← All articles

MCP Security Best Practices

June 13, 2026·6 min read·MCPForge

MCP Security Best Practices


Connecting AI agents to production APIs introduces new security challenges. Here are the most important practices to follow.


1. Never Expose Your Full API Surface


The most common mistake is converting every API endpoint to an MCP tool. AI agents don't need access to everything — and reducing the attack surface is the single most effective security measure.


Before deploying an MCP server, explicitly decide which endpoints the AI should access. Default to denying access and only enable tools that are necessary for the use case.


2. Classify Endpoints by Risk


Not all endpoints carry the same risk. A useful classification:


  • **READ** — GET endpoints that return data. Generally safe.
  • **WRITE** — POST/PUT/PATCH endpoints that modify data. Require consideration.
  • **DELETE** — Endpoints that permanently remove data. High risk.
  • **BILLING** — Endpoints that handle payments, refunds, or subscriptions. High risk.
  • **AUTH** — Endpoints that manage tokens, passwords, or sessions. High risk.
  • **ADMIN** — Endpoints with elevated privileges. High risk.

Disable HIGH risk endpoints by default and require explicit approval before they can be called.


3. Store Credentials Server-Side


API keys and bearer tokens should never be stored on the client where Claude runs. If someone has access to the Claude Desktop config file, they can extract any credentials stored there.

Want to analyze your API security?

Import your OpenAPI spec and generate a Security Report automatically.

Generate Security Report →

Instead, store credentials in a server-side vault and inject them into outgoing requests. The AI agent never sees the raw credential — it just calls the tool and the server handles authentication.


4. Use Approval Workflows for Destructive Actions


For high-risk operations, implement a human-in-the-loop approval workflow. When Claude tries to call a destructive endpoint, the request is held until a human reviews and approves it.


This gives you a safety net for operations that can't be undone — deleting records, issuing refunds, modifying access controls.


5. Log Every Tool Call


Maintain a full audit log of every tool call made through your MCP server:


  • Which tool was called
  • What arguments were provided
  • Whether it succeeded or was blocked
  • When it happened

This is essential for debugging, compliance, and detecting unexpected behavior.


6. Set Expiring Approvals


If you implement approval workflows, make sure approvals expire. A one-time approval for a specific action shouldn't grant permanent access. Require re-approval for each execution.


MCPForge's Security Layer


MCPForge implements all of these practices automatically:


  • Risk detection classifies every tool when your spec is imported
  • High-risk tools are disabled by default
  • Credentials are encrypted and injected server-side
  • Approval workflows hold tool calls for human review
  • Full audit logs capture every tool call with method, path, status, and latency

Check your MCP security posture

Generate a Security Score, detect risky tools, and review permissions before exposing APIs to AI agents.

Try MCPForge Free →

Related Articles

What Is Model Context Protocol (MCP)?

OpenAPI to MCP: Complete Guide

How to Connect Claude to Any API Using MCP

Coming soon

GitHub MCP Server Explained

Coming soon