Edit

Share via

Expose REST API in API Management as an MCP server

APPLIES TO: Basic | Basic v2 | Standard | Standard v2 | Premium | Premium v2

In API Management, you can expose a REST API managed in API Management as a remote Model Context Protocol (MCP) server using its built-in AI gateway. Expose one or more of the API operations as tools that MCP clients can call using the MCP protocol.

Important

Azure API Management also supports secure integration with existing MCP-compatible servers - tool servers hosted outside of API Management. For more information, see Expose an existing MCP server.

Learn more about:

Limitations

The following limitations apply to this preview. Preview features are subject to change, so check back for updates.

  • API Management supports MCP server tools, but doesn't support MCP resources or prompts.
  • MCP server capabilities aren't supported in API Management workspaces.

Prerequisites

  • If you don't already have an API Management instance, complete the following quickstart: Create an Azure API Management instance.

    • The following service tiers are supported for preview: classic Basic, Standard, Premium, Basic v2, Standard v2, or Premium v2.
    • In the classic Basic, Standard, or Premium tier, you must join the AI Gateway Early update group to access MCP server features. Allow up to 2 hours for the update to be applied.

  • Make sure that your instance manages an HTTP-compatible API (any API imported as a REST API, including APIs imported from Azure resources) that you'd like to expose as an MCP server. To import a sample API, see Import and publish your first API.

    Note

    Other API types in API Management that aren't HTTP-compatible can't be exposed as MCP servers.

  • If you’ve enabled diagnostic logging via Application Insights or Azure Monitor at the global scope (All APIs) for your API Management service instance, ensure that the Number of payload bytes to log setting for Frontend Response is set to 0. This prevents unintended logging of response bodies across all APIs and helps ensure proper functioning of MCP servers. To log payloads selectively for specific APIs, configure the setting individually at the API scope, allowing targeted control over response logging.

  • To test the MCP server, you can use Visual Studio Code with access to GitHub Copilot.

Expose API as an MCP server

Follow these steps to expose a managed REST API in API Management as an MCP server:

  1. In the Azure portal, navigate to your API Management instance.
  2. In the left menu, under APIs, select MCP Servers > + Create MCP server.
  3. Select Expose an API as an MCP server.
  4. In Backend MCP server:
    1. Select a managed API to expose as an MCP server.
    2. Select one or more API operations to expose as tools. You can select all operations or only specific operations.

      Note

      You can update the operations exposed as tools later in the Tools blade of your MCP server.

  5. In New MCP server:
    1. Enter a Name for the MCP server in API Management.
    2. Optionally, enter a Description for the MCP server.
  6. Select Create.

Screenshot of creating an MCP server in the portal.

  • The MCP server is created and the API operations are exposed as tools.
  • The MCP server is listed in the MCP Servers blade. The Server URL column shows the endpoint of the MCP server to call for testing or within a client application.

Screenshot of the MCP server list in the portal.

Configure policies for the MCP server

Configure one or more API Management policies to help manage the MCP server. The policies are applied to all API operations exposed as tools in the MCP server and can be used to control access, authentication, and other aspects of the tools.

Learn more about configuring policies:

Caution

Do not access the response body using the context.Response.Body variable within MCP server policies. Doing so triggers response buffering, which interferes with the streaming behavior required by MCP servers and may cause them to malfunction.

To configure policies for the MCP server:

  1. In the Azure portal, navigate to your API Management instance.

  2. In the left-hand menu, under APIs, select MCP Servers.

  3. Select an MCP server from the list.

  4. In the left menu, under MCP, select Policies.

  5. In the policy editor, add or edit the policies you want to apply to the MCP server's tools. The policies are defined in XML format. For example, you can add a policy to limit calls to the MCP server's tools (in this example, 5 calls per 30 seconds per client IP address).

    <rate-limit-by-key calls="5" renewal-period="30" counter-key="@(context.Request.IpAddress)" remaining-calls-variable-name="remainingCallsPerIP" />

    Screenshot of the policy editor for an MCP server.

Validate and use the MCP server

Use a compliant LLM agent (such as GitHub Copilot, Semantic Kernel, or Copilot Studio) or a test client (such as curl) to call the API Management-hosted MCP endpoint. Ensure that the request includes appropriate headers or tokens, and confirm successful routing and response from the MCP server.

Tip

If you use the MCP Inspector to test an MCP server managed by API Management, we recommend using version 0.9.0.

Add the MCP server in Visual Studio Code

In Visual Studio Code, use GitHub Copilot chat in agent mode to add the MCP server and use the tools. For background about MCP servers in Visual Studio Code, see Use MCP Servers in VS Code.

To add the MCP server in Visual Studio Code:

  1. Use the MCP: Add Server command from the Command Palette.

  2. When prompted, select the server type: HTTP (HTTP or Server Sent Events).

  3. Enter the Server URL of the MCP server in API Management. Example: https://<apim-service-name>.azure-api.net/<api-name>-mcp/mcp (for MCP endpoint)

  4. Enter a Server ID of your choice.

  5. Select whether to save the configuration to your workspace settings or user settings.

    • Workspace settings - The server configuration is saved to a .vscode/mcp.json file only available in the current workspace.

    • User settings - The server configuration is added to your global settings.json file and is available in all workspaces. The configuration looks similar to the following:

    Screenshot of MCP servers configured in Visual Studio Code.

Add fields to the JSON configuration for settings such as authentication header. The following example shows the configuration for an API Management subscription key passed in a header as in input value. Learn more about the configuration format

Screenshot of authentication header configuration for an MCP server

Use tools in agent mode

After adding an MCP server in Visual Studio Code, you can use tools in agent mode.

  1. In GitHub Copilot chat, select Agent mode and select the Tools button to see available tools.

    Screenshot of Tools button in chat.

  2. Select one or more tools from the MCP server to be available in the chat.

    Screenshot of selecting tools in Visual Studio Code.

  3. Enter a prompt in the chat to invoke the tool. For example, if you selected a tool to get information about an order, you can ask the agent about an order.

    Get information for order 2

    Select Continue to see the results. The agent uses the tool to call the MCP server and returns the results in the chat.

    Screenshot of chat results in Visual Studio Code.

Troubleshooting and known issues

Problem Cause Solution
401 Unauthorized error from backend Authorization header not forwarded Use set-header policy to manually attach token
API call works in API Management but fails in agent Incorrect base URL or missing token Double-check security policies and endpoint
MCP server streaming fails when diagnostic logs are enabled Logging of response body or accessing response body through policy interferes with MCP transport Disable response body logging at the All APIs scope - see Prerequisites

Related content