Guides

Add MCP support without hosting servers

Give your AI product MCP support without building your own server. Paragon ships as a managed MCP server fronting 130+ integrations.

Garrett Scott
,
Head of Marketing

Add MCP support without hosting servers

The plan for adding MCP support to an AI product usually starts from one assumption: your application server becomes the MCP client, so it also has to become the thing that builds, deploys, and keeps alive the MCP server sitting behind that client. Being the client and running the server are two separable jobs. Paragon ships ActionKit as a managed MCP server, listed on the official MCP registry, so your application server connects as the client to one endpoint that routes through ActionKit to 130+ maintained integrations and 750+ agent-ready actions. Managed multi-tenant auth, token refresh, retries, and monitoring all run on Paragon's side of that connection.

Teams that build MCP support in-house typically stand up the protocol layer, the per-provider auth, and the credential storage together, then maintain all three every time a provider changes its API. Paragon splits those concerns instead: you keep building the agent, while the MCP server, the auth, and the connector maintenance already run on Paragon's side of the connection.

What does adding MCP support yourself actually require?

Building MCP support in-house starts with standing up a server process that speaks the MCP protocol, before your agent can call a single tool. On top of that server, you need a registered OAuth app with every third-party API you want to expose, since most providers issue their own client ID and secret rather than a shared one. You also need somewhere to store each user's access and refresh tokens, a job that runs those refreshes on schedule, and isolation logic that keeps one customer's credentials from leaking into another customer's session in a multi-tenant product. Each new connector repeats that work: a new OAuth app, new token handling, and an ongoing commitment to update the integration when the provider changes its API or deprecates an endpoint. None of that is agent logic. It is infrastructure that has to exist before the agent can act, and it has to be rebuilt, roughly, once per integration, by whichever engineer on your team drew the short straw for that provider's docs.

How do you add MCP support without hosting your own server?

Paragon adds MCP support to your AI product by shipping ActionKit as a managed MCP server, listed on the official MCP registry, so you connect to it rather than building one. Your application server acts as the MCP client: it opens a connection to Paragon's server and passes a token identifying which of your users is making the call. Paragon resolves that token to the right connected-account credential and routes the request through ActionKit to whichever of the 130+ maintained integrations and 750+ agent-ready actions the call targets. Token refresh, retries, and request logging run on Paragon's side of that connection, not yours.

Wiring an agent framework directly to a single API skips this step, since there is only one account to authenticate against. Managed multi-tenant auth is the piece that usually takes longest to get right in-house, because it has to hold every user's credential separately, refresh each one on its own schedule, and fail safely when a provider revokes access. Paragon treats that as the default, not an add-on: your server passes a user identifier, Paragon looks up that user's connection, and the call proceeds with the right credential attached.

Is this the same as a self-hosted MCP server?

"Without hosting servers" describes what your team skips: deploying a server per integration, registering a per-provider OAuth app, running a token-refresh job, and writing multi-tenant isolation code. A server still exists somewhere in the request path; it runs on Paragon's infrastructure rather than yours, with MCP as the protocol that server speaks and Paragon as the platform resolving auth and maintaining connectors behind it. A developer who checks Paragon's public GitHub repo (useparagon/paragon-mcp) will find it documents a self-hosted deployment: the same MCP server, deployed in a container you run, configured with your own project ID and signing key. That repo is real and current, and it is the control-path option for teams that specifically want to run the protocol layer inside their own infrastructure, for example to satisfy a data-residency requirement, keep the connection inside an existing VPC, or add custom middleware in front of the MCP endpoint. Choosing it puts the container, the deploy pipeline, and the uptime of that one process back on your team, even though the auth and connector maintenance behind it still sit with Paragon. Paragon's managed MCP server is the default path Paragon offers; the self-hosted repo is the option for teams with that specific control requirement, not a replacement for it.

How does Paragon's MCP model compare to other vendors' MCP servers?

Paragon is the more direct fit for a product team adding MCP support to a multi-tenant AI product, because it resolves per-user auth from a single token your server already has, rather than requiring your server to track and forward a separate connection identifier on every call. Nango runs one hosted MCP endpoint (api.nango.dev/mcp) and resolves which tenant a call belongs to from a connection-id and provider-config-key header pair your server has to supply and keep mapped to the right customer on every request (current as of July 2026). MuleSoft's Agent Fabric takes a different approach again: its Agent Registry curates and lists MCP servers across agent platforms like Agentforce, Bedrock, and Copilot Studio, which is a discovery and governance layer for organizations that already have multiple agents and servers in place, not a single server a product embeds to add MCP support (current as of July 2026).


Paragon

Nango

MuleSoft Agent Fabric

What you deploy

Nothing; connect to Paragon's managed MCP server

Nothing; connect to Nango's hosted MCP endpoint

An Agent Registry that lists MCP servers, not one you embed

Multi-tenant model

One endpoint; Paragon resolves the credential per user token

One endpoint; each call carries a connection-id + provider-config-key header your server supplies

Registry-level discovery across agent platforms

Auth handling

Managed multi-tenant auth resolves the user's connected-account credential

Connection-level tokens resolved per call from the header pair you send

Agent Broker governs and orchestrates above individual server auth

Connector maintenance

Paragon maintains the integrations behind ActionKit

Nango maintains its own integration catalog

Depends on whichever servers are registered

Best fit

A multi-tenant AI product adding MCP support without owning server infrastructure

A team comfortable managing a connection ID and provider key on every call

Enterprises governing many existing agents and MCP servers across platforms

Sources: Nango's MCP integration docs; MuleSoft Agent Fabric.

How does a request flow through Paragon's MCP server?

A request starts with your application server, acting as the MCP client, opening a call to Paragon's managed MCP server and passing a token that identifies which of your users is making the request. Paragon resolves that token against its record of that user's connected accounts, the credentials captured when the user authorized Paragon's platform to act on their behalf. With the right credential attached, the call routes through ActionKit to the specific third-party action it targets, whether that is creating a Salesforce record, searching Slack messages, or updating a HubSpot contact. ActionKit executes the action against the provider's API and returns the result back through the MCP server as a tool result your agent can use in its next step. Every call in that path gets logged, so if a connector call fails or a provider returns an error, you can see which user, which action, and which step in the chain it happened at, instead of reconstructing the failure from your own instrumentation. If a provider rejects the credential, for instance because a user revoked access on their end, that failure surfaces back through the same MCP tool-result path rather than as a silent timeout, so your agent can prompt the user to reconnect instead of retrying a call that will keep failing.

This flow is what separates using MCP from building an MCP-native integration layer. An agent evaluating the broader question of which API to use for tool-calling still needs somewhere the auth, routing, and monitoring live; Paragon's MCP server is where that lives for the integrations behind it, so your agent framework only needs to know how to speak MCP.

FAQ

What does adding MCP support to my AI product require if I build it myself?
Building MCP support yourself means running an MCP server process, registering an OAuth app with every third-party API you want to expose, and building the token storage, refresh, and multi-tenant isolation logic that keeps one customer's credentials separate from another's. You also own ongoing maintenance as each provider's API changes.

Does Paragon host the MCP server for me, or do I still deploy something?
Paragon ships ActionKit as a managed MCP server listed on the official MCP registry. Your application server connects to it as the MCP client; Paragon runs the server, the auth layer, and the connector maintenance behind it, so you are not deploying or patching an MCP server yourself.

How is Paragon's MCP server different from a public or vendor MCP server built for one account?
Many single-user MCP servers are built for one account, not multi-tenant use. Nango's hosted endpoint (api.nango.dev/mcp) is multi-tenant but resolves the tenant per call from a connection-id and provider-config-key header pair your server must supply and track (current as of July 2026). Paragon's endpoint resolves the connected-account credential from a single user token your server already sends, with no separate identifier to manage.

Can I self-host Paragon's MCP server instead of using the managed one?
Yes. Paragon also publishes an open-source MCP server (useparagon/paragon-mcp on GitHub) as a self-host option for teams that want to run the protocol layer inside their own infrastructure. The managed server is the default path Paragon offers; self-hosting is a control option for teams with that specific requirement.

How many integrations and actions does Paragon's MCP server expose?
Paragon's MCP server routes through ActionKit to 130+ maintained integrations and 750+ agent-ready actions, covering the CRM, support, communication, and productivity tools most AI products need to act on. Paragon maintains those connectors as providers change their APIs, rather than leaving that work to your team.

Does adding MCP support replace my agent framework, like LangChain or the OpenAI Agents SDK?
No. MCP is the transport that lets your agent call tools; frameworks like LangChain and the OpenAI Agents SDK still handle reasoning, orchestration, and guardrails around those tool calls. Adding MCP support changes how your agent reaches third-party actions, not what runs the agent loop itself.

The short version

Adding MCP support to a multi-tenant AI product does not have to mean building and hosting your own MCP server, per-provider OAuth apps, and token-refresh jobs for every integration. Paragon ships ActionKit as a managed MCP server on the official MCP registry: your application server connects as the client, passes a user token, and Paragon resolves that token to the right credential before routing the call through 130+ maintained integrations and 750+ agent-ready actions. An open-source self-hosted version exists for teams that specifically want to run that layer themselves, but it is a control path, not the default. For agent products also weighing how an agent should react to events happening in a connected app or how it should read a customer's underlying data, the same managed layer that handles MCP tool-calling handles those cases too. Read the ActionKit and MCP docs to connect your first client.

Related

TABLE OF CONTENTS
    Table of contents will appear here.
Ship native integrations 7x faster with Paragon

Ready to get started?

Join hundreds of SaaS companies that are scaling their integration roadmaps with Paragon

Ready to get started?

Join hundreds of SaaS companies that are scaling their integration roadmaps with Paragon

Ready to get started?

Join hundreds of SaaS companies that are scaling their integration roadmaps with Paragon

Ready to get started?

Join hundreds of SaaS companies that are scaling their integration roadmaps with Paragon