Portkey’s AI gateway has MCP server support that many foundational model providers offer.
Model Context Protocol (MCP) is an open protocol that standardizes how applications provide tools and context to LLMs. The MCP tool in the Responses API allows developers to give the model access to tools hosted on Remote MCP servers. These are MCP servers maintained by developers and organizations across the internet that expose these tools to MCP clients, like the Responses API.
There are two ways to connect remote MCP servers through Portkey:
Portkey Gateway execution — Prefix the MCP server with @portkey-mcp in the Responses API or Messages API, and send the following header x-portkey-beta: server-side-mcp-2026-06-01. Portkey fetches and executes tools on your behalf. See Beta Features for the full header reference.
Provider execution — Pass a server_url directly in the OpenAI or Anthropic sections below. The upstream provider connects to and executes MCP tools on their servers.
Portkey Gateway (@portkey-mcp)
Provider Execution (server_url)
Where tools run
Securely within your own VPC
On provider servers (OpenAI, Anthropic, etc.)
Data exposure
MCP credentials stay in your environment
Tokens may be exposed to provider training data and audit pipelines
User attribution
Actions attributed via your service/user API key
No per-user attribution
Audit & logging
MCP executions logged and available for audit
No execution logging or security controls
Using a Private MCP Server? If your MCP server is behind a firewall, on localhost, or not publicly accessible, the model provider won’t be able to reach it. Check out our guide on Using Private MCP Servers to learn how to handle tool fetching and invocations on the client side.
When using upstream inference providers like bedrock, vertex-ai that do not support executing MCP tools remotely, you can pass the prefix @portkey-mcp to the mcp tool server_label to execute the tool securely on the gateway and receive the response back from the gateway.
Fields in the MCP tool object like server_description, server_url, require_approval are not supported when using the @portkey-mcp prefix; they are ignored if passed.
When using upstream inference providers like bedrock, vertex-ai that do not support executing MCP tools remotely, you can pass the prefix @portkey-mcp to the mcp tool mcp_server_name to execute the tool securely on the gateway and receive the response back from the gateway.
A Responses API request to OpenAI with MCP tools enabled.
curl https://api.portkey.ai/v1/responses \ -H "Content-Type: application/json" \ -H "x-portkey-api-key: $PORTKEY_API_KEY" \ -d '{ "model": "@OPENAI_PROVIDER/gpt-4.1", "tools": [ { "type": "mcp", "server_label": "deepwiki", "server_url": "https://mcp.deepwiki.com/mcp", "require_approval": "never" } ], "input": "What transport protocols are supported in the 2025-03-26 version of the MCP spec?" }'
import OpenAI from "openai";import { PORTKEY_GATEWAY_URL, createHeaders } from 'portkey-ai'const client = new OpenAI({ apiKey: "PORTKEY_API_KEY", baseURL: PORTKEY_GATEWAY_URL});const resp = await client.responses.create({ model: "@OPENAI_PROVIDER/gpt-4.1", tools: [ { type: "mcp", server_label: "deepwiki", server_url: "https://mcp.deepwiki.com/mcp", require_approval: "never", }, ], input: "What transport protocols are supported in the 2025-03-26 version of the MCP spec?",});console.log(resp.output_text);
from openai import OpenAIfrom portkey_ai import PORTKEY_GATEWAY_URL, createHeadersclient = OpenAI( api_key="PORTKEY_API_KEY", base_url=PORTKEY_GATEWAY_URL,)resp = client.responses.create( model="@OPENAI_PROVIDER/gpt-4.1", tools=[ { "type": "mcp", "server_label": "deepwiki", "server_url": "https://mcp.deepwiki.com/mcp", "require_approval": "never", }, ], input="What transport protocols are supported in the 2025-03-26 version of the MCP spec?",)print(resp.output_text)
import Portkey from 'portkey-ai';const portkey = new Portkey({ apiKey: "PORTKEY_API_KEY"});const resp = await portkey.responses.create({ model: "@OPENAI_PROVIDER/gpt-4.1", tools: [ { type: "mcp", server_label: "deepwiki", server_url: "https://mcp.deepwiki.com/mcp", require_approval: "never", }, ], input: "What transport protocols are supported in the 2025-03-26 version of the MCP spec?",});console.log(resp.output_text);
from portkey_ai import Portkeyportkey = Portkey( api_key="PORTKEY_API_KEY")resp = portkey.responses.create( model="@OPENAI_PROVIDER/gpt-4.1", tools=[ { "type": "mcp", "server_label": "deepwiki", "server_url": "https://mcp.deepwiki.com/mcp", "require_approval": "never", }, ], input="What transport protocols are supported in the 2025-03-26 version of the MCP spec?",)print(resp.output_text)
Unlike the DeepWiki MCP server, most other MCP servers require authentication. The MCP tool in the Responses API gives you the ability to flexibly specify headers that should be included in any request made to a remote MCP server. These headers can be used to share API keys, oAuth access tokens, or any other authentication scheme the remote MCP server implements.you can pass additional headers in the headers object or the oauth token in the authorization key.Use Stripe MCP tool
import OpenAI from "openai";import { PORTKEY_GATEWAY_URL } from 'portkey-ai'const client = new OpenAI({ apiKey: "PORTKEY_API_KEY", baseURL: PORTKEY_GATEWAY_URL});const resp = await client.responses.create({ model: "@OPENAI_PROVIDER/gpt-4.1", input: "Create a payment link for $20", tools: [ { type: "mcp", server_label: "stripe", server_url: "https://mcp.stripe.com", headers: { Authorization: "Bearer $STRIPE_API_KEY" } } ]});console.log(resp.output_text);
from openai import OpenAIfrom portkey_ai import PORTKEY_GATEWAY_URLclient = OpenAI( api_key="PORTKEY_API_KEY", base_url=PORTKEY_GATEWAY_URL)resp = client.responses.create( model="@OPENAI_PROVIDER/gpt-4.1", input="Create a payment link for $20", tools=[ { "type": "mcp", "server_label": "stripe", "server_url": "https://mcp.stripe.com", "headers": { "Authorization": "Bearer $STRIPE_API_KEY" } } ])print(resp.output_text)
import Portkey from 'portkey-ai';const portkey = new Portkey({ apiKey: "PORTKEY_API_KEY"});const resp = await portkey.responses.create({ model: "@OPENAI_PROVIDER/gpt-4.1", input: "Create a payment link for $20", tools: [ { type: "mcp", server_label: "stripe", server_url: "https://mcp.stripe.com", headers: { Authorization: "Bearer $STRIPE_API_KEY" } } ]});console.log(resp.output_text);
from portkey_ai import Portkeyportkey = Portkey( api_key="PORTKEY_API_KEY")resp = portkey.responses.create( model="@OPENAI_PROVIDER/gpt-4.1", input="Create a payment link for $20", tools=[ { "type": "mcp", "server_label": "stripe", "server_url": "https://mcp.stripe.com", "headers": { "Authorization": "Bearer $STRIPE_API_KEY" } } ])print(resp.output_text)
To prevent the leakage of sensitive keys, the Responses API does not store the values of any string you provide in the headers object. These values will also not be visible in the Response object created. Additionally, because some remote MCP servers generate authenticated URLs, we also discard the path portion of the server_url in our responses (i.e. example.com/mcp becomes example.com). Because of this, you must send the full path of the MCP server_url and any relevant headers in every Responses API creation request you make.
If you have MCP servers registered on Portkey’s MCP Gateway, you can connect to them through the Responses API by passing the appropriate authentication in the tool definition.
No-auth or header-based auth servers: Pass your Portkey API key as x-portkey-api-key inside the headers object.
OAuth-based servers: Pass the OAuth access token using the authorization field on the tool.
Claude’s Model Context Protocol (MCP) connector feature enables you to connect to remote MCP servers directly from the Messages API without a separate MCP client.
This feature requires the beta header: "anthropic-beta": "mcp-client-2025-04-04"
Key features
Direct API integration: Connect to MCP servers without implementing an MCP client
Tool calling support: Access MCP tools through the Messages API
OAuth authentication: Support for OAuth Bearer tokens for authenticated servers
Multiple servers: Connect to multiple MCP servers in a single request
For MCP servers that require OAuth authentication, you’ll need to obtain an access token. The MCP connector beta supports passing an authorization_token parameter in the MCP server definition.
API consumers are expected to handle the OAuth flow and obtain the access token prior to making the API call, as well as refreshing the token as needed.
Obtaining an access token for testing
The MCP inspector can guide you through the process of obtaining an access token for testing purposes.
Run the inspector with the following command. You need Node.js installed on your machine.
npx @modelcontextprotocol/inspector
In the sidebar on the left, for “Transport type”, select either “SSE” or “Streamable HTTP”.
Enter the URL of the MCP server.
In the right area, click on the “Open Auth Settings” button after “Need to configure authentication?”.
Click “Quick OAuth Flow” and authorize on the OAuth screen.
Follow the steps in the “OAuth Flow Progress” section of the inspector and click “Continue” until you reach “Authentication complete”.
Copy the access_token value.
Paste it into the authorization_token field in your MCP server configuration.
Using the access token
Once you’ve obtained an access token using either OAuth flow above, you can use it in your MCP server configuration: