Add API key auth, per-tool pricing, rate limiting, and usage metering to any Model Context Protocol server. Zero config. No code changes.
npx paygate-mcp wrap --server "your-mcp-server"
Cryptographic key generation with pg_ prefix. Keys masked in list endpoints. Admin key never exposed.
Each tool call costs credits. Set global pricing or per-tool overrides. Integer-only to prevent float exploits.
Per-key sliding window rate limits. Concurrent-safe. Set globally or per-tool. Default 60 calls/min.
Track every call: who, what tool, when, credits charged. Full dashboard via /status endpoint.
Log all tool calls without enforcing payment. Perfect for testing and understanding usage patterns before going live.
Works with any MCP server using stdio transport. No code changes needed. Wrap and go in under 60 seconds.
You built a useful MCP server — a code analyzer, data pipeline, or API connector. Now you want to charge AI agents per tool call instead of giving it away for free. Wrap it with PayGate in one command.
You have an existing API and want to expose it to AI agents via MCP. PayGate handles auth, billing, and rate limiting so you can focus on your core service, not building payment infrastructure.
Your company runs internal MCP servers for AI assistants. Use PayGate to track which teams use what tools and how much, enforce usage limits, and manage access with API keys.
New in v0.1.4: Add --state-file ~/.paygate/state.json to persist keys and credits across restarts. Without it, data lives in memory (great for testing).
npx paygate-mcp wrap \
--server "npx @modelcontextprotocol/server-filesystem /tmp" \
--price 2 \
--rate-limit 30
curl -X POST http://localhost:3402/keys \
-H "Content-Type: application/json" \
-H "X-Admin-Key: YOUR_ADMIN_KEY" \
-d '{"name": "my-client", "credits": 100}'
curl -X POST http://localhost:3402/mcp \
-H "Content-Type: application/json" \
-H "X-API-Key: CLIENT_KEY" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
"params":{"name":"read_file",
"arguments":{"path":"/tmp/data.txt"}}}'
| Endpoint | Method | Auth | Description |
|---|---|---|---|
/mcp |
POST | X-API-Key |
JSON-RPC 2.0 proxy to wrapped server |
/keys |
POST | X-Admin-Key |
Create a new API key with credits |
/keys |
GET | X-Admin-Key |
List all keys (masked) |
/topup |
POST | X-Admin-Key |
Add credits to an existing key |
/keys/revoke |
POST | X-Admin-Key |
Revoke an API key |
/status |
GET | X-Admin-Key |
Full dashboard with usage stats |
/ |
GET | None | Health check |
initialize, tools/list, resources/list, prompts/list, and ping pass through without auth or billing.