Post

Portkey MCP Gateway

Portkey's MCP Gateway extends its LLM gateway to cover tool access -- if you already use Portkey for LLM routing, adding MCP governance keeps everything in one platform.

Posted
By
3 min read
Portkey MCP Gateway

Portkey’s MCP Gateway extends its LLM gateway to cover tool access – if you already use Portkey for LLM routing, adding MCP governance keeps everything in one platform. The MCP features are newer and less mature than Kong or Cloudflare.

What It Is

Portkey MCP Gateway is a managed layer that sits between AI agents and MCP servers, providing authentication, access control, identity forwarding, and observability for tool calls. It is an extension of the Portkey platform (which also provides LLM gateway, observability, and prompt management).

The value proposition: one platform for both LLM gateway and MCP gateway, with unified observability across model calls and tool calls.

Key Features

Authentication & Identity Forwarding

Agents authenticate via Portkey’s auth layer. The gateway forwards user identity (email, team, roles) to MCP servers automatically, so tools can make authorization decisions based on who is actually using the agent.

1
2
3

User --> Agent --> [Portkey MCP Gateway] --> MCP Server
                   |
                   Forwards: user email, team, roles

This is important for enterprise: the database tool needs to know that the query came from a finance team member, not just “an agent.”

Team-Level Permissions

  • Define which teams can access which MCP servers
  • Restrict specific tools within a server (not all-or-nothing)
  • Credentials managed at the gateway – agents never see tool credentials

Tool Discovery

Centralized catalog of available MCP servers and their tools. Agents discover available tools at runtime through the gateway.

Guardrails (Coming / Early)

Portkey has partnered with Lasso Security to provide guardrails on MCP tool calls:

  • Pre-execution: Validate tool inputs, check for sensitive data, enforce policies
  • Rate limiting: Per-user, per-team, per-server limits
  • Content filtering: Block requests with sensitive data, inspect outputs for PII/secrets
  • Approval workflows: Require human approval for high-risk operations (planned)

Note: MCP guardrails are newer than Portkey’s LLM guardrails and still maturing.

Observability

Every tool call is logged with:

  • Agent identity and user identity
  • Tool name and server
  • Input/output payloads
  • Latency and status
  • Integrated with Portkey’s existing analytics dashboard

Multi-Server Composition

Route agents to multiple MCP servers through a single gateway endpoint. Similar to Cloudflare’s portal composition.

Architecture

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

AI Agent (any framework)
    |
    v
+----------------------------------+
| Portkey MCP Gateway               |
|  (cloud or self-hosted)           |
|                                   |
|  Authentication                   |
|       |                           |
|  Identity Forwarding              |
|  (user email, team, roles)        |
|       |                           |
|  Permission Check                 |
|  (team > server > tool)           |
|       |                           |
|  Guardrails (pre-execution)       |
|       |                           |
|  Route to MCP Server              |
|       |                           |
|  Guardrails (post-execution)      |
|       |                           |
|  Logging & Analytics              |
+----------------------------------+
    |
    v
MCP Servers

Self-Hosting

Same deployment options as Portkey LLM Gateway:

Mode MCP Support
Cloud Yes
Hybrid Yes (data plane in your infra)
Private Cloud / On-Prem Yes (enterprise)

Pricing

MCP Gateway is included in Portkey’s platform pricing – no separate MCP-specific fee. See the Portkey AI Gateway post for pricing tiers.

Limitations

  • MCP features are newer than Portkey’s LLM gateway features – less battle-tested
  • No REST to MCP auto-generation (Kong-only feature)
  • Guardrails are early / partially available – not as mature as Kong or Cloudflare DLP
  • No Code Mode equivalent (Cloudflare-only feature)
  • Smaller MCP-specific feature set than Kong’s dedicated MCP plugins

When to Use

Strong fit:

  • Already using Portkey for LLM gateway – unified platform for LLM + MCP
  • Need identity forwarding (user-level auth context passed to tools)
  • Want self-hosted MCP gateway without Kong’s enterprise license cost
  • Small-to-medium MCP server deployment

Weak fit:

  • Need mature MCP-specific governance (Kong is more complete today)
  • Need REST to MCP auto-conversion (use Kong)
  • Need DLP scanning on tool calls (use Cloudflare or Kong)
  • Not already on Portkey and choosing MCP gateway standalone

References

AI & Agents, AI Ops
guardrails
This post is licensed under CC BY 4.0 by the author.