MCP Best Practices: A Guide for Devs and Governance Teams

The Model Context Protocol is rapidly becoming the standard interface between AI agents and enterprise systems. But moving MCP from prototype to production means solving hard problems that the spec alone doesn't address. How do agents discover available MCP servers in the first place? How do you authenticate and authorize access with your existing identity provider? How do you control which tools each user or agent can invoke? And how do you govern both internal and third-party MCP servers while maintaining visibility across it all?

In this session, we'll share practical best practices for both sides of the house. For developers, we'll cover how to choose the right approach for your MCP servers, from rapid API-to-MCP conversion for straightforward use cases to governing complex, custom-built servers and third-party integrations like GitHub through a centralized gateway. For governance and platform teams, we'll walk through layered security with OAuth 2.1 authentication and role-based tool-level authorization.

We'll also tackle what happens at scale. When your organization has dozens or hundreds of MCP servers, how do you move beyond hardcoded agent configurations to centralized, governed discovery? And once agents can find all those servers, how do you prevent hundreds of tool definitions from bloating the LLM's context window, driving up costs and degrading tool selection accuracy? We'll cover how tool filtering and context optimization keep agent interactions efficient and cost-effective, even as your MCP footprint grows.

We'll demo everything live on Kong AI Gateway and walk through real-world implementation patterns. You'll leave with a clear understanding of what's production-ready today, what's still maturing in the MCP ecosystem, and how to build a governance strategy that scales from your first MCP server to your hundredth.