Secure GitHub MCP Server traffic with Kong Gateway and AI Gateway
Enable the Key Authentication plugin on your MCP service and require API keys from Consumers. Kong AI Gateway then enforces these keys on all incoming MCP requests, ensuring secure, authorized access.
For further authentication of your MCP traffic you can also use The OpenID Connect (OIDC) plugin lets you integrate Kong Gateway with an identity provider (IdP), or you can extend plugins to support fine-grained Authorization models via JWT claims or declarative Access Control Lists (ACLs)
Prerequisites
Kong Gateway running
This tutorial requires Kong Gateway Enterprise. If you don’t have Kong Gateway set up yet, you can use the quickstart script with an enterprise license to get an instance of Kong Gateway running almost instantly.
-
Export your license to an environment variable:
export KONG_LICENSE_DATA='LICENSE-CONTENTS-GO-HERE' -
Run the quickstart script:
curl -Ls https://get.konghq.com/quickstart | bash -s -- -e KONG_LICENSE_DATAOnce Kong Gateway is ready, you will see the following message:
Kong Gateway Ready
decK
decK is a CLI tool for managing Kong Gateway declaratively with state files. To complete this tutorial you will first need to install decK.
Required entities
For this tutorial, you’ll need Kong Gateway entities, like Gateway Services and Routes, pre-configured. These entities are essential for Kong Gateway to function but installing them isn’t the focus of this guide. Follow these steps to pre-configure them:
-
Run the following command:
echo ' _format_version: "3.0" services: - name: example-clean-service url: http://httpbin.konghq.com/ routes: - name: example-route paths: - "/anything" service: name: example-clean-service ' | deck gateway apply -
To learn more about entities, you can read our entities documentation.
OpenAI
This tutorial uses OpenAI:
- Create an OpenAI account.
- Get an API key.
- Create a decK variable with the API key:
export DECK_OPENAI_API_KEY="YOUR OPENAI API KEY"
export DECK_OPENAI_API_KEY="YOUR OPENAI API KEY"
GitHub
To complete this tutorial, you’ll need access to GitHub, a GitHub repository, and a Github Access Token.
Once you’ve created your Github Personal Access Token, export it as an environment variable by running the following command:
export GITHUB_PAT='YOUR_GITHUB_TOKEN'
Configure the AI Proxy Advanced plugin
To enable model-driven access to remote tools, we’ll route MCP traffic through OpenAI using the AI Proxy Advanced plugin. In this tutorial, we’ll use the OpenAI /responses API endpoint via the llm/v1/responses route type in the AI Proxy Advanced plugin to communicate with a GitHub-hosted remote MCP server. This approach simplifies integration: instead of routing each tool invocation through your backend, Kong AI Gateway forwards model-generated requests directly to the MCP server. That server exposes standardized tools, giving you conversational control over your GitHub repositories—secured and governed by Kong’s built-in capabilities. No custom glue code is required to enable this integration.
echo '
_format_version: "3.0"
plugins:
- name: ai-proxy-advanced
config:
targets:
- route_type: llm/v1/responses
auth:
header_name: Authorization
header_value: Bearer ${{ env "DECK_OPENAI_API_KEY" }}
model:
provider: openai
name: gpt-4o
options:
max_tokens: 512
temperature: 1.0
' | deck gateway apply -
Enable the Key Authentication plugin on the Service
Enable Key Auth for the Service.
echo '
_format_version: "3.0"
plugins:
- name: key-auth
service: example-clean-service
config:
key_names:
- apikey
' | deck gateway apply -
Create a Consumer
Consumers let you identify the client that’s interacting with Kong Gateway. The Consumer needs an API key to access any Services.
echo '
_format_version: "3.0"
consumers:
- username: alex
keyauth_credentials:
- key: hello_world
' | deck gateway apply -
Validate
After configuring the Key Authentication plugin, you can verify that it was configured correctly and is working, by sending requests with and without the API key you created for your Consumer.
The following request is valid, as it includes the apikey required by the Consumer:
curl "http://localhost:8000/anything" \
-H "Content-Type: application/json"\
-H "apikey: hello_world"\
-H "Authorization: Bearer $OPENAI_API_KEY" \
--json '{
"tools": [
{
"type": "mcp",
"server_label": "gitmcp",
"server_url": "https://api.githubcopilot.com/mcp/",
"require_approval": "never",
"headers": {
"Authorization": "Bearer '$GITHUB_PAT'"
}
}
],
"input": "How do I use GitHub MCP?"
}'
You should see the following response:
OK
On the following request, include an invalid value for apikey:
curl "http://localhost:8000/anything" \
-H "Content-Type: application/json"\
-H "apikey: another_key"\
-H "Authorization: Bearer $OPENAI_API_KEY" \
--json '{
"tools": [
{
"type": "mcp",
"server_label": "gitmcp",
"server_url": "https://api.githubcopilot.com/mcp/",
"require_approval": "never",
"headers": {
"Authorization": "Bearer '$GITHUB_PAT'"
}
}
],
"input": "How do I use GitHub MCP?"
}'
You should see the following response:
Unauthorized
Now, remove the required apikey from the request entirely:
curl "http://localhost:8000/anything" \
-H "Content-Type: application/json"\
-H "Authorization: Bearer $OPENAI_API_KEY" \
--json '{
"tools": [
{
"type": "mcp",
"server_label": "gitmcp",
"server_url": "https://api.githubcopilot.com/mcp/",
"require_approval": "never",
"headers": {
"Authorization": "Bearer '$GITHUB_PAT'"
}
}
],
"input": "How do I use GitHub MCP?"
}'
You should see the following response:
Unauthorized: No API key found in request