Skip to main content
This guide will walk you through the steps to add a MCP server to the TrueFoundry AI Gateway and then use it in the playground or through Cursor/VSCode/Claude or in your code agents.
1

Add an MCP Server

To add an MCP server, you can either create one from scratch or add a public MCP server.Add MCP ServerAdd MCP ServerIf you want to build a MCP server from scratch, you can follow the Create Calculator MCP Server tutorial.To add a custom Remote MCP server, click on Remote MCP button and then provide the following details:
FieldDescription
NameA descriptive name for the MCP server
DescriptionA description of the MCP server
URLThe URL of the MCP server
Transportstreamable-http or sse. Note that sse is deprecated

Collaborators

The Collaborators section allows you to control who can access and manage this MCP server. You can add individual users or entire teams and assign them specific roles:MCP Server Collaborators
RoleDescription
MCP Server ManagerFull access to manage the MCP server, including editing configuration, managing collaborators, and deleting the server
MCP Server UserCan use the MCP server’s tools in the playground and IDEs, but cannot modify server settings
Click + Add Collaborators to add more users or teams. You can also click View Permission Details to see the complete list of permissions for each role.When registering an MCP server, choose the authentication type that determines how requests are authenticated with the upstream MCP server.

Auth Data

You need to specify the authentication mechanism for the MCP Server: No Auth, Header Auth, DCR, or OAuth2.
The MCP server can be accessed without authentication. This is suitable for:
  • Demo or sandbox APIs
  • Public tools like a Calculator MCP Server or DeepWiki MCP server
DeepWiki MCP server configuration with No Auth option selected
Not recommended for production MCP servers or any server that provides access to sensitive data.
Configure specific headers that the Gateway passes to the MCP Server. All users share the same downstream credentials.Example: Hugging Face MCP ServerDefine the Hugging Face Token as the Authorization header value. Users authenticate to the Gateway with their TrueFoundry or IdP token, and the Gateway forwards requests with the shared Hugging Face token after RBAC checks pass.Hugging Face MCP server configuration with Header Auth option selected
Use static header auth for MCP servers that don’t support user-specific OAuth and rely on API keys or tokens. All users calling this MCP server will use the same downstream credentials.
Each user authenticates individually, and the MCP server grants access only to resources that user is authorized to use. OAuth2 is supported by popular services like Slack, GitHub, Atlassian, Google, and more.
Recommended for production. OAuth2 allows you to configure scopes (e.g., read-only), users can revoke their own authorization, and access is limited to resources each user is permitted to use.
1

Create an OAuth2 app in your provider's developer portal

Set the redirect URI to:
https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback
Replace <tfy-control-plane-base-url> with your TrueFoundry control plane URL. Note your OAuth2 App ID, Secret, and required scopes.
2

Register the MCP Server in the AI Gateway

  1. Navigate to MCP Servers tab and click Add New MCP Server Group MCP Server registration interface in AI Gateway
  2. Click Add MCP Server and provide:
  • Endpoint URL: The URL of your MCP Server
  • Authentication Type: Select OAuth2
  • OAuth2 App ID: The client ID from your OAuth2 app
  • OAuth2 App Secret: The client secret
  • OAuth2 App Scopes: Required scopes for accessing resources AI Gateway form for adding a new MCP Server with OAuth2 authentication
Store OAuth2 credentials in the TrueFoundry secrets store and reference their FQN for enhanced security.
3

Connect and authorize

  1. Click Add Tool/MCP Servers in the AI Gateway UI
  2. For OAuth2 MCP Servers, click Connect Now to authorize
OAuth2 authorization interface for MCP Server in AI Gateway
  1. Once authorized, the MCP Server’s tools appear in the list
MCP Server tools available after successful authentication
  1. You can revoke authorization at any time:
TrueFoundry Gateway Dashboard showing how to revoke OAuth2 authorization for an MCP Server
The Gateway passes the user’s JWT directly to the MCP server without transformation. The MCP server validates the token itself.Configuration:
  1. Register the MCP server with Token Passthrough authentication type
  2. Configure an External Identity to allow your IdP tokens
  3. The user’s JWT is automatically forwarded to the MCP server
With Token Passthrough, the MCP server is responsible for validating the token. Make sure the MCP server is configured to trust your IdP.
2

Use MCP Server in Your IDE

Once you’ve added an MCP server, you can easily integrate it with your favorite IDE or AI coding assistant. Navigate to the MCP server details page and click on the How To Use tab.Use MCP Server in IDE
Use the Add MCP to Cursor button to automatically add the MCP server configuration to your Cursor IDE. You can also click Show API Key to reveal the full authorization token, or Copy to copy the configuration to your clipboard.
3

Use MCP Servers in Playground

You can select the MCP servers from the playground, select the tools and send your prompt to see which tools are being called.