Open Source · MIT Licensed · v9.1.0

Monetize any MCP server
with one command.

Add API key auth, credit billing, rate limiting, analytics, and 199+ production endpoints to any Model Context Protocol server. Zero config. No code changes. No dependencies.

terminal
$ |
npx paygate-mcp wrap --server "your-mcp-server"
199+ Endpoints
5,924 Tests
278 Test Suites
70+ Security Tests
Agent
AI agent calls tools
PayGate
Auth + billing + rate limits
+ analytics + security
Servers
1 or N MCP servers

PayGate sits between agents and your server. Your server code stays untouched.

You built an MCP server.
Now what?

How do I charge for tool calls?

Without PayGate: build API key management, credit tracking, per-tool pricing, spending limits, refund logic, and Stripe integration from scratch.

How do I know who's using what?

Without PayGate: instrument every tool call, build time-series analytics, create usage dashboards, export reports, and track denial reasons.

How do I prevent abuse?

Without PayGate: implement rate limiting, IP restrictions, tool-level ACL, spending caps, key expiry, SSRF prevention, and input validation.

PayGate adds all of this with one command. No code changes to your server.

Up and running in
60 seconds.

1

Start the gated server

terminal 
npx paygate-mcp wrap \
  --server "npx @modelcontextprotocol/server-filesystem /tmp" \
  --price 2 \
  --rate-limit 30
2

Create an API key

terminal 
curl -X POST http://localhost:3402/keys \
  -H "Content-Type: application/json" \
  -H "X-Admin-Key: YOUR_ADMIN_KEY" \
  -d '{"name": "my-client", "credits": 100}'
3

Agents call tools, credits deducted

terminal 
curl -X POST http://localhost:3402/mcp \
  -H "Content-Type: application/json" \
  -H "X-API-Key: pg_a1b2c3..." \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
       "params":{"name":"read_file",
       "arguments":{"path":"/tmp/data.txt"}}}'

# Response includes: X-Credits-Remaining: 98
4

Connect Stripe (optional)

Configure a Stripe webhook to auto-top-up credits when customers pay. PayGate handles the rest.

Everything you need to
sell tool access.

Unique to PayGate

Shadow Mode

Observe every tool call without charging. See real usage patterns, test your pricing model, validate rate limits — then flip to enforcement when you're ready.

--shadow-mode flag or "shadowMode": true in config. Switch to live billing without restarting.

Credit-Based Billing

Set global or per-tool prices in credits. Integer-only to prevent float exploits. Dynamic pricing per KB of input. Spending limits per key. Automatic refunds when downstream calls fail.

Auto-topup when balance drops. Credit transfers between keys. Full ledger history. Stripe integration for fiat.

OAuth 2.1 + PKCE + M2M

Full authorization server. Dynamic client registration (RFC 7591), token refresh and revocation (RFC 7009), client_credentials grant for M2M auth, server metadata discovery.

Prometheus Metrics

/metrics in standard Prometheus text format. Tool calls, credits, denials, rate limits, active keys, sessions, uptime. Plug into Grafana or Datadog.

Multi-Server Mode

Wrap N MCP servers behind one PayGate instance. Tools prefixed by server name — fs:read_file, github:search. Shared credits across all backends.

Redis Horizontal Scaling

Run multiple PayGate instances behind a load balancer. Atomic credit deduction via Lua scripts, distributed rate limiting, token revocation sync. Zero-dep RESP client.

SSE Streaming

Full MCP Streamable HTTP transport. POST returns JSON or SSE, GET opens notification streams, DELETE terminates sessions. Auto-expiry, keepalive, and session limits.

SEP-2007 Aligned

AI agents discover pricing via /.well-known/mcp-payment and /pricing. Standard -32402 error code for payment-required. tools/list includes _pricing metadata.

Built for production
at any scale.

66+ enterprise features across 8 categories. Click to expand.

Complete key lifecycle: create with credits, ACL, quotas, expiry, spending limits, and IP allowlists in one request. Rotate keys preserving all state. Self-service key rotation via portal with 5-minute rate limiting that survives across rotations. Suspend/resume without permanent revocation. Clone keys for quick provisioning. Assign human-readable aliases. Attach metadata tags for external systems. Add timestamped admin notes. Schedule future actions (topup, suspend, revoke). Bulk operations for multi-key management. Key templates for reusable presets. Import/export with conflict resolution.

64+ analytics endpoints. Time-series data with hourly/daily bucketing. Tool breakdown by calls, credits, latency (p95/p99), and error rates. Consumer segmentation (power/regular/casual/dormant). Revenue analysis per tool, key, namespace, and group. Credit burn rate forecasting with depletion estimates. Capacity planning with utilization metrics. Anomaly detection with severity ratings. SLA monitoring with per-tool availability. Consumer retention cohorts. Cost analysis with trend comparison. Traffic analysis with peak usage identification. Compliance audit export — framework-specific reports for SOC 2, GDPR, and HIPAA with event classification, severity levels, and JSON/CSV export.

Per-tool pricing with global defaults. Dynamic pricing per KB of input (creditsPerKbInput). Spending limits per key to cap lifetime spend. Credit transfers between keys with atomic deduction. Credit reservations for pending operations (configurable TTL, max 50 per key). Auto-topup when balance drops below threshold with daily caps. Complete credit ledger history (allocation, topup, transfer, spent, refunded). Refund on failure when downstream tool calls error. Stripe Checkout — self-service credit purchases via Stripe Checkout Sessions with configurable packages and auto-topup. Credit packages listing — public endpoint for available packages with pricing. Credit history — full mutation history with spending velocity (credits/hour, credits/day, calls/day) and depletion forecast. Usage alerts — self-service low-credit threshold alerts with HTTPS webhook notifications. Outcome-based pricing — charge extra credits based on response output size with creditsPerKbOutput per-tool config, X-Output-Surcharge header. Budget policies — governance engine with daily/monthly budget caps per key, namespace, or tool, burn rate monitoring, progressive throttling actions (warn/throttle/block), depletion forecasts, and admin CRUD via /admin/budget-policies. Quota management — granular daily/weekly/monthly hard caps per API key with per-tool or global scope, calls or credits metric, burst allowance (temporary over-limit percentage), three overage actions (deny/warn/throttle), UTC-based period boundaries with automatic rollover, manage via /admin/quota-rules.

Per-tool ACL with whitelist and blacklist per key. IP allowlisting with IPv4 and CIDR range support (up to 200 per key). IP country restrictions (geo-fencing) with per-key allow/deny country lists (ISO 3166-1 alpha-2). Content guardrails with PII detection and redaction — 8 built-in rules (credit card, SSN, email, phone, AWS key, API secret, IBAN, passport), 4 actions (log/warn/block/redact), violation tracking. Scoped tokens (pgt_ prefix) with HMAC-SHA256 signing, zero server-side state, and max 24h TTL. Token revocation with O(1) fingerprint lookup and Redis cross-instance sync. Admin RBAC with three roles: super_admin, admin, viewer. Bootstrap key rotation without restart. Request body size limits (1 MB). Content-Type enforcement. Admin rate limiting per IP. Session creation rate limiting. IP access control with CIDR allow/deny lists, per-key IP binding, auto-blocking after configurable violation thresholds, X-Forwarded-For trusted proxy depth. HMAC-SHA256 request signing with replay protection via timestamp tolerance and nonce tracking — per-key signing secrets with rotation, timing-safe comparison. Multi-tenant isolation with per-tenant rate limits, credit pools, usage tracking, API key binding, tenant suspension/activation — full data boundary enforcement for platform operators.

Team management with shared budgets, quotas, and usage tracking. Per-member breakdown with gate-level enforcement. Multi-tenant namespaces for data isolation — keys, usage, and analytics filtered by tenant. Namespace-level stats and comparison. Key groups with reusable policy templates: shared ACL, rate limits, pricing overrides, IP allowlists, and quotas applied to groups of keys. Key-level overrides for individual exceptions.

HMAC-SHA256 signed webhook payloads with timing-safe verification and replay protection. Batched delivery (10 events/batch, 5s flush). Exponential backoff retry with dead-letter queue. Webhook filter rules to route events by type and key prefix to different destinations — each with independent secrets and retry queues. Webhook test endpoint, delivery log, pause/resume for maintenance, and health overview. Per-key webhook URLs — key-level webhook routing with SSRF protection, HMAC-SHA256 signing, and lazy emitter management. Webhook replay (DLQ) — dead letter queue management for failed webhook deliveries with replay (single/bulk), status tracking (pending/retrying/succeeded/exhausted), configurable max retries with timeout, purge by ID or status, age-based expiry, manage via /admin/webhook-replay.

Config hot reload (POST /config/reload) without restart — update pricing, rate limits, and feature flags live. Config validation and dry-run mode that discovers tools and prints a pricing table before starting. Maintenance mode pauses /mcp while keeping admin endpoints live. Scheduled actions for future topup/suspend/revoke. Import/export keys as JSON or CSV. Health check endpoint with status, uptime, in-flight count, and Redis/webhook stats. Graceful shutdown with in-flight request drain. State backup — full server state export as versioned JSON with SHA-256 checksum verification and Content-Disposition header for download. State restore — import from backup with merge, overwrite, or full replacement modes and per-entity results. API version headerX-PayGate-Version on every HTTP response for client version tracking. Response caching — SHA-256 keyed cache with LRU eviction, per-tool TTL, X-Cache: HIT/MISS header, admin management via /admin/cache. Circuit breaker — three-state (closed/open/half_open) backend failure detection with auto-recovery, admin reset via /admin/circuit. Configurable timeouts — per-tool and global timeout for tool calls with error code -32004. Concurrency limiter — per-key and per-tool inflight request caps (distinct from rate limiting), error code -32005 with Retry-After header, runtime-adjustable via /admin/concurrency. Traffic mirroring — fire-and-forget request duplication to a shadow backend for A/B testing MCP server versions, percentage-based sampling, configurable timeout, admin management via /admin/mirror. Tool aliasing — rename tools with RFC 8594 Deprecation, Sunset, and Link headers, chain prevention, per-alias call counts, CRUD via /admin/tool-aliases. Usage plans — tiered key policies (free/pro/enterprise) bundling rate limits, quotas, credit multipliers, and tool ACL into reusable templates, assign keys to plans via /admin/keys/plan, denied tools rejected with error code -32403. Tool input schema validation — per-tool JSON Schema validation at the gateway, zero-dependency validator supporting type/required/enum/minLength/pattern/items, error code -32602 with detailed error list, manage via /admin/tools/schema. Canary routing — weighted traffic splitting between primary and canary MCP servers for zero-downtime upgrades, percentage-based routing (0-100%), crypto.randomInt for unbiased decisions, per-backend call/error tracking, manage via /admin/canary. Request/response transforms — declarative rewriting of tool call arguments and responses with set/remove/rename/template operations, wildcard tool matching, priority ordering, deep clone on apply, import/export, manage via /admin/transforms. Backend retry policy — automatic retry with exponential backoff and jitter for transient failures, configurable retry budget (max % of traffic as retries with cold-start grace), retryable error pattern matching, per-tool stats, manage via /admin/retry-policy. Adaptive rate limiting — dynamic rate adjustment based on per-key behavior analysis, auto-tightens for high error rates, auto-boosts for good actors, cooldown periods, LRU eviction, batch evaluation, manage via /admin/adaptive-rates. Request deduplication — idempotency layer preventing duplicate billing from agent retries, X-Idempotency-Key header with SHA-256 auto-generation fallback, in-flight request coalescing, configurable TTL window, LRU eviction, credits-saved tracking, manage via /admin/dedup. Priority queue — tiered request prioritization (critical/high/normal/low/background) with fair scheduling, per-key priority assignment, configurable max wait times per tier, starvation prevention via automatic promotion, manage via /admin/priority-queue. Cost allocation tags — per-request cost attribution via X-Cost-Tags header (JSON), aggregated chargeback reports by any dimension, cross-tabulation, CSV export for billing/ERP integration, required tag enforcement per key, cardinality limits, manage via /admin/cost-tags. Tool dependency graph — DAG-based workflow validation for multi-step agent pipelines, dependency registration with hard/soft modes, execution order enforcement, topological sort with cycle detection, failure propagation (upstream failure blocks downstream), transitive prerequisite/dependent analysis, manage via /admin/tool-deps. Config profiles — named configuration presets with save/activate/rollback, profile inheritance chains (base → child merging), SHA-256 checksums, flat-key diffing for comparison (onlyInA/onlyInB/changed/unchanged), import/export as JSON with merge or replace mode, activation history, circular inheritance detection, manage via /admin/config-profiles. Scheduled reports — automated periodic usage, billing, compliance, and security reports delivered via webhook with daily/weekly/monthly frequency, HMAC-SHA256 signed payloads, namespace/group/tool/key filters, manage via /admin/scheduled-reports. Approval workflows — pre-execution approval gates for high-cost or sensitive tool calls with three conditions (cost_threshold, tool_match, key_match), pending requests with configurable TTL, approve/deny/expire lifecycle, manage via /admin/approval-workflows. Gateway hooks — request lifecycle hooks at three stages (pre_gate, pre_backend, post_backend) with four types (log, header_inject, metadata_tag, reject), priority-based execution, tool/key glob filtering, manage via /admin/gateway-hooks.

Prometheus-compatible /metrics with cardinality caps and output size limits. Structured logging with configurable levels (debug/info/warn/error/silent) and formats (text/json). Admin event stream via SSE for real-time audit events. Request log ring buffer (5,000 entries) with queryable history — filter by tool, key, status, and time range. Export as JSON or CSV. OpenAPI 3.1 spec at /openapi.json covering all 199+ endpoints. Interactive Swagger UI docs at /docs. MCP Server Identity card at /.well-known/mcp.json for agent registries and automated discovery. Request tracing with structured spans at gate, backend, and transform stages — timing breakdown, P95 latency tracking, configurable sample rate, and JSON export via /admin/tracing.

Security-hardened
by default.

70+ red-team security tests. Every attack vector covered.

SSRF Prevention

RFC 1918 blocking on webhook URLs. Loopback, link-local, cloud metadata, IPv6 private ranges. DNS rebinding defense at delivery time.

Prototype Pollution

safeJsonParse() strips __proto__, constructor, and prototype keys from all untrusted JSON input.

Timing-Safe Auth

crypto.timingSafeEqual() on all key comparisons. Prevents timing side-channel attacks on authentication.

Body Size Enforcement

1 MB limit on all request bodies. 413 response for oversized. Prevents memory exhaustion from large payloads.

JSON-RPC Validation

Strict envelope validation: jsonrpc field, method type, id type checking. Rejects malformed requests before processing.

Header Injection

RFC 7230 token validation on header names. CRLF/NUL stripping on values. 8 KB value cap. Custom headers validated at startup.

Admin Rate Limiting

Per-IP sliding window on admin endpoints (120 req/min default). Session creation limits (60/min). Brute-force protection.

Public Endpoint Rate Limiting

Per-IP rate limiting on /health, /info, /pricing, /docs, /openapi.json, /.well-known/*, /robots.txt (300 req/min default, configurable). 429 + Retry-After.

OAuth State Sanitization

512-char cap on state parameters. Control character stripping. Error description capping in redirects.

Numeric Input Guards

NaN/Infinity rejection on all numeric fields. One billion cap per operation. Array bounds enforcement on ACL and IP lists.

Security Headers

X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, CSP, Cache-Control on every response. X-Powered-By removed.

Content Guardrails

PII detection and redaction on inputs/outputs. Credit cards, SSN, emails, AWS keys, IBAN, passports. Block, warn, redact, or log actions.

Geo-Fencing

Per-key country allow/deny lists. ISO 3166-1 alpha-2 codes via reverse-proxy headers (X-Country, CF-IPCountry). Zero-dependency.

Why PayGate over
alternatives?

PayGate MCPay x402-mcp Moesif DIY
Payment Model Credits (fiat) USDC (crypto) Crypto SaaS metering Custom
Setup Time 1 command Wallet setup Wallet setup SDK integration Weeks
Self-Hosted Yes Yes Yes No Yes
Open Source MIT MIT MIT No --
Blockchain Required None Yes Yes No No
SaaS Dependency None None None Required None
Test Coverage 5,924 tests -- -- -- 0
Endpoints 199+ ~10 ~5 N/A 0
Shadow Mode Yes No No No No
Analytics 64+ endpoints No No Yes No
OAuth 2.1 Full + M2M No No -- No
x402 Compat Yes Native Native No No
vs MCPay: Same open-source ethos. No wallet setup, no blockchain dependency.
vs x402-mcp: Traditional API keys and credits. No crypto infrastructure required.
vs Moesif: Self-hosted, open source, no monthly SaaS bills.
vs building yourself: 199+ endpoints and 5,924 tests already written.

Clean, minimal
REST API.

199+ endpoints organized by domain.

EndpointMethodAuthDescription
/mcpPOSTX-API-KeyJSON-RPC 2.0 proxy (returns JSON or SSE)
/mcpGETX-API-KeySSE notification stream (Streamable HTTP)
/mcpDELETEX-API-KeyTerminate SSE session
/healthGETNoneHealth check with status and uptime
/infoGETNoneServer capabilities and feature flags
/pricingGETNoneFull per-tool pricing breakdown
/metricsGETNonePrometheus metrics (counters, gauges, uptime)
/dashboardGETIn-browserAdmin web UI with real-time charts
/openapi.jsonGETNoneOpenAPI 3.1 spec (all 199+ endpoints)
/docsGETNoneInteractive Swagger UI API docs
/.well-known/mcp.jsonGETNoneMCP Server Identity (agent discovery)
/robots.txtGETNoneCrawler directives (allow public, disallow admin)
/portalGETNoneSelf-service API key portal (browser UI)
/portal/rotatePOSTX-API-KeySelf-service key rotation (rate limited)
/readyGETNoneReadiness probe (200/503 for k8s)
EndpointMethodAuthDescription
/keysPOSTX-Admin-KeyCreate key with credits, ACL, quotas, expiry
/keysGETX-Admin-KeyList keys (paginated, sortable, filterable)
/keys/rotatePOSTX-Admin-KeyRotate key preserving credits/ACL/quotas
/keys/revokePOSTX-Admin-KeyPermanently revoke an API key
/keys/suspendPOSTX-Admin-KeyTemporarily suspend (can resume later)
/keys/resumePOSTX-Admin-KeyResume a suspended key
/keys/aclPOSTX-Admin-KeySet tool ACL (whitelist/blacklist)
/keys/expiryPOSTX-Admin-KeySet or remove key expiry TTL
/keys/webhookPOST GET DELETEX-Admin-KeyPer-key webhook URL (CRUD with SSRF protection)
/keys/geoPOST GET DELETEX-Admin-KeyPer-key country restrictions (allow/deny lists, ISO 3166-1)
EndpointMethodAuthDescription
/topupPOSTX-Admin-KeyAdd credits to an existing key
/balanceGETX-API-KeyClient self-service balance check
/limitsPOSTX-Admin-KeySet spending limit on a key
/keys/transferPOSTX-Admin-KeyTransfer credits between keys
/keys/reservePOSTX-Admin-KeyReserve credits for pending operations
/usageGETX-Admin-KeyExport usage data (JSON/CSV)
/stripe/webhookPOSTStripe sigAuto-topup on Stripe payment
/balance/historyGETX-API-KeyCredit mutation history with spending velocity
/balance/alertsGET POST DELETEX-API-KeySelf-service low-credit usage alerts
EndpointMethodAuthDescription
/oauth/registerPOSTNoneDynamic client registration (RFC 7591)
/oauth/authorizeGETAdminAuthorization code with PKCE (S256)
/oauth/tokenPOSTClientToken exchange and refresh
/oauth/revokePOSTClientToken revocation (RFC 7009)
/.well-known/oauth-authorization-serverGETNoneOAuth server metadata discovery
/.well-known/mcp-paymentGETNoneMCP payment metadata (SEP-2007)
EndpointMethodAuthDescription
/admin/analytics/overviewGETX-Admin-KeySystem-wide dashboard metrics
/admin/analytics/tools/*GETX-Admin-KeyTool stats, latency, error rates, correlation
/admin/analytics/consumers/*GETX-Admin-KeyConsumer insights, segmentation, LTV, churn
/admin/analytics/revenue/*GETX-Admin-KeyRevenue analysis, forecasting, profitability
/admin/analytics/traffic/*GETX-Admin-KeyRequest volume, trends, peak usage times
/admin/analytics/denials/*GETX-Admin-KeyDenial analysis by reason, key, tool, time

64+ analytics endpoints total. View full API docs

EndpointMethodAuthDescription
/statusGETX-Admin-KeyFull dashboard with all usage stats
/auditGETX-Admin-KeyQuery audit log (type, actor, time range)
/audit/exportGETX-Admin-KeyExport audit log (JSON or CSV)
/requestsGETX-Admin-KeyQueryable request log (5,000 entries)
/configGETX-Admin-KeyCurrent config (secrets masked)
/config/reloadPOSTX-Admin-KeyHot reload config without restart
/admin/cacheGET DELETEX-Admin-KeyResponse cache stats and clear
/admin/circuitGET POSTX-Admin-KeyCircuit breaker status and reset
/admin/compliance/exportGETX-Admin-KeyCompliance audit export (SOC 2/GDPR/HIPAA)
/admin/guardrailsGET POST DELETEX-Admin-KeyContent guardrails (PII detection rules, toggle, import)
/admin/guardrails/violationsGET DELETEX-Admin-KeyGuardrail violation history (query, clear)
/admin/concurrencyGET POSTX-Admin-KeyInflight request counts per key/tool, update limits
/admin/mirrorGET POST DELETEX-Admin-KeyTraffic mirroring (configure shadow backend, stats)
/admin/tool-aliasesGET POST DELETEX-Admin-KeyTool aliasing with RFC 8594 deprecation headers
/admin/plansGET POST DELETEX-Admin-KeyUsage plans (tiered key policies with rate/credit/tool limits)
/admin/keys/planPOSTX-Admin-KeyAssign/unassign key to usage plan
/admin/tools/schemaGET POST DELETEX-Admin-KeyPer-tool JSON Schema validation (register, list, remove)
/admin/canaryGET POST DELETEX-Admin-KeyCanary routing (weighted traffic splitting between backends)
/admin/transformsGET POST PUT DELETEX-Admin-KeyRequest/response transform pipeline (declarative rewriting rules)
/admin/retry-policyGET POSTX-Admin-KeyBackend retry policy (exponential backoff, budget, stats)
/admin/adaptive-ratesGET POSTX-Admin-KeyAdaptive rate limiting (behavior-based dynamic adjustment)
/admin/dedupGET POST DELETEX-Admin-KeyRequest deduplication (idempotency layer, credits-saved tracking)
/admin/priority-queueGET POSTX-Admin-KeyPriority queue (5-tier fair scheduling, key priority assignment)
/admin/cost-tagsGET POST DELETEX-Admin-KeyCost allocation tags (chargeback reports, CSV export, required tags)
/admin/ip-accessGET POST DELETEX-Admin-KeyIP access control (CIDR allow/deny, per-key IP binding, auto-blocking)
/admin/signingGET POST DELETEX-Admin-KeyRequest signing (HMAC-SHA256 secrets, rotation, replay protection)
/admin/tenantsGET POST DELETEX-Admin-KeyMulti-tenant isolation (tenant CRUD, key binding, credit pools, suspension)
/admin/tracingGET POST DELETEX-Admin-KeyRequest tracing (structured spans, timing breakdown, P95 tracking, export)
/admin/budget-policiesGET POST DELETEX-Admin-KeyBudget policies (daily/monthly caps, burn rate monitoring, throttle actions)
/admin/tool-depsGET POST DELETEX-Admin-KeyTool dependency graph (DAG validation, topological sort, failure propagation)
/admin/quota-rulesGET POST DELETEX-Admin-KeyQuota management (daily/weekly/monthly caps, per-tool granularity, burst allowance)
/admin/webhook-replayGET POST DELETEX-Admin-KeyWebhook replay DLQ (dead letter management, bulk replay, status tracking)
/admin/config-profilesGET POST DELETEX-Admin-KeyConfig profiles (named presets, inheritance, diff/rollback, import/export)
/admin/scheduled-reportsPOSTX-Admin-KeyScheduled reports (automated periodic reports via webhook)
/admin/approval-workflowsPOSTX-Admin-KeyApproval workflows (pre-execution gates for sensitive tool calls)
/admin/gateway-hooksPOSTX-Admin-KeyGateway hooks (lifecycle hooks at pre_gate/pre_backend/post_backend)
EndpointMethodAuthDescription
/webhooks/testPOSTX-Admin-KeyTest webhook delivery (synchronous)
/webhooks/deliveriesGETX-Admin-KeyWebhook delivery log with status/timing
/webhooks/healthGETX-Admin-KeyWebhook success rate and queue stats
/webhooks/pausePOSTX-Admin-KeyPause webhook delivery (buffer events)
/webhooks/resumePOSTX-Admin-KeyResume delivery and flush buffer
/webhooks/filtersGETX-Admin-KeyList event routing filter rules
Free methods: initialize, tools/list, resources/list, prompts/list, and ping pass through without auth or billing.

Built for developers who
want to get paid.

🔧

MCP Server Authors

You built a useful MCP server. Now charge per tool call instead of giving it away. One command to add billing, rate limiting, and analytics.

🏢

API Providers

Expose your API to AI agents via MCP. PayGate handles auth, billing, and abuse prevention. You focus on your service.

🧪

Internal Teams

Track which teams use what tools and how much. Enforce usage limits. Manage access with API keys. Namespace isolation per tenant.

Actively maintained.
Relentlessly improved.

v10.24.0 API key deprecation (sunset scheduling with status tracking, cancel/expire/extend operations, expiring-soon queries), webhook payload transform (5 transform types with named rules, ordered multi-rule application, configurable masking), credit ledger reconciler (double-entry grant/debit/adjustment/refund ledger with reconciliation against reported balances, discrepancy detection), request dedup engine (content-based fingerprinting with TTL expiry, duplicate count tracking, LRU eviction, deduplication rate stats)
v10.23.0 API key audit log (immutable lifecycle event tracking with actor/IP recording, action breakdown, per-key history, time-range queries), webhook rate limiter (per-URL delivery throttling with configurable limits, per-URL overrides, retry-after calculation, blocked URL listing), credit pool manager (shared credit budgets across multiple API keys with consumption tracking, balance snapshots, pool utilization stats), request priority router (4-tier priority routing with critical/high/normal/low levels, FIFO within tiers, batch dequeue, per-tier depth limits)
v10.22.0 Webhook circuit breaker (per-URL circuit breaker with open/half-open/closed states, failure threshold, reset timeout, half-open probing), usage quota alerts (percentage-based threshold alerting with one-time triggers, acknowledgement workflow, re-evaluation on quota changes), key group manager (group API keys for collective management with reverse index, membership tracking, metadata), request throttle queue (per-key concurrency control with queue depth limits, promotion on release, cancel/clear operations)
v10.21.0 Token bucket rate limiter (classic algorithm with configurable refill rate, burst capacity, LRU eviction, retry-after calculation), webhook delivery log (persistent delivery tracking with retry recording, attempt counting, per-URL success rates, query by status/event/URL), credit expiration manager (time-based credit expiration with FIFO consumption, expiring-soon alerts, force-expire, grant source tracking), API key rotation policy (policy-driven rotation with configurable intervals, grace periods, warning periods, status classification, rotation event history)
v10.20.0 Request buffer queue (buffer/drain requests during maintenance with TTL expiry, priority ordering, batch drain), credit transfer manager (inter-key credit transfers with audit trail, before/after balance snapshots, reversal support, overdraft config), usage anomaly detector (z-score statistical anomaly detection on per-key usage patterns, acknowledgement workflow, baseline tracking), webhook filter expressions (13-operator expression engine for event routing with nested field access, all/any match modes, rule testing)
v10.19.0 Sliding window rate limiter (precise sub-window granularity with weighted partial-window counting, LRU eviction, peek/check), webhook batch processor (batch event delivery with auto-flush, periodic intervals, flush history), error classifier (regex pattern matching with severity/retryability, frequency tracking, top categories), grace period manager (soft enforcement with policies, extensions, expiry detection, expiring-soon queries)
v10.18.0 Webhook retry manager (exponential backoff retry queue with dead letter management, configurable delays, batch dequeue), API metrics aggregator (time-bucketed percentile analytics with p50/p95/p99, per-tool breakdown, requests-per-second), key migration manager (tier migration with plan/execute/rollback lifecycle, per-key tracking, injectable handlers), incident manager (incident lifecycle with status pages, severity tracking, service-level health, resolution timing)
v10.17.0 Load balancer (multi-strategy request distribution with round-robin, weighted, least-connections, random; auto-unhealthy on error threshold), API key tag manager (tag-based key organization with inverted index search, ALL/ANY tag matching, prefix grouping), request validator (JSON-RPC schema enforcement with payload size limits, method whitelisting, custom rules), maintenance window manager (scheduled downtime with traffic blocking, service-level impact tracking, auto-complete)
v10.16.0 Service discovery (upstream server registration with health checking, weighted routing, uptime tracking, bulk health checks), policy engine (declarative allow/deny rules with priority-based evaluation, tool/key/IP/time conditions, evaluation history), agent session manager (multi-request session tracking with per-session billing, tool breakdowns, key reports, TTL expiry, cleanup), rate limit profile manager (named rate limit configs with per-minute/hour/day windows, burst multiplier, profile assignment)
v10.15.0 Notification manager (multi-channel event dispatch with templates, throttling, delivery tracking), A/B testing manager (deterministic traffic splitting with weighted variants, per-variant metric collection, results aggregation), data retention manager (lifecycle policies with store-backed enforcement, automated purging, purge history), capacity planner (linear regression forecasting with threshold alerts, trend classification, periods-until-capacity estimation)
v10.14.0 Feature flags (percentage-based rollouts with deterministic bucketing, allowlist/blocklist, scheduling, evaluation reasons), audit trail (tamper-evident hash chain logging with chain verification, sequential IDs, query/pagination, action analytics), request pipeline (ordered middleware stages with priority sorting, tool/key filtering, abort control, duration tracking), usage trend analyzer (time-series anomaly detection with moving averages, spike/drop classification, trend strength scoring)
v10.13.0 Event sourcing ledger (immutable append with optimistic concurrency, replay/projection, time-travel queries, aggregate snapshots), dynamic pricing engine (composable rules: time-of-day, demand surge, volume discount, key override, custom functions), quota rollover manager (daily/weekly/monthly quotas with configurable unused credit rollover and caps), API key scoping (fine-grained scope-based tool access with inheritance, wildcards, temporary grants)
v10.12.0 SLO monitor (error budget tracking with burn rate alerting, latency/availability/error-rate objectives), credit reservation (reserve-settle-release pattern for pre-authorized holds with TTL expiration), billing cycle manager (daily/weekly/monthly subscriptions with invoice generation and lifecycle), API version router (multi-version tool routing with deprecation management, migration planning, auto-sunset)
v10.11.0 Batch credit manager (atomic topup/deduct/transfer/refund/adjust with rollback), key lifecycle state machine (created→active→suspended/expired/revoked with auto-expiration), webhook template engine ({{var}} interpolation, conditionals, format-aware escaping), access log engine (structured request logging with 10+ filters, p95/p99 analytics, pagination)
v10.10.0 Per-tool rate limiting (sliding window with wildcard fallback, peek without consuming), usage export engine (CSV/JSON with filtering and hourly/daily/weekly/monthly aggregation), API key permissions engine (7 condition types: environment, IP CIDR, tool pattern, payload size, time range, day of week, custom), health check monitor (status transitions with configurable thresholds, due-target scheduling, uptime tracking)
v10.9.0 Webhook signature verification (HMAC-SHA256, Stripe v1, GitHub SHA-256 with timing-safe comparison and replay protection), key rotation scheduler (policy-based automated rotation with grace periods and history tracking), usage forecast engine (EMA + linear regression for credit prediction, anomaly detection, exhaustion forecasting), multi-currency credit conversion (global billing with cross-currency exchange and per-tool pricing)
v10.8.0 Key hierarchy (parent/child API keys with credit ceilings and inheritance), sandbox mode (try-before-buy with call limits, time windows, mock responses), revenue share tracking (split billing for marketplaces with settlement workflows), connection-time billing (duration-based charges for SSE/stdio sessions with idle timeout)
v10.7.0 Prepaid credit grants (named grants with priority ordering, expiration, rollover), A2A protocol support (Google Agent-to-Agent task lifecycle, agent cards, skill discovery), sequence anomaly detection (Markov chain tool-call analysis, learning mode, configurable thresholds), proxy-as-MCP-server (10 built-in management tools — agents can introspect billing, usage, grants)
v10.6.0 PII reversible masking (tokenize sensitive data before backend, auto-restore in response), virtual server composition (federate tools from multiple upstream MCP servers), OpenTelemetry trace emission (OTLP/HTTP JSON, W3C traceparent), billable metric expressions (config-driven pricing formulas with safe expression parser)
v10.5.0 x402 payment protocol (HTTP 402 micropayments via USDC stablecoins, Facilitator-based verification, zero blockchain deps), OpenAPI-to-MCP transformation (wrap-api CLI — convert any REST API into gated MCP tools from OpenAPI 3.x spec)
v10.4.0 Spend caps with auto-suspend (server-wide + per-key hourly limits, deny or suspend on breach, auto-resume), MCP Tasks primitive (async task lifecycle per 2025-11-25 spec: tasks/send, tasks/get, tasks/result, tasks/list, tasks/cancel), OAuth Protected Resource Metadata (RFC 9728)
v10.3.0 CLI DX: interactive init wizard (paygate-mcp init), shell tab completions (bash/zsh/fish), --json output for CI/CD, dynamic tool discovery mode (meta-tools for context window optimization)
v10.2.0 Scheduled reports (automated periodic usage/billing/compliance reports via webhook), approval workflows (pre-execution gates for high-cost tool calls), gateway hooks (lifecycle hooks with log/header_inject/metadata_tag/reject types)
v10.1.0 Quota management (daily/weekly/monthly hard caps, per-tool granularity, burst allowance, deny/warn/throttle), webhook replay DLQ (dead letter management, bulk replay, status tracking), config profiles (named presets, inheritance chains, SHA-256 checksums, diff/rollback)
v10.0.0 Request tracing (structured spans, timing breakdown, P95 tracking), budget policy engine (burn rate monitoring, daily/monthly budgets, progressive throttling), tool dependency graph (DAG validation, failure propagation, cycle detection)
v9.9.0 IP access control (CIDR allow/deny lists, per-key IP binding, auto-blocking), HMAC-SHA256 request signing (replay protection, nonce tracking), multi-tenant isolation (isolated rate limits, credit pools, tenant suspension)
v9.8.0 Request deduplication (idempotency layer with SHA-256 keys), priority queue (5-tier fair scheduling), cost allocation tags (per-request chargeback reporting with CSV export)
v9.7.0 Request/response transform pipeline (declarative rewriting), backend retry policy (exponential backoff with budget), adaptive rate limiting (behavior-based adjustment)
v9.6.0 Usage plans (tiered key policies), tool input schema validation (JSON Schema at gateway), canary routing (weighted traffic splitting)
v9.5.0 Concurrency limiter (per-key/per-tool inflight caps), traffic mirroring (fire-and-forget shadow backend), tool aliasing with RFC 8594 deprecation headers
v9.4.0 Content guardrails (PII detection/redaction with 8 built-in rules), IP country restrictions (geo-fencing), bulk suspend/resume
v9.3.0 Outcome-based pricing (creditsPerKbOutput), compliance audit export (SOC 2/GDPR/HIPAA), per-key webhook URLs
v9.2.0 Response caching (SHA-256 keyed, LRU eviction, X-Cache header), circuit breaker (three-state with auto-recovery), configurable per-tool timeouts
v9.1.0 Self-service key rotation with rate limiting, credit mutation history with spending velocity, configurable usage alerts
v9.0.0 Stripe Checkout self-service credit purchases, state backup/restore with SHA-256 verification, X-PayGate-Version header
v8.99.0 Admin Dashboard v2 (tabbed UI), Self-Service API Portal, Kubernetes Readiness Probe
v8.98.0 Public endpoint hardening — per-IP rate limiting, /robots.txt, HEAD method support, CI stability fix
v8.97.0 Developer experience — OpenAPI 3.1 spec, interactive Swagger UI docs, MCP Server Identity card for agent discovery
v8.96.0 Protocol alignment — OAuth client_credentials (M2M), x402 payment recovery, MCP Tasks support, free tool discovery
v8.95.0 Output and config hardening — metrics cardinality caps, header injection prevention, OAuth state sanitization
v8.94.0 Delivery and request hardening — webhook body size limits, request log caps, export pagination
v8.93.0 Response and logging hardening — safe error messages, structured logging, log injection prevention
v8.92.0 Request-level hardening — body size limits, Content-Type enforcement, method validation, timeout controls
v8.91.0 Error message sanitization — safe error filtering, stack trace prevention, path leak defense
v8.90.0 Array bounds, numeric input bounds, export response caps, SSRF prevention, prototype pollution defense
v8.67.0 k6 load testing, Docker support, 64+ analytics endpoints, CI/CD pipeline
v8.13.0 Admin dashboard, key health scoring, credit reservations, scheduled actions
124+ releases · 5,924 tests · 278 test suites · View full changelog

Start monetizing
your MCP server.

npm install paygate-mcp
npm package · GitHub · v9.1.0 · MIT License