based rate limiting per agent, per tool, per team. Prevents runaway agents from overwhelming backend tools or burning through API quotas.

Guardrails

  • Prompt security on tool inputs
  • Content moderation on tool outputs
  • PII sanitization before data reaches MCP servers or returns to agents

Observability

MCP-specific Prometheus metrics, traces, and logs. Kong Konnect dashboards show:

  • Which agents call which tools, how often
  • Tool call latency and error rates
  • Cost attribution per agent/team
  • Full audit trail for compliance

Dynamic Routing & Load Balancing

Route tool calls to the correct backend MCP server with load balancing and automatic failover. Supports canary deployments of new MCP server versions.

Architecture

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

AI Agent (Claude, GPT, custom)
    |
    v (MCP protocol)
+--------------------------------------+
| Kong Gateway (Enterprise)             |
|                                       |
|  [MCP Proxy Plugin]                  |
|       |                               |
|  [OAuth 2.1 Validation]             |
|       |                               |
|  [ACL / RBAC Check]                 |
|       |                               |
|  [Rate Limiting]                     |
|       |                               |
|  [Guardrails: PII, Content]         |
|       |                               |
|  [Route to MCP Server]              |
|       |                               |
|  [Logging / Metrics / Traces]        |
+--------------------------------------+
    |
    v
MCP Servers (Database, Slack, GitHub, internal APIs)

Self-Hosting

Same as Kong AI Gateway: fully self-hostable with enterprise license. The MCP Proxy plugin and OAuth 2.1 plugin are enterprise-only.

Mode MCP Support
Kong OSS No MCP plugins
Kong Enterprise (self-hosted) Full MCP gateway
Kong Konnect (hybrid) Full MCP gateway + dashboards

Pricing

MCP Gateway is included in Kong Gateway Enterprise / Konnect Enterprise. No separate MCP-specific licensing – if you already have Kong Enterprise, you get MCP capabilities.

If you don’t have Kong Enterprise yet, the MCP gateway alone is not worth the enterprise license cost. But if you’re already paying for Kong (like MMS), it’s free incremental value.

When to Use

Strong fit:

  • Already running Kong for API/LLM gateway (unified governance)
  • Large existing REST API catalog that you want to expose as MCP tools (auto-generation)
  • Enterprise with strict auth/compliance requirements for tool access
  • Need self-hosted MCP gateway with full feature set

Weak fit:

  • Small team with few MCP servers – Cloudflare MCP Portals is simpler
  • No existing Kong deployment – the enterprise license overhead is not justified for MCP alone
  • Only need basic MCP proxying without governance

References

AI & Agents, AI Ops
guardrails
This post is licensed under CC BY 4.0 by the author.