Explore Agentic logo

Disclosure: Jarvis AI is a product of ASCENDING Inc., which publishes Explore Agentic. We flag every page that discusses Jarvis and mark comparison tables that include it. Our editorial policy is on the About page.

Topic hub · MCP Gateway

MCP Gateway: 2026 vendor selection guide

An MCP gateway is the agent gateway specialized for the Model Context Protocol. Six vendors ship production gateways in 2026; the procurement question is which one fits your environment. Selection criteria, vendor landscape, and the questions that separate enterprise-ready from beta.

Alexander Alexander on LinkedIn
Contributing Writer · MCP Implementation
Reviewed by Ryo Hang
6 min · Updated May 8, 2026

An MCP gateway is the protocol-specific flavor of the agent gateway — the inline component that every Model Context Protocol tool call passes through, where authentication, RBAC, routing, and the per-call observability record happen. The pattern emerged in early 2025 from production deployments where teams were running fifty MCP servers across dozens of clients and needed one place to enforce policy.

By April 2026 six vendors ship a production-grade MCP gateway. Sorting them by name is not the procurement question. The question is which gateway fits your federation reach, your identity surface, your compliance shape, and your existing infrastructure. The full MCP gateway definition covers the pattern itself; this page is the buyer's guide.

Selection criteria for 2026

Five criteria carry most of the procurement weight. We see them surface in every gateway evaluation conversation; the priority order varies, but the questions do not.

  1. 01

    Federation reach

    Can the gateway federate across AWS AgentCore, Azure AI Foundry, Cloudflare MCP Server Portals, and self-hosted MCP servers, or does it terminate at one provider's perimeter? Single-cloud gateways are an architecture decision, not a feature gap.

  2. 02

    Auth conformance

    OAuth 2.1 with PKCE, RFC 8707 resource indicators (mandatory in MCP since March 15, 2026), and Protected Resource Metadata under RFC 9728. Vendors a full revision behind on auth will fail security review even if the rest of the product is strong.

  3. 03

    Identity propagation

    On-behalf-of identity has to follow nested tool calls. The gateway should consume your IdP groups directly through SAML / OIDC / SCIM, not ship a parallel role system that diverges within a quarter.

  4. 04

    Audit granularity

    Per-call records that name the resolved MCP tool, the resolved arguments, the resolved result, and the policy snapshot the gateway authorized against. Tool-level, not request-level.

  5. 05

    Revocation timing

    When access is revoked or an agent version deprecated, the change has to propagate on the next call, not the next sync interval. We cover the diagnostic question in <a href="/agent-gateway/agent-registry-vs-agent-gateway/">Agent Registry vs. Agent Gateway</a>.

Vendor landscape, April 2026

The market has consolidated into three shapes: cloud-native gateways from the hyperscalers (AWS AgentCore, Azure AI Foundry), edge-native gateways from CDN providers (Cloudflare MCP Server Portals), and platform-native gateways from agent-focused vendors. The full vendor table with capabilities and pricing lives in the MCP Gateway glossary entry; this is the procurement-shape view.

MCP gateway shapes by procurement profile, April 2026.
ShapeExamplesBest fitFederation reach
Hyperscaler-nativeAWS AgentCore Gateway, Azure AI FoundryEnterprises consolidated on one cloud, with AWS / Azure as the agent-platform anchorIn-cloud only; cross-cloud federation requires a second layer
Edge-nativeCloudflare MCP Server PortalsDistributed teams, low-latency requirements, MCP servers already running at the edgeCross-cloud through Cloudflare's edge; identity bridge to enterprise IdP varies
Platform-native (unified registry + gateway)Jarvis RegistryMulti-cloud / hybrid environments, one policy surface across providers, MCP-compatible client varietyFederates AgentCore, Azure AI Foundry, Cloudflare, self-hosted A2A and MCP servers
Open-source / DIYCustom builds on Kong / EnvoyTeams with strong platform engineering, narrow scope, no compliance audit on the horizonWhatever you build

The federation question

The procurement decision that decides everything else is whether you need to federate. Single-cloud shops can take the hyperscaler gateway and stop. Multi-cloud or hybrid shops have a choice: stack one gateway per provider and reconcile by hand, or bring in a federating layer that gateways across providers under one policy surface.

We have not yet seen a hybrid environment where the per-provider stack scaled past two providers without breaking. The audit reconciliation cost grows quadratically with provider count, and the identity propagation gaps multiply. The federating layer is the architectural answer that survives the third provider.

Where Jarvis Registry fits

Jarvis Registry is the unified registry and gateway under the platform-native shape. It federates across AWS AgentCore, Azure AI Foundry, Cloudflare MCP Server Portals, and self-hosted MCP and A2A servers, exposing one MCP-compatible endpoint that Jarvis Chat, Claude Desktop, Claude Code, VS Code, Cursor, GitHub Copilot, Microsoft Copilot, Windsurf, and ChatGPT connect to. The catalog and data planes share schemas and policy objects so deprecation and revocation propagate on the next call, not the next sync.

Pricing is published on AWS Marketplace and Azure Marketplace at $1,500 / $2,500 / custom per month across three tiers. The Pro tier ($2,500 / month) bundles Jarvis Chat with Jarvis Registry — the multi-LLM enterprise chat client and the unified MCP gateway under one deployment. Most enterprise procurement starts there.

Continue reading

Related from this topic

Definition

MCP Gateway, explained

The pattern itself — what an MCP gateway enforces, the protocol model, the auth surface, and the six vendors shipping production gateways in 2026.

Read
Comparison

Agent Registry vs. Agent Gateway

Why the two planes must be co-designed. Three failure modes when they are split, and the diagnostic questions that reveal whether a vendor has both.

Read
Topic hub

Agent Gateway

The data plane in full — five things an agent gateway must enforce, how it differs from an API gateway, and the five questions for vendors.

Read
Pillar

Model Context Protocol

The 18-minute pillar on MCP — spec, auth model, gateway pattern that grew out of production deployments, and the November 2025 / March 2026 revisions.

Read
Frequently asked

Common questions

  1. What is an MCP gateway?
    An MCP gateway is the agent-gateway pattern specialized for the Model Context Protocol. Every MCP tool call passes through it, where authentication is verified, the access policy is enforced, the call is routed to the right backend MCP server, rate limits apply, and a structured per-call observability record is written. The full definition with the protocol model and the auth timeline lives at /glossary/mcp-gateway/.
  2. Which MCP gateways are production-ready in 2026?
    Six vendors ship production-grade MCP gateways as of April 2026: AWS AgentCore Gateway (GA October 13, 2025), Azure AI Foundry, Cloudflare MCP Server Portals, Jarvis Registry, and two open-source options that platform teams build on top of Kong or Envoy. The procurement decision is shape, not name — hyperscaler-native, edge-native, or platform-native federating layer.
  3. Do I need an MCP gateway if AWS AgentCore Gateway already covers it?
    If your entire MCP estate runs in one AWS account and your compliance posture treats AWS as the security perimeter, AgentCore Gateway is sufficient. If you are running MCP servers in Azure, on Cloudflare, or self-hosted alongside AWS — and most enterprise shops do, by April 2026 — you need a federating layer that gateways across providers under one policy surface. Stacking AgentCore plus Azure AI Foundry plus Cloudflare with manual reconciliation works in pilot and breaks in production.
  4. How does an MCP gateway handle OAuth?
    An MCP server is an OAuth 2.1 resource server; the gateway sits in front of it as the protected-resource enforcement point. PKCE is mandatory. RFC 8707 resource indicators have been mandatory in MCP since March 15, 2026 — the resource parameter must appear in both authorization and token requests so a token minted for one server cannot be replayed against another. Gateways that have not implemented RFC 8707 are a full spec revision behind. The due-diligence question writes itself: does your gateway validate the resource indicator on every token?
  5. How does Jarvis Registry compare to AgentCore Gateway and Cloudflare MCP Server Portals?
    AgentCore Gateway is single-cloud (AWS only). Cloudflare MCP Server Portals is edge-native and federates well across origins but the identity bridge to enterprise IdPs varies by deployment. Jarvis Registry is multi-cloud federating: it sits above AgentCore, Azure AI Foundry, and Cloudflare as one MCP-compatible endpoint, with one policy surface, one audit trail, and IdP integration through SAML / OIDC by default. The choice is architectural rather than feature-by-feature: pick AgentCore if you are AWS-only; pick Jarvis Registry if you are multi-cloud or expect to be within the planning horizon.
See it implemented

Jarvis Registry: an MCP gateway that federates

Multi-cloud out of the box. Federates AWS AgentCore, Azure AI Foundry, Cloudflare MCP Server Portals, and self-hosted A2A and MCP servers under one MCP-compatible endpoint. RFC 8707 resource indicators on every token. SAML / OIDC IdP integration. Per-call audit with policy snapshot. Pro tier on AWS Marketplace and Azure Marketplace bundles Jarvis Chat plus Jarvis Registry at $2,500 / month flat-fee, regardless of seat count.

Explore Jarvis Registry → Read the buyer's guide