Skip to main content
An MCP Gateway is a virtual endpoint that exposes your capabilities to external MCP clients (AI agents, applications, integrations). Think of it as a secure door through which clients access your tools.

What is an MCP Gateway?

An MCP Gateway is:
  • A virtual host with a unique URL: mcp-{id}.noorle.com
  • An MCP server that implements the MCP protocol
  • A capability aggregator that unifies builtin, plugin, and connector tools
  • A security boundary with authentication and access control

Gateway Architecture

Creating an MCP Gateway

Steps:
  1. Sign in to Noorle Console
  2. Go to Gateways → Create MCP Gateway
  3. Give it a name: “My Research Assistant”
  4. Get your unique URL: mcp-xyz123.noorle.com
  5. Enable capabilities you want to expose
  6. Generate an API token or JWT for client authentication
Result: Clients can connect immediately.

Host-Based Routing

Your gateway lives at a unique subdomain: Each gateway is completely isolated:
  • Own set of attached capabilities
  • Own authentication credentials
  • Own rate limits and budgets
  • Own conversation history (if any)

What Clients Can Do

Once connected, MCP clients can:

1. Discover Tools

// Client discovers available tools
const response = await gateway.request({
  jsonrpc: "2.0",
  method: "tools/list",
  id: 1
});

// Noorle returns
{
  tools: [
    { name: "web_search", description: "..." },
    { name: "code_run", description: "..." },
    { name: "my_plugin_analyzer", description: "..." }
  ]
}

2. Call Tools

// Client invokes a tool
const result = await gateway.request({
  jsonrpc: "2.0",
  method: "tools/call",
  params: {
    name: "web_search",
    arguments: { query: "latest developments" }
  },
  id: 2
});

// Noorle executes and returns result
{
  result: { ... }
}

3. Access Resources

// Client reads a resource (e.g., conversation history)
const result = await gateway.request({
  jsonrpc: "2.0",
  method: "resources/read",
  params: {
    uri: "memory://conversation-context"
  },
  id: 3
});

4. Get Prompts

// Client retrieves guidance prompts
const result = await gateway.request({
  jsonrpc: "2.0",
  method: "prompts/get",
  params: {
    name: "system-instructions"
  },
  id: 4
});

Capability Exposure Control

Not all capabilities are exposed equally. Gateways let you control what each client can see and do:

Capability Visibility

  • Enabled: Available to clients
  • Disabled: Hidden (client can’t see it)

Exposure Scopes

Each builtin capability has a scope:
  • AgentAndMcp (default): Visible to agents AND MCP clients
    • Files, Web Search, HTTP Client, Code Runner, Knowledge Retrieval, Browser, Sandbox
  • AgentOnly: Only visible to agents, NOT to MCP clients
    • Computer (direct system access - dangerous to expose publicly)

Per-Gateway Metadata

When you attach a capability to a gateway, you can set metadata: 
{
  "capability_id": "uuid-123",
  "metadata": {
    "rate_limit": 100,        // requests per hour
    "timeout_ms": 30000,      // execution timeout
    "cost_limit": null        // max cost per execution (configurable)
  }
}

SSE Transport Details

Gateways use Server-Sent Events (SSE) to stream MCP messages: SSE Benefits:
  • Standard HTTP, works through proxies
  • Long-lived connection for real-time interaction
  • Automatic reconnection
  • No WebSocket complexity

Authentication

Gateways support multiple auth methods:

JWT Tokens

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
     https://mcp-xyz.noorle.com/sse
Short-lived, scoped to account. Great for temporary client connections.

API Keys

curl -H "X-API-Key: ak-access123secret456" \
     https://mcp-xyz.noorle.com/sse
Long-lived, can be rotated. Great for permanent integrations.

OAuth Device Flow

# For CLI and headless clients
curl -X POST https://api.noorle.com/oauth/device/authorize \
     -d "client_id=..."
See Authentication for details.

Rate Limiting & Budgets

Gateways enforce usage limits: 
Per-Client Rate Limits:
  • 100 requests/hour per API key
  • 1,000 requests/hour per JWT

Per-Capability Limits:
  • Custom rate and cost limits configurable per capability

Work Budgets:
  • Configurable monthly/usage budgets per gateway
  • Enforce at: tool execution time
For current pricing and budget details, see Pricing. If a client exceeds limits, Noorle returns HTTP 429 (Too Many Requests).

Gateway Lifecycle

Best Practices

One Gateway Per Use Case

Create separate gateways for research, support, data analysis. Easier to manage, separate limits.

Least Privilege Capabilities

Only enable capabilities clients actually need. Disable Computer, Files with sensitive data.

Monitor Usage

Check gateway metrics weekly. Watch for unusual patterns, cost overruns, or errors.

Token Rotation

Rotate API keys monthly. Revoke tokens from inactive clients. Use short-lived JWTs.

Common Patterns

Client Pattern: Claude API

from anthropic import Anthropic

client = Anthropic()
client.tools = fetch_mcp_gateway("mcp-xyz.noorle.com", "token")

response = client.messages.create(
    model="claude-3-5-sonnet",
    max_tokens=1024,
    tools=client.tools,
    messages=[{"role": "user", "content": "..."}]
)

Client Pattern: Browser Extension

const gateway = {
  url: "https://mcp-xyz.noorle.com",
  token: localStorage.getItem("mcp_token")
};

// Connect on startup
await connectToGateway(gateway);

// When user clicks button: "Search for X"
const result = await callTool("web_search", { query: "X" });

Client Pattern: Scheduled Task

let gateway = NoorleMcpClient::new(
    "https://mcp-xyz.noorle.com",
    "api-key"
);

let result = gateway.call_tool("code_run", json!({
    "language": "python",
    "code": "run_daily_analysis()"
})).await?;

Troubleshooting

ProblemSolution
Client can’t connectCheck auth token is valid. Ensure gateway is ACTIVE.
Tool not foundVerify capability is enabled on gateway. Check tool name spelling.
429 Rate LimitCheck rate limits on gateway settings. Request increase if needed.
Tool failsCheck error logs in Console. Verify capability configuration.
Slow responsesCheck work budget. High cost tools may be throttled.
Next: Understand Capabilities - the tools gateways expose.