> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update MCP Gateway

> Partially update an existing MCP gateway. The `servers_config` body is **deep-merged** onto the persisted config — fields you don't send are left untouched. Semantics:

- Top-level keys (`common_overrides`, `servers`) update independently.
- `null` at any level means "delete this key" (RFC 7396 / JSON Merge Patch). Examples: `common_overrides.input_guardrails_config: null` removes that policy; `common_overrides: null` clears the whole object; `servers: null` clears the whole array.
- The `servers` array is keyed by `(saved_name, server_version)`. Each entry in the patch matches an existing entry by that key — found entries are deep-merged; new ones are appended. Existing entries not referenced in the patch are preserved.
- To remove a server entry, send it with `_delete: true` (idempotent — removing a missing server is a no-op).
- Inside a guardrails policy, `additional_config` is deep-merged; arrays (`block`) and primitives (`enabled`, `guardrail_name`) are replaced wholesale.

Requires X-Enkrypt-MCP-Gateway header.



## OpenAPI

````yaml PATCH /mcp-gateway/modify-gateway
openapi: 3.0.0
info:
  title: Enkrypt AI APIs
  version: 2.0.0
servers:
  - url: https://api.enkryptai.com
security:
  - apiKeyAuth: []
tags:
  - name: Guardrails
  - name: Code of Conduct
  - name: Endpoints
  - name: Datasets
  - name: Redteam
  - name: Deployments
  - name: AI Proxy
  - name: Leaderboard
  - name: Archived
  - name: MCP Hub
    description: >-
      MCP Hub vulnerability scanning APIs. Submitting scans (the POST endpoints)
      is open to all authenticated callers. The scan **retrieval** APIs — Get
      Scan Job Status, Get Complete Scan Results, List Scans, and Get MCP Hub
      Scan Statistics (the GET endpoints) — are an **enterprise data-license
      feature**: they require your organization to have MCP Hub API access
      enabled by Enkrypt, otherwise they return `403`. Contact us at
      support@enkryptai.com to enable access.
  - name: MCP Registry Servers
  - name: MCP Gateways
  - name: MCP Playground
paths:
  /mcp-gateway/modify-gateway:
    patch:
      tags:
        - MCP Gateways
      summary: Update MCP Gateway
      description: >-
        Partially update an existing MCP gateway. The `servers_config` body is
        **deep-merged** onto the persisted config — fields you don't send are
        left untouched. Semantics:


        - Top-level keys (`common_overrides`, `servers`) update independently.

        - `null` at any level means "delete this key" (RFC 7396 / JSON Merge
        Patch). Examples: `common_overrides.input_guardrails_config: null`
        removes that policy; `common_overrides: null` clears the whole object;
        `servers: null` clears the whole array.

        - The `servers` array is keyed by `(saved_name, server_version)`. Each
        entry in the patch matches an existing entry by that key — found entries
        are deep-merged; new ones are appended. Existing entries not referenced
        in the patch are preserved.

        - To remove a server entry, send it with `_delete: true` (idempotent —
        removing a missing server is a no-op).

        - Inside a guardrails policy, `additional_config` is deep-merged; arrays
        (`block`) and primitives (`enabled`, `guardrail_name`) are replaced
        wholesale.


        Requires X-Enkrypt-MCP-Gateway header.
      operationId: modifyGateway
      parameters:
        - $ref: '#/components/parameters/MCPGatewayGatewayHeader'
        - $ref: '#/components/parameters/MCPGatewayGatewayVersionHeader'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MCPGatewayUpdateGatewayRequest'
            examples:
              upsert-server:
                summary: Upsert one server's input guardrails (other servers untouched)
                value:
                  servers_config:
                    servers:
                      - saved_name: my-filesystem-server
                        server_version: v1
                        input_guardrails_config:
                          enabled: true
                          guardrail_name: Updated Guardrail
                          block:
                            - topic_detector
                            - nsfw
                            - keyword_detector
              update-common-only:
                summary: >-
                  Update one common_overrides key (servers and other common keys
                  untouched)
                value:
                  servers_config:
                    common_overrides:
                      input_guardrails_config:
                        enabled: false
              update-common-overrides:
                summary: >-
                  Replace two common_overrides policies wholesale (other
                  policies untouched)
                value:
                  servers_config:
                    common_overrides:
                      input_guardrails_config:
                        enabled: true
                        guardrail_name: Org Input Guardrail v2
                        block:
                          - injection_attack
                          - pii
                          - keyword_detector
                      server_tools_guardrails_config:
                        enabled: true
                        guardrail_name: Org Server/Tools Guardrail v2
                        block:
                          - policy_violation
                          - injection_attack
                          - pii
              remove-server:
                summary: Remove a server entry from the gateway
                value:
                  servers_config:
                    servers:
                      - saved_name: my-filesystem-server
                        server_version: v1
                        _delete: true
              clear-policy-via-null:
                summary: Delete a single common_overrides policy via null
                value:
                  servers_config:
                    common_overrides:
                      input_guardrails_config: null
              toggle-active:
                summary: Toggle is_active without touching servers_config
                value:
                  is_active: false
      responses:
        '200':
          description: Gateway updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MCPGatewayResponseObject'
        '400':
          $ref: '#/components/responses/MCPGatewayBadRequest'
        '401':
          $ref: '#/components/responses/MCPGatewayUnauthorized'
        '403':
          $ref: '#/components/responses/MCPGatewayForbidden'
        '404':
          $ref: '#/components/responses/MCPGatewayNotFound'
        '500':
          $ref: '#/components/responses/MCPGatewayInternalError'
components:
  parameters:
    MCPGatewayGatewayHeader:
      name: X-Enkrypt-MCP-Gateway
      in: header
      required: true
      description: Gateway saved_name
      schema:
        type: string
        maxLength: 32
        example: my-dev-gateway
    MCPGatewayGatewayVersionHeader:
      name: X-Enkrypt-MCP-Gateway-Version
      in: header
      required: false
      description: Gateway version (defaults to "v1")
      schema:
        type: string
        default: v1
        example: v1
  schemas:
    MCPGatewayUpdateGatewayRequest:
      type: object
      description: >-
        Partial-update payload. `servers_config` is **deep-merged** onto the
        persisted config — keys you don't send are left untouched. See the
        `/mcp-gateway/modify-gateway` operation description for full semantics
        (null means delete; the `servers` array is keyed by `saved_name +
        server_version` with `_delete: true` for removal; guardrails policies
        replace as a unit while `additional_config` deep-merges).
      properties:
        servers_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayServersConfig'
          description: >-
            Partial servers_config. Keys not present are left untouched. `null`
            at any level deletes that key. The `servers` array is upserted by
            `(saved_name, server_version)`; send `_delete: true` on an entry to
            remove it. Per-server entries in this PATCH context additionally
            accept `_delete: true` (boolean), which is not part of the persisted
            shape.
        is_active:
          type: boolean
          description: Toggle the gateway's active state.
        is_sample:
          type: boolean
          description: Mark this gateway as a sample.
    MCPGatewayResponseObject:
      type: object
      properties:
        message:
          type: string
          description: Response message
        data:
          $ref: '#/components/schemas/MCPGatewayObject'
    MCPGatewayServersConfig:
      type: object
      properties:
        common_overrides:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayCommonOverrides'
          description: >-
            Gateway-wide overrides applied to every server in this gateway.
            **`common_overrides` always wins** — for any key set here, the same
            key on a per-server entry in `servers` is ignored at expansion time.
            Common and per-server can both be persisted, but for any given key
            common takes precedence.
        servers:
          type: array
          items:
            $ref: '#/components/schemas/MCPGatewayServerReference'
          description: >-
            Array of server references with optional per-server overrides. A
            per-server override is only effective for keys that
            `servers_config.common_overrides` does not also set; common always
            wins on conflict.
    MCPGatewayObject:
      type: object
      properties:
        gateway_saved_name:
          type: string
          description: User-given name for the gateway
        gateway_version:
          type: string
          description: Gateway version
        servers_config:
          $ref: '#/components/schemas/MCPGatewayServersConfig'
        gateway_id:
          type: string
          description: Hashed gateway ID
        project_name:
          type: string
          description: Project name
        is_active:
          type: boolean
          description: Whether the gateway is enabled (distinct from is_deleted)
        is_sample:
          type: boolean
          description: Whether this is a sample gateway
        created_at:
          type: string
          format: date-time
          description: Creation timestamp
        updated_at:
          type: string
          format: date-time
          description: Last update timestamp
        created_by:
          type: string
          format: uuid
          nullable: true
          description: User ID who created this gateway
        updated_by:
          type: string
          format: uuid
          nullable: true
          description: User ID who last updated this gateway
    MCPGatewayErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: string
          description: Error message
    MCPGatewayCommonOverrides:
      type: object
      description: >-
        Gateway-level override block. Any field set here replaces the
        corresponding field on every server's base `mcp_config`. Use this to
        avoid repeating the same override on each entry in
        `servers_config.servers[]`. `input_guardrails_config` and
        `output_guardrails_config` may also be set per-server in
        `servers_config.servers[i]`; **`common_overrides` always wins on
        conflict** for those keys. `server_tools_guardrails_config` is
        gateway-wide only — there is no per-server equivalent.
      properties:
        input_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Gateway-wide override for every server's `input_guardrails_config`.
        output_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Gateway-wide override for every server's `output_guardrails_config`.
        server_tools_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: >-
            Gateway-wide guardrails policy applied by the MCP Gateway when it
            checks server info and tool listings for guardrails violations. The
            `input` section of the configured guardrail is what is evaluated,
            with `X-Enkrypt-Mode: prompt`. This field is only supported in
            `common_overrides` — it has no per-server equivalent and is not a
            field on the registry server's base `mcp_config`.
    MCPGatewayServerReference:
      type: object
      required:
        - saved_name
      description: >-
        Reference to a registry server with optional per-server overrides.
        `input_guardrails_config` or `output_guardrails_config` set here
        override the corresponding fields on the registry server's base
        `mcp_config` for this server only — **unless** the same key is also set
        in `servers_config.common_overrides`, in which case the common value
        wins and the per-server value is ignored. The gateway-wide
        `server_tools_guardrails_config` may only be set in `common_overrides`.
      properties:
        saved_name:
          type: string
          description: Reference to registry server saved_name
        server_version:
          type: string
          default: v1
          description: Server version to reference
        input_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Override for the registry server's `input_guardrails_config`.
        output_guardrails_config:
          allOf:
            - $ref: '#/components/schemas/MCPGatewayGuardrailsPolicy'
          description: Override for the registry server's `output_guardrails_config`.
    MCPGatewayGuardrailsPolicy:
      type: object
      description: Guardrails configuration
      properties:
        enabled:
          type: boolean
          description: Enable guardrails enforcement
        guardrail_name:
          type: string
          description: Guardrail identifier
        additional_config:
          type: object
          additionalProperties: true
          description: Detector-specific settings
        block:
          type: array
          items:
            type: string
            enum:
              - policy_violation
              - injection_attack
              - topic_detector
              - nsfw
              - toxicity
              - pii
              - keyword_detector
              - bias
              - sponge_attack
              - adherence
              - relevancy
              - hallucination
          description: >-
            Violation types triggering rejection. Note - adherence, relevancy,
            and hallucination are typically used for output guardrails only.
  responses:
    MCPGatewayBadRequest:
      description: Bad request - invalid input
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayUnauthorized:
      description: Unauthorized - invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayForbidden:
      description: Forbidden - insufficient permissions
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayNotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
    MCPGatewayInternalError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/MCPGatewayErrorResponse'
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: apikey

````