Should you build an MCP server or MCP client?

If you're involved in building SaaS applications or AI agents (and haven't been living under a rock) you've definitely sensed the growing excitement around the Model Context Protocol (MCP).

Created by Anthropic, MCP is rapidly becoming the go-to protocol for connecting AI with external tools, services, and data sources. Here’s a question you should be asking yourself before jumping onto the MCP bangwagon. Should you be building an MCP server to expose your platform's capabilities, or an MCP client to consume data and capabilities from a server?

This blog will help you wrap your head around the basics of MCP, explore both server and client perspectives, and provide a decision framework to guide your strategy.

Understanding MCP servers

As an MCP server, your product transforms into a powerful toolkit for the AI ecosystem. You would expose your platform's unique capabilities, valuable data, and core functionalities to AI models and applications in a standardized way.

What it means to create an MCP server

This means AI agents, whether developed by your customers or third parties, could:

• Discover the "tools" your SaaS offers: Through MCP, an AI agent can query your server to understand what actions it can perform (e.g., "create invoice," "fetch user analytics," "update project status").
• Execute actions within your platform: An AI could instruct your server to perform specific tasks using the discovered tools, effectively using your SaaS as an extension of its own capabilities.
• Retrieve data securely: Your server could provide relevant data from your platform to AI agents, enabling them to make more informed decisions or generate richer outputs, all while respecting tenant data boundaries and permissions.

Key components and functionalities of MCP servers

• Protocol layer: This is the heart of MCP, defining the structure of requests and responses. It outlines how tools are described, how actions are invoked, and how results are returned. Your server must strictly adhere to these protocol specifications to ensure interoperability with various MCP clients.
• Transport layer: This dictates how MCP messages are exchanged between the client (AI agent) and your server. Common choices include HTTP/S, WebSockets, or gRPC, each with its own trade-offs in terms of performance, security, and complexity. The choice often depends on the expected interaction patterns (e.g., synchronous requests vs. streaming data).
• Messages/Types: MCP defines specific message formats and data types for communication. This includes messages for tool discovery (^{/.well-known/mcp}), tool invocation, data exchange, and error reporting. Your server needs to correctly parse incoming messages and generate compliant outgoing messages.
• Connection lifecycle: This involves managing how clients connect to your server, maintain sessions (if applicable), and disconnect. It includes aspects like authentication, authorization (crucial in B2B SaaS for tenant isolation), and handling concurrent connections efficiently.
• Error handling: Your MCP server must provide clear, standardized error messages when a request cannot be processed, a tool fails, or an authentication/authorization issue occurs. This helps client applications understand and potentially recover from issues.

Let's use the example of a GitHub MCP server available to an AI agent that would like to analyze code repositories:

Real-world applications of MCP servers

Atlassian MCP server

Atlassian’s Remote MCP Server enables AI agents to securely interact with Jira and Confluence. It supports both reading and writing operations, allowing agents like Claude to assist with issue tracking, documentation, and more in a structured and permission-aware environment.

• Supports summarizing Jira issues and Confluence pages
• Allows AI agents to create issues and pages
• Uses OAuth and follows Atlassian permission controls

Hubspot MCP server

HubSpot’s MCP server provides AI agents with secure access to CRM data. This integration is currently in beta and facilitates workflows like sales support and customer engagement directly from AI tools.

• Fetches contacts, deals, companies, and tickets
• Allows creation of tasks, notes, and record updates
• Enables summarization of pipelines and support interactions
• Uses OAuth authentication for secure access

GitHub MCP server

GitHub’s official MCP server allows AI agents to manage repositories, issues, pull requests, and more. It’s an open-source project designed to give structured and secure access to GitHub data through the MCP protocol.

• Open-source and configurable via environment variables
• Supports issue and PR creation, reading, and updates
• Allows file and branch management within repositories
• Provides access to user metadata and code alerts
• Authentication via GitHub personal access tokens

Understanding MCP clients

While a server exposes capabilities, an MCP client consumes them. MCP clients are designed to maintain dedicated, typically one-to-one connections with MCP servers. This approach lets you enhance your offerings by integrating external AI-accessible resources into your application.

MCP clients are responsible for handling all bidirectional communication, discovering available tools on a server, formulating requests, sending them to the server, and processing the responses or data received.

What does It mean to be an MCP client?

As an MCP client, your platform would actively connect to and consume capabilities from other MCP servers.

This allows you to integrate external AI-accessible resources, data, or specialized functionalities directly into your own application. Instead of your platform being the tool, it becomes the intelligent agent that leverages the broader MCP ecosystem to enhance its own offering and deliver richer experiences to your users.

Key components of MCP clients

• Client transport: This is the mechanism your client uses to send MCP messages to, and receive messages from, an MCP server. It must be compatible with the transport layer supported by the target server (e.g., HTTP/S libraries for RESTful MCP servers, WebSocket clients).
• Roots support: A fundamental part of MCP is discoverability. Your client needs to be able to query the standard ^{/.well-known/mcp} endpoint on a server to fetch the MCP "roots file." This file describes the server, its available tools, how to authenticate, and other essential metadata.
• Sampling support: For high-volume interactions or for monitoring purposes, MCP may define mechanisms for sampling requests and responses. If your client needs to interact with servers that utilize or require sampling, it must implement the necessary logic to handle these sampling instructions or provide sampled data.
• Logging: Comprehensive logging is crucial for debugging, monitoring, and auditing interactions with external MCP servers. This includes logging requests, responses, errors, connection status, and authentication attempts. Good logging practices help in troubleshooting integration issues and understanding usage patterns.

Practical use cases of MCP clients

• Marketing automation SaaS: Your SaaS marketing automation tool, acting as an MCP client, could connect to the HubSpot MCP server to fetch real-time customer interaction data, lead scores, and campaign engagement metrics. Your platform could then use this data to automate highly personalized email marketing campaigns and build more effective customer journeys.
• Project management SaaS: Your project management SaaS, as an MCP client, could integrate with Notion’s MCP server. This would allow your users to automate task creation in Notion based on project milestones in your tool, link relevant documents, and synchronize progress updates, creating a seamless workflow across platforms.
• Customer support platforms: Your customer support platform, by becoming an MCP client, could integrate with a Freshworks MCP server to automatically fetch detailed ticket information, customer history from Freshworks, and then use its own AI-driven criteria to intelligently escalate issues, assign them to the right agents, or even suggest solutions based on the combined data.

MCP authentication: why security matters

As AI agents and platforms begin to interact more intimately through MCP, authentication becomes table stakes. Without it, sensitive data could be exposed, unauthorized actions could be performed, and the trust inherent in B2B relationships would be compromised. Both MCP servers and clients have distinct but related responsibilities in ensuring secure communication.

Authentication for MCP servers

For an MCP server, authentication is about verifying the identity of an incoming MCP client (the AI agent or application) and ensuring it has the legitimate right to access specific tools and data, especially in a multi-tenant B2B SaaS environment.

The server must reliably determine who is making the request. Common methods include:

• The best method is OAuth 2.0 / 2.1: This is an industry-standard delegation protocol. The client (AI agent) obtains an access token from an authorization server (which could be managed by your SaaS or a trusted identity provider). This token is then presented to your MCP server with each request. It allows for granular permissions (scopes) and is well-suited for third-party client access.
• Authorization and scoping: Authentication (who the client is) must be followed by authorization (what the client is allowed to do).
• The server needs mechanisms to issue, validate, revoke, and rotate tokens.

Authentication for MCP clients

For an MCP client embedded within your SaaS platform, authentication involves securely presenting credentials to external MCP servers to prove its identity and gain authorized access to their tools and data.

• Credential management: Your platform (acting as a client) needs a secure way to store and manage the credentials (OAuth tokens) required to access various external MCP servers.
• Secure storage: Use encrypted databases or dedicated secrets management services (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) to store these credentials.
• Configuration: Provide a secure interface for administrators to configure the necessary credentials for each external MCP server your platform needs to connect to.
• For more automated onboarding with OAuth 2.0 enabled MCP servers, DCR (RFC 7591) allows a client to dynamically register with an authorization server. This can simplify initial setup, but both the client and the server must support the DCR protocol.

Explore how to secure your MCP interactions in our guide to the MCP authorization layer

Decision matrix: MCP server or client?

The choice between building an MCP server or an MCP client (or eventually, both) is a strategic one. The following matrix, along with key questions, can help you navigate this decision.

MCP server or client?

Conclusion: Choosing the right MCP path

Choosing between building an MCP server or client—or potentially both—depends significantly on your strategic goals and customer needs:

• Build an MCP server if: Your platform’s capabilities and data are highly valuable and in demand by external AI ecosystems.
• Build an MCP client if: Your primary aim is to rapidly enrich your platform by leveraging external AI capabilities.

Using the provided decision matrix, combined with a thorough understanding of your strategic objectives and customer expectations, will help you confidently navigate your MCP strategy.

MCP servers expose your platform’s tools and data to AI agents, while MCP clients consume external capabilities; building either means managing protocol layers, transport options, discovery endpoints and OAuth 2.0/2.1 authentication  . Sign up for a free Scalekit account to experiment with both MCP server and client patterns—our drop‑in OAuth 2.1 simplifies authentication and lets you focus on strategic AI integrations. Still deciding? Book time with our experts to choose the best MCP path for your product.

FAQs

What is the primary function of an MCP server?

An MCP server transforms your SaaS product into a toolkit for the AI ecosystem by exposing unique capabilities and data. It allows AI agents to discover tools, execute actions, and retrieve data through a standardized protocol. By strictly adhering to the protocol layer, your server ensures interoperability across various AI applications. This architecture is essential for B2B platforms looking to enable third-party agents to perform tasks like creating invoices or fetching analytics while maintaining strict control over the exposed resources and ensuring data is accessed securely within defined tenant boundaries.

Why is OAuth 2.1 preferred for MCP authentication?

OAuth 2.1 serves as the gold standard for securing MCP interactions because it provides a robust framework for identity delegation. It allows AI agents to obtain access tokens from an authorization server, ensuring that every request to an MCP server is authenticated and authorized. This method supports granular scopes, which are critical for maintaining multi-tenant isolation and fine-grained permissions in B2B environments. By utilizing OAuth 2.1, developers can implement secure token issuance, validation, and rotation, preventing unauthorized actions and protecting sensitive platform data from exposure during agent to server communications.

How does Dynamic Client Registration simplify MCP onboarding?

Dynamic Client Registration, or DCR, is a protocol defined in RFC 7591 that allows MCP clients to automatically register with an authorization server. This process removes the need for manual configuration of client IDs and secrets, streamlining the integration between AI applications and SaaS platforms. In a B2B context, DCR simplifies the setup phase for customers who want to connect their agents to your MCP server. However, both the client and the server must support the DCR protocol to ensure that the initial handshake and subsequent token exchanges remain secure and automated.

What role does the transport layer play in MCP?

The transport layer dictates how messages are exchanged between an MCP client and an MCP server. Common implementations include HTTP or WebSockets and gRPC, each offering different trade-offs regarding performance and security. Choosing the right transport depends on your specific use case, such as whether you require synchronous request-response patterns or real-time streaming data. For technical architects, selecting a transport layer is a critical decision that impacts the scalability and responsiveness of the AI integration, as well as the complexity of the security measures needed to protect the data in transit.

How do MCP clients discover available server tools?

MCP clients identify capabilities by querying a standardized discovery endpoint, typically located at the well-known MCP path. This request fetches a roots file that describes the server, its available tools, and the necessary authentication requirements. This mechanism ensures that AI agents can dynamically understand what actions they are permitted to perform, such as updating project statuses or fetching user records. For developers, implementing this discovery process is vital for building resilient clients that can adapt to server-side updates without requiring manual reconfiguration or hardcoded API endpoints for every new tool.

What are the security risks of unauthenticated MCP servers?

Operating an MCP server without robust authentication poses significant risks, including unauthorized data exposure and the execution of malicious actions. Without verifying the identity of the incoming AI agent, a platform cannot guarantee tenant isolation or respect data boundaries. This lack of security undermines the trust required in B2B relationships and can lead to serious compliance violations. Implementing OAuth 2.1 and strictly enforcing authorization scopes are essential steps to prevent these vulnerabilities. Properly secured servers ensure that only authorized agents can access specific tools, thereby maintaining the integrity of the SaaS platform and its user data.

When should a company choose to build an MCP client?

A company should build an MCP client when its primary goal is to enrich its own platform by consuming capabilities from external AI-accessible resources. Instead of exposing its own data, the platform acts as an intelligent agent that leverages the broader ecosystem to deliver more value to users. For example, a project management tool might act as a client to integrate with a CRM server to synchronize customer data. This strategy is ideal for organizations that want to rapidly enhance their product features without the high development overhead of maintaining an external-facing API server.

How does MCP handle multi-tenancy in B2B SaaS?

Multi-tenancy in MCP is managed through the combination of authentication and fine-grained authorization at the server level. When an AI agent makes a request, the server must not only verify the agent identity but also ensure it is operating within the correct tenant context. By using OAuth tokens with specific tenant scopes, the server can restrict data access and tool execution to the appropriate environment. This prevents cross-tenant data leakage and ensures that permissions are strictly enforced, which is a top priority for CISOs and engineering managers overseeing secure B2B integrations.

What are the main components of an MCP client?

The primary components of an MCP client include the client transport mechanism, roots discovery support, sampling logic, and comprehensive logging. The transport mechanism must be compatible with the server, while roots support allows the client to fetch metadata about available tools. Sampling is often required for high-volume monitoring, and logging is essential for auditing and troubleshooting connection issues. Together, these components enable the client to securely and efficiently interact with various external MCP servers, providing a seamless flow of data and functionality that enhances the overall capabilities of the host SaaS application.