Remote HTTPS transport
Connect supported MCP clients without running a local proxy process beside every client.
MCP proxy / gateway / remote access
Give AI clients remote MCP access to PostgreSQL or OpenAPI without placing backend credentials in every client. Authenticate each link, apply source-specific permissions, and revoke access centrally.
tools/call → productionPOLICY CHECKEDDirect answer
Use a simple MCP proxy when you only need transport forwarding. Choose a gateway-style control layer when remote clients also need authentication, backend credential isolation, source-specific permissions, and independent link revocation.
The production path
An MCP proxy is commonly described as the layer between an AI client and an MCP server or backend. That description is accurate but incomplete. Forwarding a request does not decide who may connect, which operation they may call, where the upstream secret lives, or how one compromised client is revoked.
Those additional responsibilities turn a transport proxy into a gateway-style control layer. datamcp hosts that layer for two current source types: PostgreSQL and OpenAPI. It connects to the source, publishes a remote HTTPS MCP endpoint, authenticates the client, evaluates the MCP link policy, and executes the approved database or API operation.
This distinction matters when comparing products. Some MCP proxies relay existing MCP servers. Others translate protocols, terminate OAuth, or aggregate tools. datamcp does not proxy arbitrary third-party MCP servers. It creates managed MCP access from supported PostgreSQL and OpenAPI connections.
For the broader architecture, read the hosted MCP gateway guide. If you are choosing between managed and self-operated infrastructure, use the hosted vs. local MCP server comparison.
What you get
Connect supported MCP clients without running a local proxy process beside every client.
Authenticate the MCP client with an API key or OAuth 2.0 with PKCE instead of sharing a backend credential.
Keep PostgreSQL and supported upstream API credentials on the managed connection side.
Narrow PostgreSQL operations and tables or restrict OpenAPI links to approved operations and HTTP methods.
Delete one MCP link without rotating the backend credential used by other approved links.
Review query execution and permission denials, then export the visible activity as CSV or JSON.
Source to controlled MCP link
Connect the source once. DataMCP handles discovery, hosted transport, client authentication, and link policy.
Read the setup guideRegister PostgreSQL credentials or provide an OpenAPI 3.x specification and supported upstream authentication.
Choose client authentication and narrow the database operations, tables, API operations, or HTTP methods.
Configure the generated HTTPS MCP endpoint in Cursor, Claude, ChatGPT, VS Code, or another compatible client.
Build or use datamcp
See what stays on your engineering backlog when the MCP runtime and control layer are managed for you.
Forward or translate traffic
Implementation-dependent
Often supplied by the client or proxy config
Usually delegated to the upstream server
Depends on shared credentials and proxy configuration
May relay arbitrary MCP servers
Frequently asked questions
Clear answers about architecture, access, credentials, and supported clients.
An MCP proxy sits between an MCP client and a backend or MCP server. Depending on the implementation, it can forward transport traffic, authenticate clients, inject upstream credentials, enforce policy, and centralize revocation. A proxy does not automatically provide all of those controls, so evaluate the exact implementation rather than the label alone.
A proxy primarily forwards or translates traffic. A gateway usually owns a broader control layer that includes authentication, authorization, credential handling, policy, and operational management. The terms overlap in current MCP products, so compare responsibilities and supported source types instead of relying only on naming.
No. datamcp creates and hosts remote MCP access for PostgreSQL 12+ and REST APIs described by OpenAPI 3.x or supported Swagger documentation. It does not currently relay arbitrary third-party MCP servers.
A hosted layer gives remote clients a stable HTTPS endpoint and avoids keeping a local process running. It can also keep backend credentials out of client configuration and make link revocation independent from rotating the backend credential.
MCP clients can use a datamcp API key or OAuth 2.0 with PKCE. That client credential is separate from the PostgreSQL password or upstream API credential stored on the connection.
No. Proxy or gateway policy is one boundary. PostgreSQL roles, upstream API authorization, network controls, and least-privilege credentials remain independent boundaries and should still restrict the backend directly.
PostgreSQL query execution and permission denials are available in the datamcp activity log. OpenAPI endpoint calls do not currently appear there, so use upstream API, gateway, or infrastructure logs for those requests.
No. datamcp is a hosted service and does not currently offer a self-hosted or on-premise edition.
Keep exploring
Compare gateway responsibilities across authentication, policy, credentials, revocation, and activity review.
GUIDEUnderstand direct servers, remote servers, proxies, and managed gateways with a production decision framework.
GUIDECompare operational ownership, transport, credentials, updates, cost, and failure modes.
GUIDESeparate client identity, link policy, backend grants, denials, and revocation.
GUIDECreate remote schema and query access with explicit database permissions.
GUIDETurn an OpenAPI or Swagger source into a hosted remote MCP endpoint without generated server code.
Start with one link
Connect one PostgreSQL or OpenAPI source and publish one hosted MCP link for free. Keep the backend credential out of client configuration.