Security
MCP Security
Control which AI agents can call which tools, meter every invocation, and keep sensitive data out of the context window. RequestRocket sits between your agents and your MCP server, enforcing policy on every tool call.
Overview
RequestRocket in the MCP Stack
RequestRocket proxies HTTP traffic between AI agents and any MCP server. Authentication, access control, metering, and response filtering are all enforced at the proxy — without modifying the MCP server or the agent.
The Problem
What MCP Servers Lack Today
The Model Context Protocol (MCP) gives AI agents a standardised HTTP interface to call tools and retrieve data from external servers. But the protocol itself does not define authentication, authorisation, or usage governance — those are left to each server's implementation, and most implementations leave them entirely absent.
No per-agent identity
MCP servers have no built-in concept of per-agent credentials. Any caller with network access can invoke any tool. There is no way to issue isolated identities to individual agents, restrict which tools each agent can call, or revoke access for a specific agent without affecting others.
No usage governance
There are no native rate limits, no metering, and no audit trail. You cannot track which agent called which tool, how often, or what data was returned. Runaway agents can exhaust upstream quotas and leak sensitive data into context windows without any visibility or control.
Controls
What RequestRocket Adds
Agent Authentication
Issue a dedicated proxy credential to each AI agent — API key, bearer token, JWT, or OAuth 2.0. Each agent authenticates independently. Revoking one credential stops that agent without affecting any other. The MCP server's own credential is stored encrypted and never exposed to agents.
Authentication →Tool Scoping
Attach allow-rules to a proxy credential that match on HTTP method and path to restrict which MCP tools it can invoke. A credential scoped to POST /tools/search cannot call any other tool — RequestRocket returns a 400 with rule metadata. Scope each agent to exactly what it needs.
Call & Value Metering
request_count meters limit how many tool calls an agent can make per minute, hour, day, or month. response_value meters extract numeric values from MCP response bodies — token counts, cost fields, quota usage — and enforce limits on those values across the same time windows.
Context Window Protection
Filters apply destroy operations on JSON paths in MCP responses before the data reaches the agent. Strip internal IDs, PII, system metadata, and any fields that should not enter the agent's context window. Filters stack per credential, target, and proxy for layered control.
Data Redaction →Deployment
Where the Proxy Runs
The control plane manages configuration centrally. Your data plane — where agent traffic flows — runs where your MCP server is reachable.
Managed
Run your proxy on RequestRocket's shared regional infrastructure across supported AWS regions. Zero infrastructure overhead. Deploy to a new region by changing a single field — proxyRegion. Available to all plans. Best for MCP servers accessible over the internet.
Self-hosted
Deploy the data plane inside your own VPC so it can reach private MCP servers without exposing them to the internet. The control plane manages configuration remotely. Your MCP server never leaves your network — agents connect to the proxy endpoint, not the server directly.
Contact us →Use Cases
Common MCP Security Scenarios
Practical patterns for governing AI agent access to MCP tools — from credential issuance to context window protection.
Add outbound API security
without changing code
Start on your own or talk to our team about improving the security of every API call you make.