Named MCP servers
Define a server with an auth-config and a tool allowlist, then generate a per-user mcp_url any MCP client connects to.
MCP gateway
The open-source MCP gateway.
Open Connector is an open-source (AGPL-3.0), self-hostable MCP gateway: it exposes your connectors as named Model Context Protocol servers, runs the OAuth, and injects credentials server-side at call time — so your agents act over MCP while tokens never leave your infrastructure. It's wire-compatible with Composio's MCP, so existing clients point at your host unchanged.
What you get
Your connectors, served over MCP — credentials stay yours.
Managed OAuth
The gateway runs the OAuth handshake and refreshes tokens. Users grant access once; agents get scoped, least-privilege connections.
Credentials stay yours
Tokens are sealed in an AES-256-GCM vault and injected server-side at call time. The MCP client never sees a raw secret.
Tamper-evident audit
Every brokered MCP tool call writes a hash-chained record — actor, scope, timestamp, result — your security team can trust.
Open source & self-hostable
The whole gateway is AGPL-3.0. Run it on your own infrastructure for free — no per-call vendor tax, no tokens in someone else's cloud.
Composio-MCP compatible
Wire-compatible with Composio's MCP — named servers, per-user instances, generated urls, the npx @composio/mcp setup commands.
How it works
Three steps to a credential-brokering MCP server.
- 1Create a named MCP server — an auth-config plus the tool allowlist it exposes.
- 2Generate a per-user mcp_url (or a per-connected-account url) for each end user.
- 3Point any MCP client at the url — tools are brokered and credentials injected server-side.
# point any MCP client at your gateway
npx @composio/mcp setup "https://connect.acme.com/.../mcp/serve/<id>"FAQ
MCP gateway, answered
- What is an MCP gateway?
- An MCP gateway sits between AI agents and third-party tools: it exposes those tools to any MCP (Model Context Protocol) client, handles authentication, and brokers each tool call. Instead of every agent wiring its own OAuth and API integrations, the gateway runs the OAuth, holds the credentials, and serves a scoped, authenticated set of tools over MCP.
- Is there an open-source, self-hostable MCP gateway?
- Yes. Open Connector is an open-source (AGPL-3.0) MCP gateway you run on your own infrastructure for free. It exposes your connectors as named MCP servers, runs the OAuth, and injects credentials server-side — so tokens stay in your environment, never in a vendor's cloud.
- How does Open Connector handle MCP authentication and OAuth?
- Open Connector performs the OAuth handshake for each connected account and seals the tokens in an AES-256-GCM vault. At call time it injects the credential server-side, so the MCP client only ever holds a scoped api-key to your gateway — never a raw third-party token. Every brokered call is written to a tamper-evident audit trail.
- How do MCP servers and per-user access work?
- You create a named MCP server with an auth-config and a tool allowlist, then generate a per-user mcp_url (or a per-connected-account url). Each MCP client connects to its own url; the server's tools/list is derived from the allowlist, and tools/call resolves the acting user's connection and injects the credential. A call with no active connection fails honestly with an error — never a fake success.
- Is Open Connector an alternative to Composio's MCP?
- Yes. Open Connector's MCP resource is wire-compatible with Composio's MCP (named servers, per-user instances, generated urls, and the npx @composio/mcp setup commands). The difference is ownership: Open Connector's gateway is open source and self-hostable, so the MCP servers and the credentials they broker run on your own infrastructure.
An MCP gateway you own.
Open source, self-hostable, with credentials that never leave your infrastructure. Run it from source today.