MCP Bridge: Turn any API into agent-ready tools
What MCP Bridge does
MCP Bridge translates your existing REST, GraphQL, SOAP, and gRPC APIs into AI-ready MCP tools, automatically. One platform, no custom integration code, no changes to your upstream APIs.
3. Execute. When an LLM calls a tool, MCP Bridge handles authentication, input validation, parameter mapping, response processing, and guardrails. Eight authentication methods ship out of the box: Bearer, Basic, API Key (header or query), OAuth2 (Client Credentials and ROPC), AWS Cognito SRP, WS-Security UsernameToken (Text and Digest), SOAP body credentials with auto-detection, plus unauthenticated.
One platform, every protocol
Most MCP tooling today handles REST, and maybe GraphQL if you're lucky. Real enterprises are never that clean. MCP Bridge is the only platform we know of that unifies REST, GraphQL, SOAP, and gRPC under a single managed layer, optimized for agentic workflows.
Observability. Every tool call is tracked: latency, throughput, error rates, token usage, per-tool metrics, async execution status. OpenTelemetry trace and metric export over OTLP, so the data lands in Datadog, Grafana, or whatever observability stack you already run. An analytics dashboard with five tabs (Overview, Tools, APIs, Token Usage, Errors) plus streaming CSV export of execution logs.
Response post-processing. A per-tool declarative pipeline (unwrap, select, exclude, limit, sort, flatten, aggregate) with smart defaults generated at import time. The output schema served to MCP clients is automatically updated to match the post-processed response, so agents know exactly what they'll get. A JavaScript sandbox handles anything declarative rules can't.
Enterprise security and compliance
AI security guardrails. Regex-based input guardrails for prompt injection detection with three sensitivity levels, plus output guardrails that detect and redact sensitive data: SSNs, credit cards, API keys, tokens, emails, phone numbers. Configurable per tool. Violations are surfaced to MCP clients and persisted to execution logs.
Human-in-the-loop approval. A built-in elicitation framework with a destructive-tool approval gate: when an agent calls a tool annotated as destructive, MCP Bridge can pause and request human approval through the MCP client, with a per-elicitation deadline and an audited outcome. mcp.elicit() is also exposed inside Code Mode JavaScript, so multi-step orchestrations can pause for human input at any step.
We chose Rust for the same reasons enterprises do: performance and memory safety at scale. When you're proxying thousands of tool calls an hour across multiple agents, runtime overhead matters.
Who it's for
Try MCP Bridge Now
Point it at an API, generate your tools, and connect your first agent in minutes, not months.
Or run on AWS / Microsoft. Free trial on both, with tier-based features (Starter / Team / Enterprise).
→ 7-day Trial on Appfactor: https://mcp-bridge.ai/
→ AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-cj2bcojmxemlo
→ Microsoft Azure Marketplace: https://marketplace.microsoft.com/en-us/product/appfactorio.430f1a2a-ed68-4546-b598-81bb6402006c?tab=Overview
About AppFactor
MCP Bridge is built and maintained by AppFactor. AppFactor is an agentic orchestration platform for autonomous software maintenance. It automatically analyzes, documents, refactors, and redeploys enterprise applications so engineering teams can focus on building new value instead of paying down technical debt.
MCP Bridge extends that mission into the agent layer. Once your applications are modern, MCP Bridge makes their APIs available to AI agents safely, without rewriting a line of code.
Platform engineering teams exposing internal APIs to agents without writing a bespoke adapter for every service, centralizing governance, audit, and observability in one place.
Enterprises adopting MCP as a standard, looking to bridge an existing API portfolio to LLM clients quickly and securely, without refactoring.
AI engineers building agents that call enterprise APIs and want a managed tool layer that handles auth, rate limiting, guardrails, and execution logging for them.
MCP endpoint protection. OAuth2 Bearer token validation (JWKS, audience, scopes) on the MCP endpoint itself, independent from the web UI. OIDC-protected web UI with support for Cognito, Entra ID, Keycloak, Auth0, and Okta. Login rate limiting, server-side session revocation, cookie key rotation, and group-based access control. Centralized credential management replaces secrets scattered across servers. Security headers (HSTS, CSP, X-Frame-Options, and friends) applied to every response.
Built in Rust. Self-hosted by default.
MCP Bridge is written in Rust and ships as a single container plus PostgreSQL. Self-hosted on your own infrastructure. No SaaS dependency, no data leaving your environment. A CloudFormation template is included for AWS ECS deployment.
Built for procurement, not just demos:
SOC 2-aligned audit trail. Append-only audit_logs table with database-level REVOKE on DELETE / UPDATE. Full event coverage: API CRUD, tool updates, settings changes, auth events, export actions. Dedicated Audit Log Viewer in the web UI and streaming CSV export.
Credential encryption at rest. AES-256-GCM field-level encryption for API credentials and TLS material. Transparent encrypt-on-write and decrypt-on-read.
Reliability. Per-API rate limiting (token bucket), exponential backoff with jitter, configurable retry policies, and a three-state per-API circuit breaker (Closed / Open / HalfOpen, infrastructure-error-only counting, reset by health checks). Scheduled health checks with staggered jitter so a flaky upstream can't take your fleet down.
Horizontal scaling. Primary / read-only replica split, multi-instance cache invalidation via PostgreSQL NOTIFY / LISTEN, ALB path-based routing, and AWS Application Auto Scaling. Ships with a CloudFormation template.
Curation. Enable or disable tools, edit names and descriptions, customize parameter mappings, set per-tool guardrail overrides. Hybrid search (full-text + trigram + vector) keeps a thousand-endpoint catalog browsable.
gRPC gets full TLS and mTLS support: custom CA certificates and client cert/key for self-signed or private CAs, with all PEM material encrypted at rest. Real regulated-network gRPC, not a half-implementation.
Built for production, not for demos
MCP Bridge isn't a prototype. It ships with what production AI deployments actually require:
4. Scale. For APIs with hundreds of endpoints, loading every tool into an agent's context is wasteful or impossible. Code Mode replaces the full catalog with three meta-tools: search_tools (semantic discovery via pgvector with HNSW indexes), get_tool_schema (inspect a tool's shape before invocation), and execute_code (orchestrate multi-tool calls inside a QuickJS sandbox, ES2020-conformant). The agent finds what it needs on demand. Context usage drops by roughly 98%.
Tools that get smarter over time
Auto-generated tool definitions are a starting point, not the finish line. With AI Enrichment enabled, MCP Bridge uses an LLM to improve tool names, descriptions, and search embeddings automatically, making your imported APIs easier for agents to discover and invoke correctly. Connect any OpenAI-compatible chat completions endpoint and let it sharpen your tool catalog over time.
The flow is four steps:
1. Import. Point MCP Bridge at any API schema: OpenAPI 3.x / Swagger 2.0 specs, GraphQL introspection endpoints, WSDL definitions, or .proto files (with gRPC server reflection). Upload, paste, or fetch by URL.
2. Generate. MCP Bridge auto-generates fully typed MCP tool definitions, complete with input and output schemas, auto-inferred tool annotations (read-only, destructive, idempotent, open-world hints), and documentation. Enable or disable tools, rename them, customize parameter mappings, and configure per-tool response processing, all from a web UI.
