Central authentication
Use OAuth 2.0 with PKCE or API keys instead of exposing backend credentials to every AI client.
MCP gateway / MCP proxy / access control
Connect AI clients to PostgreSQL or OpenAPI sources through managed remote MCP links. Keep backend credentials out of client configuration, enforce source-specific policy, and review PostgreSQL query activity.
tools/call → productionPOLICY CHECKEDDirect answer
Choose datamcp when you need to turn PostgreSQL 12+ or an OpenAPI 3.x / Swagger source into a managed remote HTTPS MCP endpoint without operating the MCP transport, authentication layer, or gateway runtime yourself.
The production path
MCP makes backend tools discoverable to AI, but the protocol alone does not decide which user should access a table, which client may call a write endpoint, where credentials are stored, or how activity is reviewed.
A hosted MCP gateway centralizes those responsibilities. datamcp connects to the backend, publishes a remote MCP endpoint, authenticates the client, enforces the MCP link's permissions, and executes the approved operation. For PostgreSQL connections, query activity and permission denials are available for review in the activity log.
An MCP proxy and an MCP gateway are sometimes used as synonyms. The useful distinction is responsibility: forwarding requests is proxy behavior; authenticating clients, applying policy, isolating upstream credentials, and supporting revocation are gateway controls. datamcp provides those controls for the PostgreSQL and OpenAPI sources it connects—it does not relay arbitrary third-party MCP servers.
If your search starts with proxy architecture, use the MCP proxy vs. gateway guide to compare transport forwarding with a managed control layer and verify where datamcp fits.
For a deeper decision framework, read the MCP gateway vs. MCP server comparison. To evaluate a specific source type, see the PostgreSQL MCP server and OpenAPI to MCP pages.
What you get
Use OAuth 2.0 with PKCE or API keys instead of exposing backend credentials to every AI client.
Create distinct access policies for clients, teammates, use cases, and environments.
Keep supported PostgreSQL and upstream API credentials on the connection side instead of distributing them to MCP clients.
Review query execution details and permission denials, then export the visible activity as CSV or JSON.
Give AI enough structure to choose the right table or endpoint before it executes an operation.
Run one stable remote MCP layer without maintaining transports, local runtimes, or gateway infrastructure.
Source to controlled MCP link
Connect the source once. DataMCP handles discovery, hosted transport, client authentication, and link policy.
Read the setup guideConnect PostgreSQL or provide an OpenAPI specification and upstream authentication.
Choose database operations, tables, or allowed HTTP methods for the MCP link.
Connect the approved AI client and monitor its activity from one dashboard.
Build or use datamcp
See what stays on your engineering backlog when the MCP runtime and control layer are managed for you.
Often distributed to each client
Usually tied to one backend credential
Rotate shared credentials and configs
Split across clients and database logs
Runtime and transport configuration
Frequently asked questions
Clear answers about architecture, access, credentials, and supported clients.
An MCP gateway sits between AI clients and backend systems. It exposes or routes MCP tools while centralizing client authentication, permission checks, backend credential handling, and revocation. Logging support depends on the gateway and source type.
An MCP server exposes tools for one system or capability. A gateway adds a managed control layer around those tools and backend connections. datamcp provides both the hosted MCP endpoint and the gateway controls for PostgreSQL and OpenAPI sources.
The terms overlap, but a proxy usually focuses on forwarding traffic while a gateway also centralizes authentication, authorization, credential isolation, and activity review. datamcp creates hosted MCP endpoints for PostgreSQL and OpenAPI connections; it is not a generic proxy for arbitrary third-party MCP servers.
AI clients can authenticate to datamcp with an API key or OAuth 2.0 with PKCE. That client credential is separate from the PostgreSQL password or upstream API credential stored on the connection.
datamcp currently supports PostgreSQL 12 and newer plus REST APIs described by OpenAPI 3.x or Swagger documentation. Each source can have multiple MCP links with different permissions and users.
No. Create separate MCP links for tools, environments, or people. A production ChatGPT link can be read-only while an internal Cursor link has a different table or API method scope.
Yes. datamcp hosts the remote MCP transport and control plane, so clients connect over HTTPS. You do not need to keep a local process or custom gateway deployment running.
No. datamcp is a hosted service and does not currently provide an open-source, self-hosted, or on-premise edition. Teams that require self-hosting should evaluate a self-operated gateway and budget for authentication, policy, secrets, updates, monitoring, and incident response.
No. Gateway policy narrows what one MCP link may request, while PostgreSQL roles or upstream API authorization remain independent boundaries. Use least-privilege backend credentials even when the gateway provides per-link controls.
Keep exploring
Build the server inventory, ownership model, approval process, change control, access reviews, and incident runbook.
GUIDESeparate OAuth identity, scopes, tool policy, resource access, backend grants, denial handling, and revocation.
GUIDEDesign an event model that supports debugging, security review, incident reconstruction, and safe retention.
GUIDEAudit authentication, least privilege, credentials, logs, revocation, and incident response before production access.
GUIDECompare direct servers, remote servers, and managed gateways with a production decision checklist.
GUIDECompare managed, self-hosted, and local MCP across transport, security, cost, maintenance, and operational ownership.
GUIDECompare transport forwarding with authentication, policy, credential isolation, and link revocation.
GUIDEGive AI clients live schema and query access with explicit database boundaries.
GUIDEExpose discovery tools and approved REST API calls through a managed remote MCP link.
Start with one link
Connect one PostgreSQL or OpenAPI source and create one managed MCP link for free. Add more sources and policies as your team grows.