How to Deploy and Verify a TypeScript MCP Server on Railway
This guide is based on a real production deployment running on Railway.
Every verification result, report, and configuration shown in this article comes from a live MCP server—not a simulated example.
Deploying an MCP server locally is only the first step. Running it reliably in production requires secure configuration, health monitoring, deployment automation, and a way to verify that AI clients can successfully communicate with the server.
Railway has become one of the easiest platforms for deploying production MCP servers because it supports Docker-based applications, automatic deployments from GitHub, HTTPS by default, and simple environment variable management. Railway also introduced its own official MCP tooling through the Railway CLI, demonstrating the platform's growing investment in the Model Context Protocol ecosystem.
In this guide you'll learn how to:
- deploy a production-ready TypeScript MCP server to Railway
- configure authentication and environment variables
- verify that your deployment is healthy
- generate a live verification report with MCPForge
- publish a permanent verified MCP profile that can be shared publicly
Want to analyze your API security?
Import your OpenAPI spec and generate a Security Report automatically.
Rather than using screenshots or hypothetical examples, this tutorial follows a real deployment that is publicly available.
Final Result
By the end of this guide you'll have:
✅ A production MCP server running on Railway
✅ Automatic HTTPS
✅ API key authentication
✅ Health endpoint
✅ Docker deployment
✅ Live MCP verification
✅ Public security report
✅ Verified MCP profile
The complete source code is available here:
GitHub Repository
https://github.com/kamolc4/mcpforge-demo-server
README
https://github.com/kamolc4/mcpforge-demo-server#readme
You can also download the production-ready template from the MCPForge Code Hub:
TypeScript MCP Server — Railway Deployment
https://www.mcpforge.tech/code/typescript-mcp-server-railway
Architecture
The deployment workflow is straightforward.
GitHub Repository
│
▼
Railway Deployment
│
▼
Live MCP Endpoint
│
▼
MCPForge Live Verification
│
├──────────────► Public Security Report
│
└──────────────► Verified MCP Profile
Unlike traditional API deployments, the final step is important.
Deploying a server only proves that the application starts.
Live MCP verification confirms that the server actually speaks the MCP protocol correctly by validating protocol initialization, tool discovery, compatibility, and operational health.
Step 1 — Prepare the MCP Server
For this guide we'll use the production-ready TypeScript template available on MCPForge.
The template already includes:
- Express
- official MCP SDK
- Streamable HTTP transport
- API key authentication
- Zod configuration validation
- structured Pino logging
- Docker support
- Railway deployment configuration
- health monitoring
- automated tests
Instead of building everything from scratch, we'll focus on production deployment and verification.
Download the template:
https://www.mcpforge.tech/code/typescript-mcp-server-railway
If you'd like to inspect the complete implementation, the full source code is also available on GitHub:
https://github.com/kamolc4/mcpforge-demo-server
Step 2 — Deploy to Railway
Railway supports GitHub-based deployments out of the box.
The deployment process is:
-
Push your repository to GitHub.
-
Create a new Railway project.
-
Choose Deploy from GitHub Repository.
-
Select your MCP server repository.
-
Railway automatically detects the included Dockerfile and starts building the application.
No additional deployment scripts are required.
One advantage of Railway is that every deployment automatically receives HTTPS, making it immediately compatible with remote MCP clients.
After deployment your endpoint will look similar to:
https://your-project.up.railway.app/mcp
This endpoint becomes the public MCP endpoint used by Claude Desktop, Cursor, Windsurf, and other MCP-compatible clients.
Step 3 — Configure Environment Variables
Before exposing your MCP server to AI clients, configure the required environment variables.
For this template, Railway only requires a few settings.
| Variable | Required | Purpose |
|---|---|---|
MCP_API_KEY | ✅ | Protects your MCP endpoint |
NODE_ENV | ✅ | Enables production optimizations |
LOG_LEVEL | Optional | Controls structured logging |
REQUEST_TIMEOUT_MS | Optional | Outbound request timeout |
The most important variable is MCP_API_KEY.
Generate a long, cryptographically random key rather than using a simple password.
Example:
MCP_API_KEY=3b98d98bde8b4b5e98c7d76d31...
Avoid committing secrets into Git.
Railway provides encrypted environment variables, making it unnecessary to hardcode credentials inside your application or repository.
Step 4 — Verify the Deployment
Once Railway finishes building the application, verify that the deployment is healthy before connecting any AI client.
Start with the health endpoint.
GET /health
A successful response confirms that:
- the application started correctly
- dependencies initialized successfully
- Railway routing is working
- your container is accepting requests
Next, verify the MCP endpoint.
https://your-project.up.railway.app/mcp
Unlike a traditional REST API, an MCP endpoint should respond using the Model Context Protocol rather than returning an HTML page.
If the endpoint returns HTML, you're probably pointing at the application homepage instead of the MCP endpoint.
If authentication is enabled, expect unauthorized requests to return 401 Unauthorized until a valid API key is supplied.
At this point your server is deployed—but deployment alone doesn't guarantee that AI clients can successfully communicate with it.
The next step is verifying the protocol itself.
Step 5 — Verify the Server with MCPForge
Open:
MCP Verify
https://www.mcpforge.tech/verify
Paste your deployed MCP endpoint.
For protected servers, expand:
Add API Key for authenticated MCP servers
and enter the same API key configured in Railway.
Unlike static OpenAPI analysis, Live MCP Verification connects directly to the running server and validates the protocol implementation.
During verification MCPForge checks:
- protocol initialization
- transport compatibility
- tool discovery
- resources
- prompts
- health endpoint
- authentication behaviour
- production compatibility
Instead of simply checking whether a URL responds, MCPForge verifies whether the endpoint behaves like a real MCP server.
This allows native MCP servers that do not expose an OpenAPI specification to be verified through the protocol itself.
Step 6 — Review the Live Verification Report
The deployment used throughout this guide is publicly available.
Verified MCP Profile
https://www.mcpforge.tech/verified/railway-mcp
Security Report
https://www.mcpforge.tech/security-reports/railway-mcp
Unlike demo reports, this verification was generated by connecting to the live Railway deployment.
The report evaluates multiple production characteristics, including:
- Security
- Compliance
- Compatibility
- Quality
- Health
It also records protocol information discovered during verification, helping developers confirm that their deployment is compatible with modern MCP clients.
Publishing verification results gives users confidence that the server is operational and has been tested against a real MCP implementation instead of relying solely on documentation.
What MCPForge Verified
During the live verification session, MCPForge connected directly to the running Railway deployment and checked the following protocol-level characteristics.
| Check | Result |
|---|---|
| Handshake | PASS |
| Transport | HTTP Streamable |
| Tools | 3 |
| Resources | 0 |
| Prompts | 0 |
| Authentication | PASS |
| Health | PASS |
These results confirm that the deployment is not only online, but actually speaks the MCP protocol correctly and is ready to be used by AI clients.
Live Verification Results
This deployment was successfully verified by MCPForge.
Deployment
| Property | Value |
|---|---|
| Platform | Railway |
| Transport | HTTP Streamable |
| Authentication | API Key |
| Verification | Live MCP Connection |
MCPForge Scores
| Category | Score |
|---|---|
| Overall | 87 |
| Security | 72 |
| Compliance | 95 |
| Compatibility | 86 |
| Quality | 100 |
| Health | 95 |
View the complete report:
https://www.mcpforge.tech/security-reports/railway-mcp
View the verified profile:
https://www.mcpforge.tech/verified/railway-mcp
Why Live Verification Matters
Deploying an application successfully doesn't necessarily mean AI clients can use it.
For example, all of the following situations can still prevent successful MCP communication:
- incorrect transport
- authentication failures
- invalid protocol implementation
- missing tool registration
- unhealthy deployments
- broken endpoint routing
Traditional uptime monitoring won't detect these issues because the application itself may still be online.
Live MCP verification validates the protocol layer that AI clients actually depend on.
As remote MCP deployments become more common, protocol-level validation is becoming increasingly important for production environments. Railway itself now provides official tooling for MCP workflows through its CLI and hosted MCP capabilities, reflecting the growing adoption of remote MCP infrastructure.
Production Best Practices
Once your MCP server is running successfully, it's worth spending a few extra minutes hardening the deployment before connecting production AI clients.
Secure Authentication
Never expose an unauthenticated MCP endpoint publicly.
Use a strong API key or OAuth where appropriate, and rotate credentials periodically.
Avoid:
- committing secrets to Git
- embedding API keys inside source code
- sharing production credentials in documentation
Instead, store secrets in Railway Variables and inject them as environment variables during deployment.
Monitor Server Health
A running container doesn't necessarily mean a healthy MCP server.
Monitor:
- response latency
- failed requests
- tool execution time
- memory usage
- deployment failures
A simple /health endpoint combined with Railway's deployment monitoring provides an excellent first layer of operational visibility.
Verify After Every Deployment
Every deployment has the potential to introduce compatibility regressions.
Examples include:
- SDK upgrades
- authentication changes
- transport modifications
- new tools
- infrastructure changes
Running a fresh Live MCP Verification after deployment helps identify problems before users discover them.
For production environments, verification should become part of your deployment checklist rather than a one-time task.
Keep Dependencies Updated
The MCP ecosystem is evolving rapidly.
Regularly update:
@modelcontextprotocol/sdk- Express
- Zod
- Pino
- security patches
- Docker base images
Older SDK versions may eventually lose compatibility with newer MCP clients.
Production Deployment Checklist
Before sharing your MCP endpoint, verify the following.
✅ HTTPS enabled
✅ Docker deployment successful
✅ API key configured
✅ Environment variables validated
✅ /health endpoint responding
✅ MCP endpoint reachable
✅ Live verification completed
✅ Public verification report generated
✅ Verified profile published
Completing this checklist significantly reduces the likelihood of deployment issues when connecting AI clients.
Common Deployment Mistakes
Even though Railway makes deployment straightforward, several configuration mistakes repeatedly cause production issues.
Understanding these common problems can save hours of debugging.
Deploying the Wrong Endpoint
One of the most common mistakes is verifying or configuring the application root instead of the actual MCP endpoint.
For example:
https://your-project.up.railway.app
instead of:
https://your-project.up.railway.app/mcp
The application homepage usually returns HTML, while AI clients expect valid MCP JSON-RPC responses.
If MCPForge reports:
Server returned an HTML page
you're likely pointing to the wrong URL.
Missing Environment Variables
If MCP_API_KEY or other required variables are missing, the server may start but reject every request or fail during initialization.
Always verify Railway Variables after every deployment.
Never assume that variables from local development were copied automatically.
Forgetting HTTPS
Modern MCP clients expect secure endpoints.
Fortunately, Railway automatically provisions HTTPS for deployed applications, so there's no need to configure certificates manually.
If you're deploying behind another reverse proxy, ensure TLS terminates correctly before requests reach the MCP server.
Skipping Health Checks
Many developers deploy successfully but never verify whether the application remains healthy after startup.
A proper /health endpoint allows:
- Railway health monitoring
- load balancer checks
- uptime monitoring
- deployment validation
Without it, deployments may appear healthy even though the MCP server has failed internally.
No Post-Deployment Verification
Perhaps the biggest mistake is assuming that a successful deployment means the server is production ready.
Deployment only confirms that the application started.
It does not confirm:
- MCP protocol compatibility
- tool discovery
- prompt discovery
- resource discovery
- authentication
- client interoperability
Running a Live MCP Verification immediately after deployment provides confidence that AI clients can actually communicate with the server.
Troubleshooting Railway Deployments
If your deployment isn't working correctly, check these items in order.
Deployment succeeds but MCP clients cannot connect
Verify:
- the endpoint ends with
/mcp - HTTPS is enabled
- API keys are correct
- the MCP transport is configured correctly
Next, run a Live MCP Verification using MCPForge.
Verification reports "HTML page"
This usually means one of the following:
- wrong URL
- landing page instead of MCP endpoint
- authentication redirect
- reverse proxy configuration
Verify the exact MCP endpoint before troubleshooting the server itself.
Verification reports authentication failures
Confirm:
- API key matches Railway Variables
- headers are being sent correctly
- authentication middleware is registered before the MCP handler
Deployment suddenly fails after an update
Review:
- Railway deployment logs
- dependency updates
- Node.js version
- MCP SDK version
- Docker build output
Many production failures originate from dependency upgrades rather than application code.
Why Railway Works Well for MCP Servers
Railway is particularly well suited for MCP deployments because it removes much of the operational complexity typically associated with hosting backend services.
Advantages include:
- automatic HTTPS
- GitHub-based deployments
- Docker support
- encrypted environment variables
- deployment logs
- automatic rebuilds
- health monitoring
- scalable infrastructure
Combined with the official MCP SDK, Railway provides an excellent foundation for hosting production MCP servers without managing Kubernetes clusters or complex infrastructure.
This allows developers to spend more time building useful MCP tools instead of maintaining deployment pipelines.
Real Deployment Example
Everything demonstrated in this guide is based on a real, publicly available deployment.
Source Code
https://github.com/kamolc4/mcpforge-demo-server
Download the Production Template
https://www.mcpforge.tech/code/typescript-mcp-server-railway
Live Security Report
https://www.mcpforge.tech/security-reports/railway-mcp
Verified MCP Profile
https://www.mcpforge.tech/verified/railway-mcp
Rather than relying on screenshots or simulated examples, you can inspect the complete deployment, review the generated verification report, and compare the implementation with your own MCP server.
This makes the guide both a tutorial and a practical reference for deploying production-ready MCP servers on Railway.
Connect Your AI Client
Once your MCP server is deployed and verified, it's ready to be used by AI clients.
One advantage of exposing your server over HTTP is that multiple clients can connect to the same deployment without running the server locally on every machine.
Claude Desktop
Add the following configuration to your claude_desktop_config.json.
{
"mcpServers": {
"railway-mcp": {
"url": "https://your-project.up.railway.app/mcp",
"transport": "http"
}
}
}
If your server requires authentication, include the appropriate headers according to your implementation.
For a complete setup guide, see:
Claude Desktop MCP: Complete Guide
/blog/claude-desktop-mcp-complete-guide
Claude Code
Claude Code also supports remote MCP servers.
After deploying your server to Railway, you can register it directly using the MCP CLI.
Example:
claude mcp add railway-demo \
--transport http \
https://your-project.up.railway.app/mcp
Modern versions of the Railway CLI can also configure Railway's own hosted MCP server automatically for supported editors and AI agents, including Claude Code and Cursor.
Learn more:
Claude Code MCP CLI: Complete Command Reference
/blog/claude-code-mcp-cli-command-reference
Cursor
Cursor supports remote MCP servers through .cursor/mcp.json.
Example configuration:
{
"mcpServers": {
"railway-demo": {
"url": "https://your-project.up.railway.app/mcp"
}
}
}
Once configured, Cursor automatically discovers the tools exposed by your server.
If MCPForge successfully verifies your deployment, Cursor should discover the same tools during normal operation.
Continuous Verification
Deploying once isn't enough.
Production MCP servers evolve over time.
You'll eventually:
- add tools
- update dependencies
- rotate credentials
- change transports
- modify authentication
- upgrade the MCP SDK
Each of these changes can accidentally introduce compatibility regressions.
For this reason, production teams should verify their MCP server after every deployment.
A recommended workflow looks like this:
Develop
│
▼
Commit to GitHub
│
▼
Railway Deployment
│
▼
Smoke Test
│
▼
Live MCP Verification
│
▼
Review Security Report
│
▼
Publish
This process catches protocol-level issues before they reach AI clients.
Why This Workflow Matters
Traditional deployment pipelines answer one question:
Did the application deploy successfully?
MCP deployments require answering another:
Can AI clients actually use it?
Those are not the same thing.
An application may be online while still failing:
- protocol initialization
- authentication
- tool discovery
- prompt discovery
- resource discovery
- compatibility with Claude Desktop or Cursor
Live protocol verification fills this gap by testing the running server instead of relying solely on static configuration.
As remote MCP deployments become more common, protocol-aware verification is becoming an important part of production operations. Railway itself now documents both hosted and self-hosted MCP deployment patterns, reflecting the broader shift toward remotely hosted MCP infrastructure.
Continue Learning
After deploying your first production MCP server, these resources will help you build, secure, and maintain more advanced deployments.
Deploy and Verify
Build Production Servers
TypeScript MCP Server — Railway Deployment
OpenAPI to MCP: Complete Guide
Production Operations
Claude Integration
Claude Desktop MCP: Complete Guide
Claude Code MCP CLI: Complete Command Reference
How to Connect Claude to Any API Using MCP
Conclusion
Railway has quickly become one of the most practical platforms for hosting production MCP servers.
With GitHub-based deployments, Docker support, automatic HTTPS, encrypted environment variables, and simple scaling, it removes much of the operational complexity traditionally associated with backend infrastructure.
Combined with MCPForge Live Verification, you can go one step further.
Instead of merely deploying an MCP server, you can continuously verify that it remains compatible with the Model Context Protocol, discoverable by AI clients, and ready for production use.
If you're building serious MCP infrastructure, the recommended workflow is simple:
- Build your server.
- Deploy it to Railway.
- Verify it with MCPForge.
- Publish the verification report.
- Re-verify after every production deployment.
This approach provides confidence not only that your server is running, but that it is actually ready to power AI applications in production.