Integration Guide
MCP endpoints, authentication methods, and connection examples for integrating AI agents with MCP Gateway.
MCP Endpoint URL
Each MCP gets a unique endpoint URL displayed on its card in the self-service user dashboard for MCPs. Point your AI agent to this URL to connect. The base domain is typically https://mcpgateway.quilr.ai or https://mcpgateway.quilrai.com, but it can vary by environment.
https://mcpgateway.quilr.ai/<your-mcp-slug>/mcp
Authentication Methods
MCP Gateway separates the credential your AI client uses to reach the gateway from the credential the gateway uses to reach the upstream MCP server.
Client to Gateway
API Token Authentication
Send a Bearer token with a user identifier header for per-user tracking.
Authorization: Bearer <token>
mcpuser: user@company.com
- Create API tokens in Settings → API Tokens
- Each token is scoped to a specific agent
- The
mcpuserheader identifies the end user for per-user tracking - The
mcpuseremail must belong to an allowed company domain
Gateway OAuth Proxy Tokens
OAuth-capable MCP clients can authenticate to the gateway through the gateway's OAuth endpoints. After the user signs in, the token endpoint returns a stable proxy token. The proxy token is scoped to the MCP backend, or to OneMCP for the /quilrone/mcp endpoint.
OAuth Passthrough
In OAuth passthrough mode, the gateway advertises or relays the upstream OAuth metadata and the AI client obtains an upstream access token itself. The gateway accepts that upstream Bearer token on the direct per-MCP endpoint, forwards it to the upstream MCP server, and uses token claims such as email, preferred_username, upn, or sub for logging when available.
OAuth passthrough MCPs are not exposed through OneMCP and do not use gateway token storage, refresh, dashboard Connect, or proxy tokens.
Gateway to Upstream MCP
For manual OAuth setup steps, see MCP Provider Setup. For OneMCP unified access, memory tools, and inline OAuth recovery, see OneMCP.
Token-Based Connection Example
# Connect to MCP endpoint with token auth
curl -X POST https://mcpgateway.quilr.ai/your-mcp-slug/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-api-token>" \
-H "mcpuser: user@company.com" \
-d '{
"jsonrpc": "2.0",
"method": "tools/list",
"id": 1
}'
OneMCP Connection Example
{
"mcpServers": {
"quilr-onemcp": {
"url": "https://mcpgateway.quilr.ai/quilrone/mcp",
"headers": {
"Authorization": "Bearer <onemcp-token>"
}
}
}
}
With OneMCP, call list_tool_groups first, then find_relevant_tools, then call_tool. If a backend requires user OAuth, the response includes a short-lived connect URL that the user can open and retry.
Agent Configuration
- Each AI agent (OpenAI, Claude, Cursor, etc.) connects to the MCP endpoint URL shown on the MCP card
- The gateway identifies agents by their User-Agent header keyword
- Configure which MCPs each agent can access via Agents Configuration or per-MCP Access Control