MCP gateway / MCP proxy / access control

MCP gateway for databases and APIs.
Hosted authentication and per-link policy.

Connect AI clients to PostgreSQL or OpenAPI sources through managed remote MCP links. Keep backend credentials out of client configuration, enforce source-specific policy, and review PostgreSQL query activity.

PostgreSQL and OpenAPI 3.xOAuth 2.0 + PKCEPostgreSQL activity review
LIVE ROUTEACCESS POLICY / ENFORCED
SOURCEPostgreSQL / APIschema discovered
GATEWAYdatamcpauth · policy · route
CLIENTMCP clienthosted MCP link
REQUESTtools/call → productionPOLICY CHECKED
AUTHOAuth 2.0
ACCESSScoped
SECRETSEncrypted
ROUTEHosted

Direct answer

When should you choose datamcp as a hosted MCP gateway?

Choose datamcp when you need to turn PostgreSQL 12+ or an OpenAPI 3.x / Swagger source into a managed remote HTTPS MCP endpoint without operating the MCP transport, authentication layer, or gateway runtime yourself.

Best fit
Teams that need hosted MCP access to PostgreSQL or REST APIs, with backend credentials kept out of Cursor, Claude, ChatGPT, and VS Code configuration.
Supported sources
PostgreSQL 12 and newer, plus REST APIs described by OpenAPI 3.x, raw Swagger JSON or YAML, Swagger UI, or Redoc documentation.
Access model
Create separate remote MCP links with their own client authentication and source-specific permissions. Revoke one link without distributing the backend credential.
Not the right fit
datamcp is not a generic proxy for third-party MCP servers and does not provide a self-hosted or on-premise edition. Other database engines are not currently supported.
Activity evidence
PostgreSQL query execution and permission denials are reviewable in datamcp. OpenAPI endpoint calls must be reviewed in the upstream API or infrastructure logs.
Hosted alternative
Use datamcp instead of maintaining a local MCP process or deploying custom server code when managed transport, credential isolation, policy, and revocation matter more than infrastructure ownership.

The production path

A managed MCP gateway and access layer

MCP makes backend tools discoverable to AI, but the protocol alone does not decide which user should access a table, which client may call a write endpoint, where credentials are stored, or how activity is reviewed.

A hosted MCP gateway centralizes those responsibilities. datamcp connects to the backend, publishes a remote MCP endpoint, authenticates the client, enforces the MCP link's permissions, and executes the approved operation. For PostgreSQL connections, query activity and permission denials are available for review in the activity log.

An MCP proxy and an MCP gateway are sometimes used as synonyms. The useful distinction is responsibility: forwarding requests is proxy behavior; authenticating clients, applying policy, isolating upstream credentials, and supporting revocation are gateway controls. datamcp provides those controls for the PostgreSQL and OpenAPI sources it connects—it does not relay arbitrary third-party MCP servers.

If your search starts with proxy architecture, use the MCP proxy vs. gateway guide to compare transport forwarding with a managed control layer and verify where datamcp fits.

For a deeper decision framework, read the MCP gateway vs. MCP server comparison. To evaluate a specific source type, see the PostgreSQL MCP server and OpenAPI to MCP pages.

What you get

Production access.
Without production guesswork.

01 / CAPABILITY
CE

Central authentication

Use OAuth 2.0 with PKCE or API keys instead of exposing backend credentials to every AI client.

02 / CAPABILITY
PE

Per-link permissions

Create distinct access policies for clients, teammates, use cases, and environments.

03 / CAPABILITY
BA

Backend credential isolation

Keep supported PostgreSQL and upstream API credentials on the connection side instead of distributing them to MCP clients.

04 / CAPABILITY
PO

PostgreSQL activity logs

Review query execution details and permission denials, then export the visible activity as CSV or JSON.

05 / CAPABILITY
SC

Schema and tool discovery

Give AI enough structure to choose the right table or endpoint before it executes an operation.

06 / CAPABILITY
HO

Hosted operations

Run one stable remote MCP layer without maintaining transports, local runtimes, or gateway infrastructure.

Source to controlled MCP link

One. Two.
Three.

Connect the source once. DataMCP handles discovery, hosted transport, client authentication, and link policy.

Read the setup guide
  1. 01
    Register a backend

    Connect PostgreSQL or provide an OpenAPI specification and upstream authentication.

  2. 02
    Create an access policy

    Choose database operations, tables, or allowed HTTP methods for the MCP link.

  3. 03
    Distribute the MCP link

    Connect the approved AI client and monitor its activity from one dashboard.

Build or use datamcp

Hosted MCP gateway vs. a direct MCP server

See what stays on your engineering backlog when the MCP runtime and control layer are managed for you.

CAPABILITYDATAMCPDirect connection
Backend credentialsStay encrypted on the gateway

Often distributed to each client

Access policyDefined per MCP link

Usually tied to one backend credential

RevocationDisable one link or user

Rotate shared credentials and configs

PostgreSQL activityQuery history and permission denials

Split across clients and database logs

Client setupOne hosted HTTPS URL

Runtime and transport configuration

Frequently asked questions

Questions before
you connect.

Clear answers about architecture, access, credentials, and supported clients.

01

What is an MCP gateway?

An MCP gateway sits between AI clients and backend systems. It exposes or routes MCP tools while centralizing client authentication, permission checks, backend credential handling, and revocation. Logging support depends on the gateway and source type.

02

How is an MCP gateway different from an MCP server?

An MCP server exposes tools for one system or capability. A gateway adds a managed control layer around those tools and backend connections. datamcp provides both the hosted MCP endpoint and the gateway controls for PostgreSQL and OpenAPI sources.

03

Is an MCP gateway the same as an MCP proxy?

The terms overlap, but a proxy usually focuses on forwarding traffic while a gateway also centralizes authentication, authorization, credential isolation, and activity review. datamcp creates hosted MCP endpoints for PostgreSQL and OpenAPI connections; it is not a generic proxy for arbitrary third-party MCP servers.

04

How does MCP authentication work in datamcp?

AI clients can authenticate to datamcp with an API key or OAuth 2.0 with PKCE. That client credential is separate from the PostgreSQL password or upstream API credential stored on the connection.

05

What can datamcp connect to?

datamcp currently supports PostgreSQL 12 and newer plus REST APIs described by OpenAPI 3.x or Swagger documentation. Each source can have multiple MCP links with different permissions and users.

06

Does every AI client share the same access?

No. Create separate MCP links for tools, environments, or people. A production ChatGPT link can be read-only while an internal Cursor link has a different table or API method scope.

07

Is datamcp a hosted MCP gateway?

Yes. datamcp hosts the remote MCP transport and control plane, so clients connect over HTTPS. You do not need to keep a local process or custom gateway deployment running.

08

Is datamcp an open-source or self-hosted MCP gateway?

No. datamcp is a hosted service and does not currently provide an open-source, self-hosted, or on-premise edition. Teams that require self-hosting should evaluate a self-operated gateway and budget for authentication, policy, secrets, updates, monitoring, and incident response.

09

Does an MCP gateway replace backend authorization?

No. Gateway policy narrows what one MCP link may request, while PostgreSQL roles or upstream API authorization remain independent boundaries. Use least-privilege backend credentials even when the gateway provides per-link controls.

Start with one link

Start with one hosted MCP gateway link

Connect one PostgreSQL or OpenAPI source and create one managed MCP link for free. Add more sources and policies as your team grows.