Case Study
Vatsal Shah
Vatsal Shah Published on July 13, 2026 Strategy Lead

Try the Gateway Console

STRATEGIC OVERVIEW

I led this program to 41% Faster Integration. 73% Integration Time Reduction | 7,000 Hours Saved | 100% Security Guardrail Coverage Client & Problem Overview The client runs a multi-region B2B software marketplace app platform supporting ~2,800.

73% Integration Time Reduction | 7,000 Hours Saved | 100% Security Guardrail Coverage

Client & Problem Overview

The client runs a multi-region B2B software marketplace app platform supporting ~2,800 engineers globally. Their core product provides complex workflow automation integrations, connecting enterprise clients to CRM databases, ITSM ticket runners, and third-party SaaS pipelines.

As autonomous AI agents and developer copilots became integral to their core product offerings, the client faced an integration bottleneck. The engineering team was tasked with building custom, ad-hoc API integrations for each new tool. Because each tool had unique schemas, endpoint configurations, and authentication paradigms, onboarding a single third-party tool took an average of 14 business days.

Furthermore, developer agents executed unmonitored commands directly against databases and internal services. Without centralized audit logs, credential isolation, or prompt scanning, the security team lacked visibility into what data was being accessed, who authorized the execution, and whether outbound data contained sensitive Customer Identifiable Information (PII).

Challenges

To resolve this integration deadlock, the engineering platform team identified four primary technical blockers:

  1. Schema Fragmentation: Every internal service and third-party connector exposed arbitrary endpoints (REST, gRPC, Webhooks). Engineers had to manually write mapping layers for LLM context structures, leading to fragile integrations.
  2. Credential Proliferation: AI agents required direct access to sensitive developer databases and third-party API keys. Storing these credentials locally on developer clients or sharing them across shared agent sessions violated security protocols.
  3. Lack of Rate Limiting: Destructive loop patterns in autonomous agents regularly triggered API rate limits on destination endpoints, leading to service disruption for human users.
  4. Audit and Compliance Gaps: Traditional API logs recorded raw payload requests but failed to correlate human session authorization tokens with corresponding agent tool invocations, creating compliance gaps for SOC 2 Type II processing integrity audits.
💡 Insight

"When agents begin orchestrating tasks across database borders, standard API gateway rules break down. Traditional gateways monitor who calls the API; agentic gateways must monitor what prompt triggered the tool, validate prompt safety at the gateway edge, and audit the output before it returns to the agent." — Vatsal Shah

Solution Approach

The platform engineering team deployed a unified Model Context Protocol (MCP) Gateway. MCP, standardizing client-server tool context sharing under mcp-jsonrpc/2.0, decoupled LLM reasoning agents from source code connections.

The gateway serves as a secure proxy layer. Instead of allowing agents to interface directly with database hosts, agents communicate exclusively with the gateway using Server-Sent Events (SSE). The gateway acts as a dynamic registry, mapping requested tool calls to the correct backend host, validating input arguments against JSON schemas, and scrubbing data before it leaves the corporate perimeter.

To drive developer self-service, the team introduced a developer portal where engineers can register their own custom tool schemas in under 5 minutes. The gateway automatically imports the tool schema, registers it in the active routing table, and exposes the tool to permissioned developer agent sessions.

Architecture

The gateway is built on a two-tier high-availability cluster deployed across multiple regions using Kubernetes and FastAPI.

MCP Registry and Gateway Topology
MCP Registry and Gateway Topology Diagram

Figure 1: High-availability MCP registry and gateway topology showing request routing, SSE connection pools, Redis cache nodes, and destination service schemas.

Requests flow from LLM developer agents to the FastAPI Gateway edge. The gateway queries a highly available Redis cache layer to resolve the destination host registry and route mapping.

Two-Layer Authentication

To secure the boundary between human intent and automated tool execution, the architecture enforces a strict two-layer authentication scheme:

Two-Layer Authentication Flowchart
Two-Layer Authentication Flowchart

Figure 2: Two-layer authentication showing client validation, OIDC token check, and human presence verification before executing critical write actions.
  1. User session context validation: The human developer initiates the agent session using their Okta OIDC credential. The gateway asserts that this user has authorization to perform actions in the target workspace.
  2. Agent principal check: The agent itself executes tool requests using short-lived JWT tokens provisioned for the specific session ID, mapping the exact call context back to the human initiator.

Unified Deployment Pipeline

New schemas must be vetted before promotion to the live production registry. The client built an automated validation pipeline:

Unified Deployment Pipeline flowchart
Unified Deployment Pipeline Flowchart

Figure 3: Unified deployment pipeline illustrating the stages of schema compilation, sandbox validation, security analysis, and production promotion.

Whenever an engineer commits a new tool configuration, the pipeline boots a isolated sandbox container, executes static schema validation, runs command validation filters, and registers the endpoints.

Observability and Audit Loops

Every tool invocation triggers a synchronous logging audit cycle. Latency curves, invocation volumes, and error counts are monitored in real time.

Observability and Audit Trail Flow
Observability and Audit Trail Flow Diagram

Figure 4: Detailed observability pipeline displaying outbound logging channels, PII scrubbing filters, and persistent database audit log trails.

Outbound payloads are passed through a PII scrubber where values like API keys, emails, and database keys are redacted and replaced with secure, non-reversible hashes.

Implementation Steps

The rollout followed a four-step phased roadmap:

  1. Gateway Bootstrap: Fast API nodes were deployed to Kubernetes using ingress controllers optimized for long-lived Server-Sent Events (SSE) connections.
  2. Registry Mapping: Existing databases and ticket runner scripts were wrapped in small, lightweight Python-based MCP servers using the official SDK.
  3. Credential Scoping: All database and API access keys were centralized in HashiCorp Vault. The gateway was mapped as the sole principal capable of retrieving these credentials.
  4. Audit Log Hook: Outbound payload scrubbing filters were coded and hooked into the gateway middleware to intercept all JSON-RPC responses.

Here is a snippet of the custom validation middleware used to intercept outgoing JSON-RPC tools packages in Python:

Python
class="tok-cm"># mcp_gateway_middleware.py
import re
from fastapi import Request, Response
from starlette.middleware.base import BaseHTTPMiddleware

class MCPScrubbingMiddleware(BaseHTTPMiddleware):
    class="tok-kw">def __init__(self, app, pii_patterns=None):
        super().__init__(app)
        self.pii_patterns = pii_patterns or [
            r&class="tok-cm">#039;class="tok-str">"api_key"\s*:\s*class="tok-str">"[^"]+class="tok-str">"',
            r&class="tok-cm">#039;"emailclass="tok-str">"\s*:\s*"[^class="tok-str">"]+"class="tok-str">',
            r&class="tok-cm">#039;"password"\s*:\s*"[^"]+"'
        ]

    async class="tok-kw">def dispatch(self, request: Request, call_next):
        response = await call_next(request)
        if response.media_type == class="tok-str">"application/json-rpc":
            body = bclass="tok-str">""
            async for chunk in response.body_iterator:
                body += chunk
            decoded_body = body.decode(class="tok-str">"utf-8")
            
            class="tok-cm"># Apply regex scrubbing logic
            for pattern in self.pii_patterns:
                decoded_body = re.sub(pattern, &class="tok-cm">#039;class="tok-str">"redacted": class="tok-str">"[SECURE_HASH]"', decoded_body)
                
            return Response(
                content=decoded_body.encode(class="tok-str">"utf-8"),
                status_code=response.status_code,
                headers=dict(response.headers),
                media_type=response.media_type
            )
        return response

In Go, we validated incoming JSON schemas recursively before allowing them to pass to execution hosts:

Go
// schema_validator.go
package main

import (
	"encoding/json"
	"fmt"
	"github.com/xeipuuv/gojsonschema"
)

type MCPRequest struct {
	JSONRPC string          `json:"jsonrpc"`
	Method  string          `json:"method"`
	Params  json.RawMessage `json:"params"`
	ID      int             `json:"id"`
}

func ValidateParams(schemaStr string, params json.RawMessage) error {
	schemaLoader := gojsonschema.NewStringLoader(schemaStr)
	documentLoader := gojsonschema.NewBytesLoader(params)

	result, err := gojsonschema.Validate(schemaLoader, documentLoader)
	if err != nil {
		return err
	}

	if !result.Valid() {
		var errs string
		for _, desc := range result.Errors() {
			errs += fmt.Sprintf("- %s\n", desc.String())
		}
		return fmt.Errorf("schema validation failed:\n%s", errs)
	}
	return nil
}

Tech Stack

The operational components of the platform gateway registry are tabulated below:

LayerTechnologyPurpose
Gateway LayerFastAPI / Python SDKSSE connection ingestion, schema compilation, and routing
Cache & RegistryRedis ClusterHot routing table store, session cache, and rate limit bucket
Credential VaultHashiCorp VaultSecure secret storage, OIDC principal maps, and dynamic credential generation
Telemetry & LogsPrometheus / GrafanaMetrics collection, p95 latency tracking, and throughput dashboards
Message BusApache KafkaAsynchronous telemetry log streams for long-term database archiving

Results & Outcomes

The implementation yielded measurable success across financial, operational, and security vectors:

System Performance Dashboard
System Performance Dashboard Chart

Figure 5: Performance monitoring dashboard showing invocation metrics, response time distribution curves, and error rate tracking over a 30-day window.
  • Onboarding Speed: Third-party integration cycles collapsed from 14 business days down to 6 hours. Instead of manually coding mapping logic, platform teams self-served tool schemas through the developer portal catalog.
  • Developer Engagement: Portal monthly active users (MAU) surged from 12% to 61% by month 6, as engineers adopted pre-approved, security-cleared agent connections.
  • Invocations Scale: Steady state monthly active invocations reached 48,212 sessions with an average end-to-end routing latency of 26ms (p95).
  • Loop Prevention: Automated rate-limiting policies prevented cascading loop failures in developer copilots, eliminating agent-driven database outages.

"Centralizing agent tools under a governed MCP gateway isn't just about efficiency—it is a critical security step. We went from zero visibility to 100% audited tool invocation, satisfying SOC 2 processing integrity criteria in our first review cycle."

Key Learnings

  1. Decouple Logic from Transport: SSE proved more resilient than raw WebSockets for multi-region tool routing because standard HTTP headers simplified OAuth integration.
  2. PII Redaction is a Day-One Requirement: Outbound telemetry streams must be filtered. If raw database values are allowed to bleed into centralized log collectors, auditing compliance becomes impossible.
  3. Limit Loop Depth Programmatically: Developer agents will occasionally loop. Enforcing request-per-minute (RPM) limits at the gateway layer protects backend endpoints from sudden traffic spikes.

FAQ

Does the gateway support multi-tenant credential isolation?

Yes. The gateway acts as a proxy that parses the incoming client's OIDC context. When routing requests to the SAP or Jira hosts, the gateway queries HashiCorp Vault using the specific workspace ID, ensuring credentials for Client A are never visible to Client B.

How does the gateway handle rate limiting for looping developer agents?

We enforce token-bucket rate limits in Redis. Each agent principal token carries a dynamic rate quota (e.g. 120 RPM). When a loop triggers a threshold breach, the gateway intercepts the request and returns a standard JSON-RPC error response (code -32001, Rate Limit Exceeded) without pinging the destination database.

Can third-party APIs be wrapped in MCP servers securely?

Yes. Third-party APIs are registered in the gateway via standard OpenAPI to MCP json-rpc maps. The gateway handles the authorization header mapping using secrets retrieved dynamically from HashiCorp Vault.

How does this architecture impact SOC 2 audits?

By recording both the human OIDC initiator token and the agent invocation ID in a unified log stream, the platform provides a complete trace of who authorized the tool, what query was executed, and what parameters were passed, fulfilling the observation requirements for SOC 2 Processing Integrity.

Is there an active caching layer for schemas?

Yes. Schema schemas are hot-cached in Redis. This prevents the gateway from needing to poll backend MCP servers for schema handshakes on every tool request, bringing p95 latency down to 26ms.

MCP Gateway Console

Command Center
Gateway Status: Active
VS

⚡ Invocations (24h)
48,212
▲ Steady State
🤖 Active Servers
5
▲ All healthy
⏱ p95 Latency
26ms
▼ 4% vs yesterday
🔁 Error Rate
0.02%
Within limit
MCP Server Fleet
Real-time status of connected Model Context Protocol hosts
Server HostStatusAccess LevelRequests (1h)p95 LatencyError Rate
postgres-search-serviceConnectedRead-Write8,21121ms0.00%
jira-issue-synchronizerConnectedRestricted Write3,40138ms0.04%
slack-notifier-daemonConnectedWrite Only12,01914ms0.01%
sap-logistics-connectorBusyTransactional48192ms0.08%
github-repository-operatorIdleRead Only00.00%
System Status Monitors
Gateway Ingestion
100%
SSE Connection Pool
81%
Redis Cache Hits
94%
Conformity Validator
Active
Recent Critical Events
10:42:19 AM
Gateway hot-reload successful. Loaded 41 API schemas.
10:31:02 AM
New agent credentials provisioned for Developer-Agent-09.
09:12:47 AM
postgres-search-service latency recovered to normal limits.

Server Registry
Configure and register secure MCP servers in the gateway namespace
Registered Host Schemas
Host NameProtocolTransportSecurity TargetAction
postgres-search-servicemcp-jsonrpc/2.0SSE (HTTP POST)Mutual TLS / OIDC
jira-issue-synchronizermcp-jsonrpc/2.0SSE (HTTP POST)OIDC Principal
slack-notifier-daemonmcp-jsonrpc/2.0SSE (HTTP POST)OAuth 2.0 Client
sap-logistics-connectormcp-jsonrpc/2.0SSE (HTTP POST)Mutual TLS + IAM Token
github-repository-operatormcp-jsonrpc/2.0SSE (HTTP POST)GitHub App Integration

Route Manager
Manage request routing mappings from incoming agents to registered schemas
Active Routes Mapping
Incoming PathDestination ServerRouting RuleStatus
/db/search/*postgres-search-serviceDynamic query parser + scope matchingActive
/jira/sync/*jira-issue-synchronizerMatch project key + session ID mappingActive
/slack/post/*slack-notifier-daemonRestricted channel ID mapping rulesActive
/sap/logistics/*sap-logistics-connectorTransactional security schema validationActive
/git/repo/*github-repository-operatorRestrict writes to pre-approved branchesActive

Credential Vault
Manage token configurations and access keys for agent execution realms
Token Credentials
Active JWT Keys4
Token Expiry Domain12 Hours Max
Algorithm SignatureRS256
Certificates ReloadedToday 04:00 AM
Access Policy Limits
Human Presence RequiredFor Write Actions
Outbound Tunnel LimitsStrict Port Scoping
OIDC Provider HostOkta Tenant #941
IP Blocklist FilterEnabled (32 blocked)

Rate Limiting
Configure dynamic thresholds and session limiting across the MCP cluster
Global Threshold Configurations

Security Guardrails
Manage prompt scanning, PII redaction, and compliance control flags
Guardrail PolicyTarget StackSeverity LevelActionStatus
Prompt Injection DetectionAll Input VectorsBlockRedact and alarm logActive
PII Scrubbing PolicyOutbound Data PayloadRedactReplace values with hashesActive
Outbound Port Restrictionspostgres-search-serviceBlockReject non-local DNS queriesActive
Command Validation Filtergithub-repository-operatorBlockReject destructive git commandsActive

Observability Log
Real-time gateway tool invocation telemetry stream
[INFO] 10:48:02 AM - Ingestion worker initialized.
[INFO] 10:48:02 AM - Loaded 5 registered server endpoints.
[OK] 10:48:03 AM - SSL Handshake successful with postgres-search-service.
[OK] 10:48:04 AM - Token OIDC session verified for Developer-Agent-09.
[INFO] 10:48:12 AM - Agent call routed: "/db/search/records" -> postgres-search-service.
[OK] 10:48:12 AM - postgres-search-service responded in 19ms. (Success)
[WARN] 10:48:15 AM - Slack payload warning: User ID masked.

Audit Trail
Compliance logs recording human-in-the-loop and agent invocation matches
TimestampInitiating AgentTarget ToolAction TypeAuthorized By
2026-07-13 10:48:12Developer-Agent-09postgres-search-serviceQuery RecordsOIDC JWT Session
2026-07-13 10:45:01Developer-Agent-04jira-issue-synchronizerCreate IssueHuman Approver API
2026-07-13 10:39:19Slack-Daemon-Agentslack-notifier-daemonSend NotificationAuto-Approved System
2026-07-13 10:22:04Logistics-Agent-02sap-logistics-connectorPost TransactionHuman Approver API

Analytics Center
Historical adoption and integration metrics of the MCP gateway
📊 Onboarding Time Saved
7,000h
▲ Monthly Steady State
🤖 Active Integrations
41%
▲ Dev portal target
⏱ avg latency
26ms
▼ Down from 90ms
🔁 Dev Portal Active
61%
▲ 12% before pilot
Engineering Engagement

Developer Portal MAU has increased from 12% to 61% following the launch of the MCP gateway self-service tool integration program. The self-serve catalog has successfully reduced onboarding bottlenecks, cutting custom pipeline setup from 14 days down to 6 hours.

V
Vatsal Shah LinkedIn

Independent AI & Technology Consultant

Vatsal Shah is an enterprise AI strategy and digital transformation consultant based in India, working with teams across India, APAC, Europe, and North America. 20+ years helping enterprises and mid-market operators with AI readiness, operating model design, and technology leadership — you work with me directly.

Book a Free Call →

Want to work together on business transformation?

Visit my personal hub for advisory scope, or connect on LinkedIn. Every engagement is principal-led with measurable outcomes.

Visit Shah Vatsal Connect on LinkedIn Book intro call
Book intro