Tyk MCP vs. Apigee MCP
Governing AI agents across every protocol, in open source
Both gateways support Model Context Protocol, but the licensing and deployment shape differ. Tyk treats MCP as a first-class API surface in the open source gateway. Apigee hosts MCP proxies as a managed Google Cloud service, transcoding OpenAPI specs into MCP tools and surfacing them through API hub — all behind the Apigee subscription.
The world’s biggest companies trust Tyk to deliver exceptional API experiences.
Govern every AI agent, every protocol, one platform
Tyk treats MCP as a first-class API surface: same gateway, same policies, same analytics, same open source licence.
Multiple MCP patterns
Convert any OpenAPI spec to MCP, proxy a remote MCP server as upstream, or expose your Tyk Dashboard and Docs as MCP — all from the same gateway.
Fine-grained MCP policies
Filter tools, resources and prompts per policy, and apply JSON-RPC method or MCP primitive rate limits — not just blunt request-per-second caps on the whole server.
MCP-aware observability
Every MCP call is tagged in analytics with mcpMethod, transaction ID and URI, so you can see which tools agents call, how often, and at what cost.
Tyk MCP and Apigee MCP compared
Features
What it means for you
Tyk
Apigee
Tyk vs Apigee – Gartner reviews
Based on verified reviews from real users in the API management market, Apigee has a rating on Gartner of 4.5 stars with 319 reviews. Tyk has a rating of 4.8 stars with 89 reviews. Have a look at the Gartner Peer Insights comparison page for more about Apigee vs Tyk.
Why teams shipping AI agents choose Tyk
Both gateways speak MCP. The difference is how much you can do, how openly, and how safely.
More MCP patterns out of the box
API-to-MCP, remote MCP proxying, Dashboard-as-MCP and Docs-as-MCP all ship with Tyk. Apigee focuses on the OpenAPI-to-MCP pattern through its managed MCP proxy — no Docs-as-MCP, no Dashboard-as-MCP, and no built-in mock server.
Granular safety controls beyond per-tool
Tyk filters and rate-limits tools, resources AND prompts as first-class primitives. Apigee gets per-tool rate limiting via CEL descriptors that inspect the JSON-RPC body, which works well for tools/call vs tools/list, but does not natively model MCP resources or prompts as policy targets.
Production-grade MCP auth
Tyk's built-in OAuth proxy with auto-mirrored Protected Resource Metadata makes remote MCPs work cleanly with RFC 8707 strict authorisation servers, with no manual wiring. Apigee supports OAuth 2.1 and OIDC on MCP endpoints, but PRM auto-mirroring for upstream remote MCPs is not built in.
Open source by default
Tyk's MCP support lives in the open source gateway under MPL 2.0 and runs anywhere — on-prem, hybrid, multi-cloud. Apigee MCP is a managed Google Cloud service: you pay for the Apigee subscription and your MCP control plane lives in Google's tenancy.
Tyk MCP feature reference
Everything you need to publish, secure, govern and observe MCP servers used by AI agents and assistants.
API-to-MCP from OpenAPI
Generate MCP tools, resources and prompts directly from an OpenAPI 3 spec.
Remote MCP upstream
Front any third-party MCP server with Tyk policies, auth and analytics.
Dashboard-as-MCP
Expose Tyk Dashboard APIs as MCP so AI agents can manage the gateway safely.
Docs-as-MCP
Let agents query Tyk documentation through MCP for grounded, cited answers.
Mock MCP server
Spin up a 15-tool mock MCP server in seconds for development and CI.
OAuth, OIDC, JWT, mTLS
Apply Tyk's full auth stack to MCP traffic, per server or per key.
OAuth proxy for remote MCPs
Mirror Protected Resource Metadata automatically for RFC 8707 strict ASes.
Per-tool / resource / prompt ACLs
Allow or deny individual MCP primitives per policy or key.
Token introspection & revocation
Cut off agent access in real time when a token is compromised.
mTLS to upstream MCP
Mutual TLS between Tyk and the remote MCP backend.
JSON-RPC method rate limits
Apply different throttles to different MCP methods.
MCP primitive rate limits
Cap usage per tool, resource or prompt, per key or policy.
Policy-based MCP filtering
Hide entire categories of tools from specific consumers.
Versioning & deprecation
Run multiple MCP server versions side by side and sunset gracefully.
GitOps with the Tyk Operator
Manage MCP APIs as Kubernetes CRDs in your pipelines.
MCP-tagged analytics
Every record carries the MCP method, transaction ID and URI.
Per-tool consumption
See which agents are calling which tools, and at what cost.
OpenTelemetry traces
Export MCP spans to Jaeger, Tempo, Datadog and friends.
Detailed JSON-RPC logs
Stream MCP request and response bodies to your SIEM.
MCP swagger metadata
Self-describing MCP APIs surface in the catalogue and developer portal.
Get a personalised demo
Migrating your MCP estate to Tyk
A five-step path to move MCP traffic from Apigee to Tyk without breaking your AI agents.
01
Inventory your MCP proxies
List every Apigee MCP proxy (typically /mcp basepath, mcp.apigee.internal target) along with the OpenAPI specs and the API hub entries that reference them.
02
Re-import OpenAPI specs into Tyk
Use Tyk's API-to-MCP feature to regenerate the same MCP tools from the same OpenAPI sources — no rewriting of upstreams required.
03
Translate Apigee policies to Tyk policies
Convert Apigee's CEL-based per-tool rate-limit descriptors and OAuth 2.1/OIDC policies into Tyk security policies, extending them with per-resource and per-prompt filtering plus native JSON-RPC method-level limits.
04
Cut agents over progressively
Switch MCP client configurations to Tyk one agent or environment at a time, validating behaviour and latency against the Apigee baseline.
05
Decommission the Apigee MCP footprint
Once all MCP traffic flows through Tyk, retire the Apigee MCP proxies and API hub MCP entries, and reclaim the corresponding Apigee entitlements.
FAQ
Does Apigee actually support MCP?
Yes. Apigee hosts MCP endpoints by deploying an “MCP proxy” — /mcp basepath targeting mcp.apigee.internal with an attached OpenAPI specification. Apigee transcodes the spec into MCP tools and exposes JSON-RPC tools/list and tools/call methods over HTTP/S. Deployed MCP proxies are automatically registered in Apigee API hub as MCP APIs. The feature requires Google Cloud Apigee and is not available outside that subscription.
What MCP patterns does Tyk support that Apigee does not?
Tyk supports Docs-as-MCP for grounded AI answers from product documentation, Dashboard-as-MCP for managing the gateway through MCP, a mock MCP server for CI and development, and an OAuth proxy that auto-mirrors Protected Resource Metadata for RFC 8707 strict authorisation servers. Apigee focuses on the OpenAPI-to-MCP pattern via its managed MCP proxy.
How does rate limiting work for MCP in Tyk vs Apigee?
Both support JSON-RPC method-level rate limiting. Tyk does it natively at the policy level — separate caps for tools/list, tools/call, individual tools, resources and prompts. Apigee achieves per-tool limits through CEL descriptors that inspect the JSON-RPC method body inside its quota/rate-limit policies, which works well for tools but does not natively model resources or prompts as policy targets.
Is MCP support in Tyk open source?
Yes. Core MCP gateway features — API-to-MCP, remote MCP upstream, policy filtering and analytics — live in the open source Tyk Gateway under MPL 2.0. Apigee is a managed Google Cloud product; its MCP support is part of the Apigee subscription and runs in Google’s tenancy.
Can I test MCP integrations without standing up a real backend?
Yes. Tyk publishes tyk-mock-mcp-server, a Go-based mock MCP server implementing the November 2025 spec with 15 tools across six categories, prompts, resources and SSE test endpoints. Drop it behind Tyk and exercise your full MCP pipeline in CI. Apigee does not ship an equivalent mock MCP server.