> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create MCP Gateway

> Create a new MCP gateway that references one or more registry servers. Overrides can be applied at two levels: `servers_config.common_overrides` (applied to every server in the gateway) and per-server entries inside `servers_config.servers[]` (apply to just that server). Both may be set, but **`common_overrides` always wins on conflict** — a per-server override for the same key is dropped at expansion time.



## OpenAPI

````yaml POST /mcp-gateway/add-gateway
openapi: 3.0.0
info:
  title: Enkrypt AI APIs
  version: 2.0.0
servers:
  - url: https://api.enkryptai.com
security:
  - apiKeyAuth: []
tags:
  - name: Guardrails
  - name: Code of Conduct
  - name: Endpoints
  - name: Datasets
  - name: Redteam
  - name: Deployments
  - name: AI Proxy
  - name: Leaderboard
  - name: Archived
  - name: MCP Hub
    description: >-
      MCP Hub vulnerability scanning APIs. Submitting scans (the POST endpoints)
      is open to all authenticated callers. The scan **retrieval** APIs — Get
      Scan Job Status, Get Complete Scan Results, List Scans, and Get MCP Hub
      Scan Statistics (the GET endpoints) — are an **enterprise data-license
      feature**: they require your organization to have MCP Hub API access
      enabled by Enkrypt, otherwise they return `403`. Contact us at
      support@enkryptai.com to enable access.
  - name: MCP Registry Servers
  - name: MCP Gateways
  - name: MCP Playground
paths:
  /mcp-gateway/add-gateway:
    post:
      tags:
        - MCP Gateways
      summary: Create MCP Gateway
      description: >-
        Create a new MCP gateway that references one or more registry servers.
        Overrides can be applied at two levels:
        `servers_config.common_overrides` (applied to every server in the
        gateway) and per-server entries inside `servers_config.servers[]` (apply
        to just that server). Both may be set, but **`common_overrides` always
        wins on conflict** — a per-server override for the same key is dropped
        at expansion time.
      operationId: addGateway
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MCPGatewayCreateGatewayRequest'
            examples:
              simple-gateway:
                summary: Simple gateway with one server
                value:
                  gateway_saved_name: my-dev-gateway
                  gateway_version: v1
                  servers_config:
                    servers:
                      - saved_name: my-filesystem-server
                        server_version: v1
              multi-server-gateway:
                summary: Gateway with multiple servers and per-server overrides
                value:
                  gateway_saved_name: my-prod-gateway
                  gateway_version: v1
                  servers_config:
                    servers:
                      - saved_name: my-filesystem-server
                        server_version: v1
                        input_guardrails_config:
                          enabled: true
                          guardrail_name: Filesystem Guardrail
                          block:
                            - topic_detector
                            - keyword_detector
                        output_guardrails_config:
                          enabled: true
                          guardrail_name: Output Validation
                          block:
                            - policy_violation
                            - adherence
                            - hallucination
                      - saved_name: my-github-server
                        server_version: v1
                        input_guardrails_config:
                          enabled: true
                          guardrail_name: GitHub Guardrail
                          block:
                            - topic_detector
                            - pii
              common-overrides-gateway:
                summary: >-
                  Gateway with shared common_overrides + a per-server override
                  that wins on conflict
                value:
                  gateway_saved_name: my-shared-gateway
                  gateway_version: v1
                  servers_config:
                    common_overrides:
                      input_guardrails_config:
                        enabled: true
                        guardrail_name: Org Input Guardrail
                        block:
                          - injection_attack
                          - pii
                      output_guardrails_config:
                        enabled: true
                        guardrail_name: Org Output Guardrail
                        block:
                          - policy_violation
                          - hallucination
                      server_tools_guardrails_config:
                        enabled: true
                        guardrail_name: Org Server/Tools Guardrail
                        block:
                          - policy_violation
                          - injection_attack
                          - pii
                    servers:
                      - saved_name: my-filesystem-server
                        server_version: v1
                      - saved_name: my-github-server
                        server_version: v1
                        input_guardrails_config:
                          enabled: true
                          guardrail_name: GitHub-Specific Input Guardrail
                          block:
                            - injection_attack
                            - pii
                            - topic_detector
      responses:
        '200':
          description: Gateway created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MCPGatewayResponseObject'
        '400':
          $ref: '#/components/responses/MCPGatewayBadRequest'
        '401':
          $ref: '#/components/responses/MCPGatewayUnauthorized'
        '403':
          $ref: '#/components/responses/MCPGatewayForbidden'
        '409':
          $ref: '#/components/responses/MCPGatewayConflict'
        '500':
          $ref: '#/components/responses/MCPGatewayInternalError'
components:
  schemas:
    MCPGatewayCreateGatewayRequest:
      type: object
      required:
        - gateway_saved_name
        - servers_config
      properties:
        gateway_saved_name:
          type: string
          maxLength: 32
          description: User-given name for the gateway
          example: my-dev-gateway
        gateway_version:
          type: string
          default: v1
          description: Gateway version (v1, v2, etc.)
          example: v1
        servers_config:
          $ref: '#/components/schemas/MCPGatewayServersConfig'
    MCPGatewayResponseObject:
      type: object
      properties:
        message:
          type: string
          description: Response message
        data:
          $ref: '#/components/schemas/MCPGatewayObject'
    MCPGatewayServersConfig:
      type: object
      properties:
        common_overrides:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayCommonOverrides'
          description: >-
            Gateway-wide overrides applied to every server in this gateway.
            **`common_overrides` always wins** — for any key set here, the same
            key on a per-server entry in `servers` is ignored at expansion time.
            Common and per-server can both be persisted, but for any given key
            common takes precedence.
        servers:
          type: array
          items:
            $ref: '#/components/schemas/MCPGatewayServerReference'
          description: >-
            Array of server references with optional per-server overrides. A
            per-server override is only effective for keys that
            `servers_config.common_overrides` does not also set; common always
            wins on conflict.
    MCPGatewayObject:
      type: object
      properties:
        gateway_saved_name:
          type: string
          description: User-given name for the gateway
        gateway_version:
          type: string
          description: Gateway version
        servers_config:
          $ref: '#/components/schemas/MCPGatewayServersConfig'
        gateway_id:
          type: string
          description: Hashed gateway ID
        project_name:
          type: string
          description: Project name
        is_active:
          type: boolean
          description: Whether the gateway is enabled (distinct from is_deleted)
        is_sample:
          type: boolean
          description: Whether this is a sample gateway
        created_at:
          type: string
          format: date-time
          description: Creation timestamp
        updated_at:
          type: string
          format: date-time
          description: Last update timestamp
        created_by:
          type: string
          format: uuid
          nullable: true
          description: User ID who created this gateway
        updated_by:
          type: string
          format: uuid
          nullable: true
          description: User ID who last updated this gateway
    MCPGatewayErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: string
          description: Error message
    MCPGatewayCommonOverrides:
      type: object
      description: >-
        Gateway-level override block. Any field set here replaces the
        corresponding field on every server's base `mcp_config`. Use this to
        avoid repeating the same override on each entry in
        `servers_config.servers[]`. `input_guardrails_config` and
        `output_guardrails_config` may also be set per-server in
        `servers_config.servers[i]`; **`common_overrides` always wins on
        conflict** for those keys. `server_tools_guardrails_config` is
        gateway-wide only — there is no per-server equivalent.
      properties:
        input_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Gateway-wide override for every server's `input_guardrails_config`.
        output_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Gateway-wide override for every server's `output_guardrails_config`.
        server_tools_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: >-
            Gateway-wide guardrails policy applied by the MCP Gateway when it
            checks server info and tool listings for guardrails violations. The
            `input` section of the configured guardrail is what is evaluated,
            with `X-Enkrypt-Mode: prompt`. This field is only supported in
            `common_overrides` — it has no per-server equivalent and is not a
            field on the registry server's base `mcp_config`.
    MCPGatewayServerReference:
      type: object
      required:
        - saved_name
      description: >-
        Reference to a registry server with optional per-server overrides.
        `input_guardrails_config` or `output_guardrails_config` set here
        override the corresponding fields on the registry server's base
        `mcp_config` for this server only — **unless** the same key is also set
        in `servers_config.common_overrides`, in which case the common value
        wins and the per-server value is ignored. The gateway-wide
        `server_tools_guardrails_config` may only be set in `common_overrides`.
      properties:
        saved_name:
          type: string
          description: Reference to registry server saved_name
        server_version:
          type: string
          default: v1
          description: Server version to reference
        input_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Override for the registry server's `input_guardrails_config`.
        output_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Override for the registry server's `output_guardrails_config`.
    MCPGatewayGuardrailsPolicy:
      type: object
      description: Guardrails configuration
      properties:
        enabled:
          type: boolean
          description: Enable guardrails enforcement
        guardrail_name:
          type: string
          description: Guardrail identifier
        additional_config:
          type: object
          additionalProperties: true
          description: Detector-specific settings
        block:
          type: array
          items:
            type: string
            enum:
              - policy_violation
              - injection_attack
              - topic_detector
              - nsfw
              - toxicity
              - pii
              - keyword_detector
              - bias
              - sponge_attack
              - adherence
              - relevancy
              - hallucination
          description: >-
            Violation types triggering rejection. Note - adherence, relevancy,
            and hallucination are typically used for output guardrails only.
  responses:
    MCPGatewayBadRequest:
      description: Bad request - invalid input
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayUnauthorized:
      description: Unauthorized - invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayForbidden:
      description: Forbidden - insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayConflict:
      description: Conflict - resource already exists
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayInternalError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: apikey

````