Portkey MCP Gateway
Secure, observable Model Context Protocol gateway – routing, tracing, guardrails, and access control applied to every MCP interaction your agents make
Overview:
Portkey MCP Gateway is a governance and observability layer for Model Context Protocol interactions. As AI agents use MCP to access filesystems, databases, APIs, and external services, the MCP Gateway ensures every tool call is routed through a single observable endpoint where routing rules, access controls, guardrails, and audit logging are applied automatically.
Without a gateway layer, MCP tool calls made by agents are opaque – there is no central record of what was called, by which agent, with which inputs, or what was returned. Portkey's MCP Gateway brings the same governance model applied to LLM calls in the AI Gateway to every MCP interaction, giving teams the confidence to grant agents real capabilities at scale.
- Universal MCP routing – all MCP servers accessible through a single gateway endpoint with per-server routing rules.
- Full tool call tracing – every invocation logged with server name, tool, inputs, outputs, latency, and error detail.
- Traces linked to the parent agent trace for complete end-to-end visibility across LLM calls and tool calls.
- Scoped per-agent MCP access tokens enforce least-privilege access at the tool level.
- MCP guardrails – input scanning before tool calls and output scanning after responses, with block and redact actions.
- Usage analytics by agent, tool, and server – call volume, latency, error rates, and cost attribution.
- Complete audit trail exportable for compliance, security, and incident review.
- No client-side changes required – route existing MCP clients through the gateway endpoint.
Universal MCP Routing
Route MCP calls across any server – filesystem, database, GitHub, Slack, and more – through a single observable gateway endpoint. Per-server routing rules are configured at the gateway layer with no changes required to existing MCP clients or agent code.
- All MCP servers supported through a single endpoint.
- Per-server routing rules configurable at the gateway layer.
- No client-side changes required for existing MCP clients.
- Fallback routing on server unavailability.
Full MCP Tracing
Every MCP tool invocation is logged with the server name, tool called, full inputs, full outputs, latency, and any error detail. Traces are linked to the parent agent trace, giving complete end-to-end visibility across every LLM call and every tool call an agent makes.
- Input and output logging per tool call.
- Latency and error tracking per invocation.
- Retry detail captured on failed calls.
- Linked to the parent agent trace for end-to-end visibility.
Scoped Access Control
Define which agents can call which MCP tools and issue scoped tokens per agent identity. Access is enforced at the tool level, enabling least-privilege control over what each agent can do. Tokens can be revoked instantly without touching agent code, and every token has a full usage audit log.
- Per-agent MCP access tokens scoped to specific tools.
- Tool-level access control with least-privilege enforcement.
- Instant token revocation without code changes.
- Full usage audit log per agent token.
MCP Guardrails
Apply input and output guardrails to MCP calls. Block dangerous operations before they reach the server, prevent data exfiltration in responses, and enforce organisational policy on tool usage in real time – using the same configurable rule sets available in Portkey Guardrails.
- Input scanning before the tool call reaches the MCP server.
- Output scanning before the response reaches the agent.
- Block or redact on rule trigger.
- Configurable rule sets per server and per tool.
Usage Analytics
Track MCP server call volume, latency, error rates, and cost attribution broken down by agent, tool, and server. Analytics are available in the Portkey dashboard and exportable for cost allocation and capacity planning.
- Call volume per server and tool.
- Latency and error rate tracking per tool.
- Cost attribution per agent and per team.
- Dashboard view and exportable reports.
Give Agents Real Capabilities – With Real Governance
MCP gives agents powerful access to the world. Without a governance layer, every tool call is a blind spot – no record of what was called, by whom, with what data, or what was returned. Portkey's MCP Gateway applies the same governance model used for LLM calls to every MCP interaction, so teams can extend agents with real capabilities and maintain full visibility and control.
- Universal routing across all MCP servers through a single endpoint.
- Full tool call tracing linked to parent agent traces.
- Scoped per-agent MCP access tokens with least-privilege enforcement.
- Guardrails on MCP inputs and outputs with block and redact actions.
Complete Audit Trail
Every MCP action is logged with full context – which agent called which tool, on which server, with which inputs, and what the server returned. Logs are exportable in structured formats for compliance reviews, security investigations, and legal audits.
- Full call context logged per invocation.
- User and agent attribution on every entry.
- Exportable audit log for compliance and legal requirements.
- Configurable retention policy per environment.
Integration with the Portkey AI Gateway
The MCP Gateway operates as part of the Portkey platform alongside the AI Gateway, Guardrails, and Observability products. LLM calls and MCP tool calls share a unified trace, giving a complete picture of what every agent did and why – across both model interactions and external tool use.
Observability Integrations
MCP trace data flows into the same observability integrations available across the Portkey platform. Native connectors for Datadog, Grafana, Langfuse, and OpenTelemetry mean MCP events can be included in existing monitoring dashboards and alerting pipelines without additional instrumentation.
- Native Datadog, Grafana, Langfuse, and OpenTelemetry integrations.
- MCP events available in existing monitoring dashboards.
- Guardrail trigger and access violation events via webhook.
- Unified trace view across LLM calls and MCP tool calls.
Portkey MCP Gateway Specifications:
Table 1. MCP Gateway Performance and Capabilities |
||
|---|---|---|
| Cloud (Managed) | Self-Hosted (Enterprise) | |
| MCP server support | All MCP servers – filesystem, database, GitHub, Slack, and any MCP-compatible service | |
| Routing | Single gateway endpoint with per-server routing rules and fallback on unavailability | |
| Tracing | Full input/output logging per tool call, linked to parent agent trace with latency and error detail | |
| Access control | Scoped per-agent tokens with tool-level least-privilege enforcement and instant revocation | |
| Guardrails | Input and output scanning per tool call. Block or redact on rule trigger. Configurable rule sets per server and tool. | |
| Audit log retention | 30 days (extendable) | Configurable (your storage) |
| Deployment options | Managed cloud (US, EU) | Kubernetes, Docker, private VPC |
| Uptime SLA | 99.99% multi-region | Active/active cluster support |
| Table 2. Integration and Compatibility |
|---|
| Client Compatibility |
| Works with any MCP-compatible client. No client-side changes required – route existing agents through the gateway endpoint. |
| Agent Frameworks |
| Compatible with LangChain, LlamaIndex, CrewAI, AutoGen, and all frameworks that support MCP tool calling. |
| Observability |
| Native integrations with Datadog, Grafana, Langfuse, and OpenTelemetry. MCP trace data flows into existing monitoring pipelines. |
| Platform Integration |
| Operates alongside the Portkey AI Gateway, Guardrails, and Observability products with a unified trace view across LLM calls and tool calls. |
| Compliance |
| SOC 2 Type II, GDPR compliant. Zero data retention (ZDR) option available on Enterprise tier. |
| Table 3. Access Control and Guardrail Capabilities |
|---|
| Access Tokens |
| Scoped per-agent tokens with tool-level access control, instant revocation, and full usage audit log per token. |
| Guardrail Rules |
| Input and output scanning per tool call. Block dangerous operations, prevent data exfiltration, enforce policy. Configurable per server and per tool. |
| Audit Log |
| Full call context per invocation – agent, tool, server, inputs, outputs, latency. Exportable for compliance, security, and legal review. |
| Usage Analytics |
| Call volume, latency, error rates, and cost attribution by agent, tool, and server. Dashboard view and exportable reports. |
| Alerting |
| Guardrail trigger and access violation events available via dashboard notification, email, and outbound webhook. |