Tyk MCP vs Kong MCP
Governing AI agents across every protocol, in open source
Both gateways support Model Context Protocol, but the depth and licensing differ. Tyk exposes APIs, dashboards and docs as MCP, proxies remote MCP servers, and governs them with per-tool policies and method-level rate limits — most of it in open source. Kong’s AI MCP Proxy and MCP tool ACLs live behind the Enterprise AI Gateway licence.
The world’s biggest companies trust Tyk to deliver exceptional API experiences.
Every AI agent, every protocol, governed with one platform
Tyk treats MCP as a first-class API surface: same gateway, same policies, same analytics, same open source licence.
Multiple MCP patterns
Convert any OpenAPI spec to MCP, proxy a remote MCP server as upstream, or expose your Tyk Dashboard and Docs as MCP — all from the same gateway.
Fine-grained MCP policies
Filter tools, resources and prompts per policy, and apply JSON-RPC method or MCP primitive rate limits — not just blunt request-per-second caps on the whole server.
MCP-aware observability
Every MCP call is tagged in analytics with mcpMethod, transaction ID and URI, so you can see which tools agents call, how often, and at what cost.
Tyk MCP and Kong MCP compared
Features
What it means for you
Tyk
Kong
Tyk vs Kong – Gartner reviews
Based on verified reviews from real users in the API management market, Kong has a rating on Gartner of 4.5 stars with 164 reviews. Tyk has a rating of 4.7 stars with 91 reviews. Have a look at the Gartner Peer Insights page for more about Tyk.
Why teams shipping AI agents choose Tyk
Both gateways speak MCP. The difference is how much you can do, how openly, and how safely.
More MCP patterns out of the box
API-to-MCP, remote MCP proxying, Dashboard-as-MCP and Docs-as-MCP all ship with Tyk. Kong centers on OpenAPI-to-MCP via the AI MCP Proxy plus a separate Kong MCP Server for managing Konnect itself — no Docs-as-MCP and no built-in mock server.
Granular safety controls
Tyk filters exactly which tools, resources and prompts each key can call, and rate limits individual JSON-RPC methods or MCP primitives. Kong's MCP ACLs are tool-level only (not resources or prompts), and rate limiting falls back to the standard gateway-wide rate limit plugins — you cannot throttle one MCP method differently from another.
Production-grade MCP auth
Tyk's built-in OAuth proxy with auto-mirrored Protected Resource Metadata makes remote MCPs work cleanly with RFC 8707 strict authorisation servers, with no manual wiring. Kong offers an AI MCP OAuth2 plugin but does not auto-mirror PRM.
Open source by default
Tyk's MCP support lives in the open source gateway under MPL 2.0. Kong's AI MCP Proxy plugin and MCP Tool ACLs require an AI Gateway licence and ship as enterprise features in Kong Konnect.
Tyk MCP feature reference
Everything you need to publish, secure, govern, and observe MCP servers used by AI agents and assistants.
API-to-MCP from OpenAPI
Generate MCP tools, resources and prompts directly from an OpenAPI 3 spec.
Remote MCP upstream
Front any third-party MCP server with Tyk policies, auth and analytics.
Dashboard-as-MCP
Expose Tyk Dashboard APIs as MCP so AI agents can manage the gateway safely.
Docs-as-MCP
Let agents query Tyk documentation through MCP for grounded, cited answers.
Mock MCP server
Spin up a 15-tool mock MCP server in seconds for development and CI.
OAuth, OIDC, JWT, mTLS
Apply Tyk's full auth stack to MCP traffic, per server or per key.
OAuth proxy for remote MCPs
Mirror Protected Resource Metadata automatically for RFC 8707 strict ASes.
Per-tool/resource/prompt ACLs
Allow or deny individual MCP primitives per policy or key.
Token introspection and revocation
Cut off agent access in real time when a token is compromised.
mTLS to upstream MCP
Mutual TLS between Tyk and the remote MCP backend.
JSON-RPC method rate limits
Apply different throttles to different MCP methods.
MCP primitive rate limits
Cap usage per tool, resource or prompt, per key or policy.
Policy-based MCP filtering
Hide entire categories of tools from specific consumers.
Versioning and deprecation
Run multiple MCP server versions side by side and sunset gracefully.
GitOps with the Tyk Operator
Manage MCP APIs as Kubernetes CRDs in your pipelines.
MCP-tagged analytics
Every record carries the MCP method, transaction ID and URI.
Per-tool consumption
See which agents are calling which tools, and at what cost.
OpenTelemetry traces
Export MCP spans to Jaeger, Tempo, Datadog and friends.
Detailed JSON-RPC logs
Stream MCP request and response bodies to your SIEM.
MCP swagger metadata
Self-describing MCP APIs surface in the catalogue and developer portal.
Get a personalized demo
Migrating your MCP estate to Tyk
A five-step path to move MCP traffic from Kong to Tyk without breaking your AI agents.
01
Inventory your MCP routes and plugins
List every Kong route that uses the AI MCP Proxy plugin, along with the OpenAPI specs, consumer groups and ACL rules attached to each.
02
Re-import OpenAPI specs into Tyk
Use Tyk's API-to-MCP feature to regenerate the same MCP tools from the same OpenAPI sources — no rewriting of upstreams required.
03
Translate consumer-group ACLs to Tyk policies
Convert Kong's per-tool consumer-group ACLs into Tyk security policies, extending them with per-resource and per-prompt filtering plus JSON-RPC method-level rate limits.
04
Cut agents over progressively
Switch MCP client configurations to Tyk one agent or environment at a time, validating behaviour and latency against the Kong baseline.
05
Retire the AI Gateway licence
Once all MCP traffic flows through Tyk, decommission the Kong AI MCP Proxy and reclaim the AI Gateway license cost.
FAQ
Does Kong actually support MCP?
Yes. Kong ships an AI MCP Proxy plugin that turns OpenAPI specs into MCP tools and aggregates multiple APIs into a single MCP server endpoint, plus a standalone Kong MCP Server for managing Konnect itself through MCP clients like Claude Desktop. Both require Kong’s AI Gateway/Enterprise licence and are not part of the open source Kong Gateway.
What MCP patterns does Tyk support that Kong does not?
Tyk supports Docs-as-MCP for grounded AI answers from product documentation, a mock MCP server for CI and development, and an OAuth proxy that auto-mirrors Protected Resource Metadata for RFC 8707 strict authorization servers. Kong focuses on OpenAPI-to-MCP via the AI MCP Proxy plus the Kong MCP Server for Konnect administration.
How does rate limiting work for MCP in Tyk vs Kong?
Tyk applies rate limits at multiple levels: the API, the JSON-RPC method, and the MCP primitive (individual tool, resource or prompt). That means you can let an agent call get_users freely while throttling process_order, all from a single policy. Kong relies on its general-purpose rate limit plugins, which throttle the whole MCP route or consumer rather than individual MCP methods or tools.
Is MCP support in Tyk open source?
Yes. Core MCP gateway features — API-to-MCP, remote MCP upstream, policy filtering and analytics — live in the open source Tyk Gateway under MPL 2.0. Kong’s AI MCP Proxy plugin and MCP Tool ACLs require an AI Gateway licence and are not available in the open source Kong distribution.
Can I test MCP integrations without standing up a real backend?
Yes. Tyk publishes tyk-mock-mcp-server, a Go-based mock MCP server implementing the November 2025 spec with 15 tools across six categories, prompts, resources and SSE test endpoints. Drop it behind Tyk and exercise your full MCP pipeline in CI. Kong does not ship an equivalent mock MCP server.