> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Expanded MCP Gateway Configuration

> Retrieve the complete expanded MCP gateway configuration. Each entry in `expanded_servers[]` carries `mcp_config` = registry server's base `mcp_config` merged with that entry's per-server overrides. **Gateway-wide `servers_config.common_overrides` always wins**: for any override key (`input_guardrails_config`, `output_guardrails_config`, `server_tools_guardrails_config`) that `common_overrides` sets, the key is **omitted** from every server's `mcp_config` (even if a per-server entry also set the same input/output key — the per-server value is dropped). Read those values once from the top-level `common_overrides` in the response. Requires X-Enkrypt-MCP-Gateway header.



## OpenAPI

````yaml GET /mcp-gateway/get-gateway-config
openapi: 3.0.0
info:
  title: Enkrypt AI APIs
  version: 2.0.0
servers:
  - url: https://api.enkryptai.com
security:
  - apiKeyAuth: []
tags:
  - name: Guardrails
  - name: Code of Conduct
  - name: Endpoints
  - name: Datasets
  - name: Redteam
  - name: Deployments
  - name: AI Proxy
  - name: Leaderboard
  - name: Archived
  - name: MCP Hub
    description: >-
      MCP Hub vulnerability scanning APIs. Submitting scans (the POST endpoints)
      is open to all authenticated callers. The scan **retrieval** APIs — Get
      Scan Job Status, Get Complete Scan Results, List Scans, and Get MCP Hub
      Scan Statistics (the GET endpoints) — are an **enterprise data-license
      feature**: they require your organization to have MCP Hub API access
      enabled by Enkrypt, otherwise they return `403`. Contact us at
      support@enkryptai.com to enable access.
  - name: MCP Registry Servers
  - name: MCP Gateways
  - name: MCP Playground
paths:
  /mcp-gateway/get-gateway-config:
    get:
      tags:
        - MCP Gateways
      summary: Get Expanded MCP Gateway Configuration
      description: >-
        Retrieve the complete expanded MCP gateway configuration. Each entry in
        `expanded_servers[]` carries `mcp_config` = registry server's base
        `mcp_config` merged with that entry's per-server overrides.
        **Gateway-wide `servers_config.common_overrides` always wins**: for any
        override key (`input_guardrails_config`, `output_guardrails_config`,
        `server_tools_guardrails_config`) that `common_overrides` sets, the key
        is **omitted** from every server's `mcp_config` (even if a per-server
        entry also set the same input/output key — the per-server value is
        dropped). Read those values once from the top-level `common_overrides`
        in the response. Requires X-Enkrypt-MCP-Gateway header.
      operationId: getGatewayConfig
      parameters:
        - $ref: '#/components/parameters/MCPGatewayGatewayHeader'
        - $ref: '#/components/parameters/MCPGatewayGatewayVersionHeader'
      responses:
        '200':
          description: Expanded gateway configuration
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MCPGatewayExpandedConfig'
        '400':
          $ref: '#/components/responses/MCPGatewayBadRequest'
        '401':
          $ref: '#/components/responses/MCPGatewayUnauthorized'
        '403':
          $ref: '#/components/responses/MCPGatewayForbidden'
        '404':
          $ref: '#/components/responses/MCPGatewayNotFound'
        '500':
          $ref: '#/components/responses/MCPGatewayInternalError'
components:
  parameters:
    MCPGatewayGatewayHeader:
      name: X-Enkrypt-MCP-Gateway
      in: header
      required: true
      description: Gateway saved_name
      schema:
        type: string
        maxLength: 32
        example: my-dev-gateway
    MCPGatewayGatewayVersionHeader:
      name: X-Enkrypt-MCP-Gateway-Version
      in: header
      required: false
      description: Gateway version (defaults to "v1")
      schema:
        type: string
        default: v1
        example: v1
  schemas:
    MCPGatewayExpandedConfig:
      type: object
      properties:
        gateway_saved_name:
          type: string
          description: Gateway name
        gateway_version:
          type: string
          description: Gateway version
        gateway_id:
          type: string
          description: Hashed gateway ID
        project_name:
          type: string
          description: Project name
        is_active:
          type: boolean
          description: Whether the gateway is enabled
        created_at:
          type: string
          format: date-time
          description: Creation timestamp
        updated_at:
          type: string
          format: date-time
          description: Last update timestamp
        common_overrides:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayCommonOverrides'
          description: >-
            Echo of `servers_config.common_overrides` — the gateway-wide
            override block applied to every server before per-server overrides
            are layered on. Empty object when not set.
        expanded_servers:
          type: array
          items:
            $ref: '#/components/schemas/MCPGatewayExpandedServer'
    MCPGatewayCommonOverrides:
      type: object
      description: >-
        Gateway-level override block. Any field set here replaces the
        corresponding field on every server's base `mcp_config`. Use this to
        avoid repeating the same override on each entry in
        `servers_config.servers[]`. `input_guardrails_config` and
        `output_guardrails_config` may also be set per-server in
        `servers_config.servers[i]`; **`common_overrides` always wins on
        conflict** for those keys. `server_tools_guardrails_config` is
        gateway-wide only — there is no per-server equivalent.
      properties:
        input_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Gateway-wide override for every server's `input_guardrails_config`.
        output_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Gateway-wide override for every server's `output_guardrails_config`.
        server_tools_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: >-
            Gateway-wide guardrails policy applied by the MCP Gateway when it
            checks server info and tool listings for guardrails violations. The
            `input` section of the configured guardrail is what is evaluated,
            with `X-Enkrypt-Mode: prompt`. This field is only supported in
            `common_overrides` — it has no per-server equivalent and is not a
            field on the registry server's base `mcp_config`.
    MCPGatewayExpandedServer:
      type: object
      properties:
        saved_name:
          type: string
          description: Registry server saved_name
        server_version:
          type: string
          description: Server version
        server_name:
          type: string
          nullable: true
          description: Server package name
        description:
          type: string
          nullable: true
          description: Server description
        job_id:
          type: string
          format: uuid
          nullable: true
          description: MCP Hub server identifier (optional)
        source_url:
          type: string
          nullable: true
          description: Source URL
        source_version:
          type: string
          nullable: true
          description: Source version
        registry_id:
          type: string
          description: Hashed ID of the parent registry this server belongs to
        is_active:
          type: boolean
          description: Whether the server is enabled
        mcp_config:
          type: object
          description: >-
            Merged MCP configuration for this server: registry server's base
            `mcp_config` plus this entry's per-server overrides. **Any override
            key (`input_guardrails_config`, `output_guardrails_config`,
            `server_tools_guardrails_config`) supplied by gateway-wide
            `common_overrides` is omitted here** — those keys live once at the
            top-level `common_overrides`, which always wins. If a per-server
            entry set the same input/output key, it is dropped from this
            `mcp_config` too (common takes precedence).
          additionalProperties: true
        gateway_overrides:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayPerServerOverrides'
          description: >-
            Per-server overrides as declared on this entry in
            `servers_config.servers[]`, echoed verbatim from the stored gateway.
            Note that values here are only effective for keys that
            `common_overrides` does not also set — common wins on conflict.
    MCPGatewayErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: string
          description: Error message
    MCPGatewayGuardrailsPolicy:
      type: object
      description: Guardrails configuration
      properties:
        enabled:
          type: boolean
          description: Enable guardrails enforcement
        guardrail_name:
          type: string
          description: Guardrail identifier
        additional_config:
          type: object
          additionalProperties: true
          description: Detector-specific settings
        block:
          type: array
          items:
            type: string
            enum:
              - policy_violation
              - injection_attack
              - topic_detector
              - nsfw
              - toxicity
              - pii
              - keyword_detector
              - bias
              - sponge_attack
              - adherence
              - relevancy
              - hallucination
          description: >-
            Violation types triggering rejection. Note - adherence, relevancy,
            and hallucination are typically used for output guardrails only.
    MCPGatewayPerServerOverrides:
      type: object
      description: >-
        Subset of `MCPGatewayCommonOverrides` that may be set on a per-server
        entry — only the input/output guardrails configs.
        `server_tools_guardrails_config` is gateway-wide only and lives in
        `servers_config.common_overrides`.
      properties:
        input_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Override for the registry server's `input_guardrails_config`.
        output_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Override for the registry server's `output_guardrails_config`.
  responses:
    MCPGatewayBadRequest:
      description: Bad request - invalid input
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayUnauthorized:
      description: Unauthorized - invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayForbidden:
      description: Forbidden - insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayNotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayInternalError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: apikey

````