Higress MCP service management helps build a private MCP market

Dao Feng、Lv Shui、Shi Mian

Jul 2, 2025

Share on X

Higress is expanding the capabilities of the AI gateway:

In June 2024, release v1.4.0, open-source large model gateway capability
In March 2025, release v2.1.0, open-source Remote MCP Server hosting solution
In April 2025, release a new repository for openapi-to-mcp server, providing the ability to batch convert existing OpenAPI to MCP Server
In April 2025, release MCP marketplace, accelerating existing APIs into the MCP era

On July 2, Higress released v2.1.5, open-sourcing MCP service management capabilities for constructing private MCP marketplaces. Thus, the core ability triangle of Higress AI gateway gradually becomes clear: large model gateway, MCP gateway, and private MCP marketplace.

Introduction

This March, MCP protocol became a new hotspot for AI, widely recognized by most people. At that time, Higress quickly followed up and added MCP protocol conversion capabilities; see details: https://higress.cn/ai/mcp-quick-start. This solution addresses the following issues:

Introduced Redis to solve the session persistence problem of SSE protocol using its pub/sub feature
Provided the ability to convert OpenAPI to MCP Server, simply by providing OpenAPI documentation that meets OAS 3.0 specifications for automatic conversion to gateway-hosted MCP Server
Provided Go Template and GJSON expressions for refined handling of request and response templates, allowing users to adjust the MCP Server configuration only by changing settings without losing traffic, and SSE connections will not break.

Once this feature was launched, it quickly attracted widespread attention from users in the open-source community. Concurrently, there was significant feedback about configuration failures in user groups because this feature is too atomic and the configuration is complex, making it easy for users to encounter failures. To enhance user experience further, we decided to integrate Higress MCP-related capabilities in a scenario-based manner within the Higress Console, i.e., the MCP service management module.

Users can officially experience all the features mentioned in this document in Higress version 2.1.5.

Introduction to Higress MCP Service Management

Overview of Higress MCP Service Management Features

The Higress MCP service management module provides the following capabilities:

OpenAPI to MCP conversion. Based on user-provided OAS 3.0 documents, connect to existing HTTP backend services of the gateway for automatic conversion to MCP Server.
DB to MCP conversion. Users simply need to configure their database instance as the backend service for the gateway to automatically convert to MCP Server; currently supports MySQL, PostgreSQL, Clickhouse, and Sqlite.
MCP direct routing. Can directly proxy SSE/Streamable protocol backend services.
MCP authentication and authorization capabilities.

From the perspective of an open-source contributor at Higress, I want to clarify the positioning of Higress itself; it primarily takes on the responsibilities of the AI gateway/MCP gateway, serving as an infrastructure to help businesses better build their own MCP marketplace. The MCP features it offers can very well complement scenarios such as MCP application stores (like mcp.so), MCP client markets (Cline, Cursor, Cherry Studio), and platform markets (Bailian, Modao, Dify). Higress is not in competition with these scenarios.

MCP Service Management and mcp.higress.ai

Previously, Higress officially released a SaaS version of the MCP marketplace: mcp.higress.ai, which is entirely built on Higress MCP service management. Currently, the frontend and backend code have not been open-sourced, serving as a functional demonstration for users, and users can refer to the interaction of mcp.higress.ai to build their own MCP marketplaces based on Higress.

Higress, Naos 3.0, and the MCP Marketplace

If you are building a privatized MCP marketplace for your enterprise, you will definitely be concerned about the relationship between the Higress MCP service management, Nacos 3.0, and the MCP marketplace introduced in this document. Here are some clarifications.

Some enterprises have a need to build their own MCP marketplace. Higress MCP service management is merely the console representation of Higress MCP-related atomic capabilities, aiming to provide users with a more user-friendly interface. It also offers integrated OpenAPI capabilities, which can become an essential component of an enterprise’s privatized MCP marketplace. However, this single component alone is not enough to fully support all scenario demands.

Nacos 3.0 provides the capability of MCP Registry. When building an enterprise-level MCP marketplace, Higress takes on the role of MCP Proxy while Nacos undertakes the responsibilities of MCP Registry, combining market information and managing MCP Server runtime better. In the future, Higress will also pursue a deeper integration with the Nacos MCP Registry at the product level, forming a comprehensive solution for the MCP marketplace.

In self-built scenarios: It is recommended to integrate Higress Console’s OpenAPI or admin-sdk, as well as the Nacos MCP Registry. Enterprises should then develop a front/back-end application that meets their privatized requirements to construct their own privatized MCP marketplace.

In Alibaba Cloud commercialization scenarios: The Alibaba Cloud public cloud API Gateway and dedicated cloud Feitian enterprise version API Gateway plan to launch a plug-and-play MCP marketplace. This solution will be based on MCP service management and Nacos 3.0 to provide higher-level applications, planned to offer two models for commercial users to choose from:

Model 1: Plug-and-play with an expandable, customizable instantiated MCP marketplace.
Model 2: Provide MCP marketplace source code for convenient secondary development by enterprise users.

Next, we will focus on introducing the three types of services provided by Higress MCP service management: OpenAPI to MCP conversion, MCP direct routing, and DB to MCP conversion, and the business scenarios they support.

OpenAPI to MCP Conversion

When enterprises develop MCP Server for AI agents, they can generally be divided into two categories of scenarios: existing scenarios and incremental scenarios. Existing scenarios refer to the IT assets that enterprises already have; for example, in e-commerce scenarios, order systems, product systems, and address systems—these systems need to have the capability to be called by the AI agents, which all need to be MCP-compliant; incremental scenarios refer to MCP tools developed specifically to help AI agents run better, a typical example being the amap MCP Server provided by Gaode.

Before providing the amap MCP Server, the Gaode team also had a complete set of amap openapi, which was previously used for traditional application calls. Most business teams in enterprises could write high-quality products like the amap MCP Server if they are willing to invest significant energy and determination, but the reality is that there are many concerns for existing business assets:

The personnel maintaining existing business systems have changed several times, and some long-tail applications are hesitant to incrementally add code.
There are many business systems which make full-scale modifications take a long time to schedule.
The learning curve for business personnel to master the technology stack of AI is relatively high.
The deployment of MCP Server increases resource consumption.

Once a new technology involves modifications to existing systems, and the chosen modification scheme has a high threshold, it is very likely to lead to a failure to implement the changes, ultimately becoming a murky account for the enterprise.

The OpenAPI to MCP conversion feature provided by Higress is definitely not the only MCP access solution, but its advantages are very prominent:

No-code modification, easy access. Just provide the OpenAPI documentation of the existing service (meeting OAS 3.0 specifications); no line of access code needs to be written to be managed by Higress.
Easy maintenance of a white screen tool alteration. Later on, you can adjust the MCP metadata (in YAML format) converted from OpenAPI in Higress Console, fine-tuning the tools and descriptions, so that the MCP can better collaborate with the agent.
No need to provide MCP runtime, convenient operation and maintenance. Unlike traditional stdio/sse solutions, the Higress gateway does not need to raise any MCP runtime resources such as Docker and completes the conversion entirely through protocol, occupying only the resources of the gateway itself.

With this feature of Higress, businesses can focus on the description of MCP tools and how to better collaborate with the agent, rather than how to write the code implementation of MCP Server, greatly improving the efficiency of the business intelligence process.

Next, we will introduce the functions more intuitively in conjunction with the Higress Console interface.

In the AI gateway management - MCP management menu, select to create an MCP service, and you can create a service type as OpenAPI MCP service.

Selecting the MCP service allows you to perform editing tool operations. On this page, both Swagger mode and YAML mode are supported.

Swagger mode. Import OpenAPI documentation that complies with OAS 3.0 specifications; it can be automatically converted to MCP YAML metadata through Higress Console. Recommended for new additions.
YAML mode. Directly edit MCP YAML metadata, recommended for edits.

View the tool list:

Below the basic information and tool list, you can also directly view the SSE/Streamable access point information for the MCP client to connect directly.

MCP Direct Routing

In the OpenAPI to MCP conversion scenario, I mentioned the existing and incremental scenarios. While I personally believe that existing business scenarios occupy the majority, it cannot be ruled out that some scenarios will choose to develop MCP Server independently. There are also a large number of MCP Servers emerging in the open-source MCP marketplace. In light of this situation, Higress also provides the MCP direct routing solution to connect to SSE/Streamable protocol backend services.

Some readers may wonder, if they have already developed their own MCP Server which the MCP client can connect to directly, why still need to be proxied by Higress? My opinion is that here Higress acts as an MCP gateway with the following advantages:

Can implement MCP Server authentication, authorization, rate limiting, and observability through the gateway.
Unified management of the external exposure of MCP Server.

Actually, in Higress's current and future feature planning, MCP has always been treated as an API type. In AI scenarios, the types of APIs include:

LLM API
MCP API
Agent API

In conjunction with the API types of traditional API gateways:

Rest API
HTTP API
Websocket API

There’s a topic that can further develop the API & AI open platform, but these are still in the exploration stage, so follow the Higress community to learn about subsequent developments.

DB to MCP Conversion

The DB to MCP Server capability provided by HIgress only requires users to provide necessary connection information for connecting to the database (username, password, domain name/IP, port) to generate instance-level MCP Server, without writing code or providing runtime resources.

Currently, this feature is still in the exploratory stage. Please note the following limitations when using it:

Only partial database types are supported: MySQL, PostgreSQL, Clickhouse, Sqlite.
Only a fixed tool list is supported: ListTables, DescribeTable, Query, Execute, not supporting dynamic additions.

DB to MCP conversion is an attempt by Higress to MCP-ify general database and middleware components, providing a possible direction for future evolution. We hope to receive more feedback from users.

Based on this feature, Higress could also evolve into SQL MCP BI capabilities in the future, used to orchestrate SQL that meets business scenarios into MCP tools for intelligent analysis, formatted as follows:

db_tool:
  name: xxxx
  kind: postgres-sql 
  source: my-pg-source # 通过 name 关联到对应 db_source
  
  # tools 所需元数据
  name: search-hotels-by-name # tools 的名
  description: Search for hotels based on name. # tools 的描述
  inputSchema: # 内容为自定义的 RawMessage
    - type: string
      properties: 
        table: 
          type: string
          description: 'hotel name'
      required: 
        - table
                
  # 执行语句
  statement: SELECT * FROM hotels WHERE name ILIKE '%' || $1 || '%';

We also welcome other Higress open-source contributors to participate in the contribution of this feature.

MCP Authentication

Current State of the MCP Official Certification Program

The MCP community currently focuses on user-level permission management concerning the certification program. To fully apply this in enterprises, it needs to delve into the employee account system. This means transitioning from role-based permission management to user-based permission management.

Under this PR initiative, the community has now accepted the certification scheme based on OAuth2 PRM (Protected Resource Metadata) draft and has released it in the latest version.

https://github.com/modelcontextprotocol/modelcontextprotocol/pull/284#issuecomment-2825122408

In simple terms, this extracts the responsibilities of the Auth Server from the MCP Server. When the MCP Client requests the MCP Server without credentials, the MCP Server returns 401 and provides PRM information, informing the MCP Client to go to the Auth Server to issue a Token. The MCP Client then requests the MCP Server again with the Token.

This solution solves the problem of the MCP Client discovering the authentication endpoints when communicating with the MCP Server, but the overall scheme’s large-scale landing in the MCP client ecosystem is expected to take quite a long time. Additionally, this scheme is overly complex and idealistic, and I personally judge that there will be substantial resistance in the process of enterprise-level landing.

Moreover, an interesting point is raised regarding potential security risks during the design of this solution by the Alibaba Cloud security team: https://github.com/modelcontextprotocol/modelcontextprotocol/issues/544, and this issue was just fixed last week.

The MCP Authentication Solution Provided by Higress

Our assessment is that even if the standardized authentication solution of the MCP community achieves breakthroughs at the technical level, it will still encounter certain resistance in the enterprise landing process. In view of this, Higress, by combining its own gateway authentication scenarios and common user demands, offers a gateway-side authentication solution.

The authentication of Higress MCP Server has two stages: one occurs between the MCP Client and Higress (downstream), and the other occurs from Higress to the MCP Server (upstream).

Higress Upstream Authentication Solution

The MCP community does not specify the authentication method from the MCP Server to backend services under the remote MCP Server implementation. One possibility is that the types of backend service cannot be enumerated. Higress provides MCP conversion capabilities that design some conventions.

Higress offers the following out-of-the-box authentication capabilities according to the OpenAPI 3.0 specifications:

HTTP Basic Auth
HTTP Bearer Token
API Key (Header)
API Key (Query)

Therefore, if the OAS 3.0 documentation in the OpenAPI conversion MCP scenario includes backend service authentication and credentials, Higress will also use those credentials to access the backend service.

Higress Downstream Authentication Solution

As an MCP gateway, one of the primary values of Higress is to provide unified authentication management for MCP Server. It is recommended to use API Key for authentication, consistent with the user experience of AI gateway in modeled service proxies.

Downstream authentication for the MCP service, which is the gateway-side authentication method, is consistent with the routing experience of routing and AI. Users familiar with gateway authentication plugins will not find this solution unfamiliar.

Transparent Authentication Solution

simultaneously, support for transparent credential passing will be provided in response to some authentication needs for MCP direct routing in the future.

Comparison of Higress Commercialization vs Open-Source MCP Capabilities

	Higress Open Source	Public Cloud Alibaba Cloud API Gateway	Dedicated Cloud Feitian Enterprise Version API Gateway
OpenAPI to MCP Conversion	Supported	Supported	Supported
MCP Direct Routing	Supports SSE/Streamable	Supports SSE/Streamable, plans to support Stdio	Supports SSE/Streamable, plans to support Stdio
MCP Server Authentication and Authorization	API Key	Various authentications such as API Key/JWT/OAuth2	Various authentications such as API Key/JWT/OAuth2
MCP Server Tool Granularity Authorization	No plans	Supported	Supported
MCP Server Tool Granularity Quota Limiting	No plans	Planned support (July)	Planned support (July)
MCP Server Tool Granularity Observability	No plans	Planned support (July)	Planned support (July)
MCP Server Security Barrier	No plans	Planned support (July)	Planned support (July)
MCP Server Tool Assembly Mechanism (Selecting tools from any Server to assemble into a new Server)	No plans	Planned support (July)	Planned support (July)
MCP Marketplace	Provides two modes for user choice: + Model One: Plug-and-play with an expandable, customizable instantiated MCP marketplace + Model Two: Provide MCP marketplace source code for convenient secondary development.	Provides two modes for user choice: + Model One: Plug-and-play with an expandable, customizable instantiated MCP marketplace + Model Two: Provide MCP marketplace source code for convenient secondary development.	Provides two modes for user choice: + Model One: Plug-and-play with an expandable, customizable instantiated MCP marketplace + Model Two: Provide MCP marketplace source code for convenient secondary development.