by datastudy.nl

The latest model launches and AI tools, explained for beginners

AI

MCP explained: what it actually adds beyond a normal API

MCP, the Model Context Protocol, is an open standard that lets AI models discover and call tools at runtime instead of you hardcoding an API for each one.

Abstract data-art visualization contrasting direct API integrations that scale as apps times tools with MCP connectors that scale as apps plus tools
Illustrative scaling curves: direct API wiring grows as apps multiplied by tools, MCP connectors grow as apps plus tools. Data Today benchmark.

If you have shipped a REST API, you already know 90 percent of what MCP is. The Model Context Protocol, or MCP, is the thing you keep seeing in AI release notes next to words like "agent" and "tool calling," and if you come from traditional software engineering it can sound like marketing fog over a concept you already understand. It is not fog. MCP, introduced by Anthropic in November 2024 and now supported by OpenAI, Google DeepMind, and Microsoft, is a real, specific answer to a problem a normal API was never designed to solve: letting a language model find out what tools exist and call them without a human writing bespoke integration code for every single pairing. That is the whole idea, and once you see the mechanics it stops feeling mysterious.

MCP is not a replacement for your API. It is a standard wrapper that tells an AI model what your API can do and how to call it, so the model can plug into any MCP-aware app without custom glue code. This piece frames MCP through the API contract you already know rather than the data-pipeline angle covered in our companion explainer for data engineers, because the mental model an API developer needs is a little different: less "one connector for every warehouse," more "one contract every client can read at runtime instead of one you hardcode per client."

What problem does MCP solve that a normal API does not?

Start with what you already know. A REST or GraphQL API is a contract between two systems that both know about each other in advance. You read the docs, you write a client, you hardcode the endpoints, the parameters, and the auth flow. That works because a human wrote both sides of the integration once and it stays fixed. An AI agent breaks that assumption. If you want an AI assistant to check your calendar, query your database, and file a support ticket, someone has to write three separate integrations, one per tool, and update all three every time an API changes. Do that across ten agent products and thirty tools and you get the classic N times M integration problem: every app needs a custom connector to every tool, so the number of integrations explodes as both numbers grow.

MCP flattens that. Instead of an app writer building a custom connector to your API, you build one MCP server that wraps your API and speaks a common language. Any MCP-compatible app, Claude, a coding agent, a custom chatbot, can talk to that server without anyone writing app-specific glue. The chart below plots the illustrative math: with three AI apps and ten data sources, direct wiring needs 30 separate integrations, while MCP needs roughly 13, three app-to-protocol connections plus ten servers. That is not a benchmark of a real deployment, it is arithmetic, but it is the arithmetic that explains why every major model vendor adopted the same standard within months of each other instead of building three incompatible ones.

Line chart showing direct API integrations scaling to 30 as ten data sources are added to three AI apps, versus MCP connectors scaling to only 13 over the same range
Illustrative scaling of integration effort: direct API wiring for three AI apps against ten tools needs 30 connections, MCP needs about 13. Data Today benchmark.

How does an MCP server actually work under the hood?

Here is the part that will feel most familiar to an API developer: MCP is not a new transport or a new wire format you have to learn from scratch. Messages are JSON-RPC 2.0, the same request and response envelope plenty of internal tooling already uses, sent over stdio for a local process or over HTTP with server-sent events for a remote one. If you have built a JSON API before, reading an MCP message will not surprise you.

What is different is the shape of the conversation. Three roles exist: the host is the AI application the user talks to, the client is a connector inside that host that manages one connection, and the server is the program you write that exposes capabilities. A server declares three kinds of capabilities and the model discovers them at runtime instead of a developer hardcoding them:

  • Tools: functions the model can call, each with a name, a description, and a JSON schema for its arguments, the same shape you would put in an OpenAPI spec.
  • Resources: read-only data the model can pull in as context, a file, a database row, a log line, addressed by a URI.
  • Prompts: reusable prompt templates the server offers so the client does not have to reinvent common instructions.

The discovery step is the actual innovation. When a client connects, it asks the server "what can you do," the server answers with a live list of tools and their schemas, and the model reads that list and decides which tool to call and with what arguments. Compare that to a traditional API integration, where the caller already knows the endpoint list at compile time because a developer read the docs and wrote it down. MCP moves that lookup to runtime and hands it to the model instead of a developer. You still write the server the same way you would write any API handler, request in, validated arguments, business logic, response out, but you stop writing a bespoke client for every app that wants to use it.

Why does an API developer need to care about this at all?

If you already maintain a public or internal API, you have effectively already done the hard part. The typical migration is not a rewrite: you drop a thin MCP server in front of your existing endpoints, map each meaningful action to a tool, describe its inputs with a JSON schema, and reuse whatever auth you already run behind the scenes. Your database, your business logic, your rate limits, none of that changes. What changes is that any MCP-aware AI product can now call your API without you shipping a Python SDK, a Node SDK, and a Postman collection and hoping every integrator reads them correctly.

That matters for three concrete reasons if you build or maintain APIs:

  • You stop maintaining N client SDKs. Every language-specific SDK you publish today is a maintenance burden that grows every time your API changes. An MCP server is one integration surface that every compliant client can use.
  • Your API becomes agent-reachable without a rewrite. If your roadmap includes "let an AI assistant use our product," MCP is usually a thinner lift than building a custom plugin format, because you are describing your existing endpoints, not building a new protocol.
  • You inherit a security model you did not have to design. MCP's spec defines how a server declares scopes and how a client should prompt a human before a destructive action runs, so you are not the first team to invent "should the AI be allowed to delete this row without asking."

That last point deserves an honest caveat. MCP servers that connect to real data and take real actions are software with real attack surface, and researchers have already documented prompt injection paths where malicious content inside a tool's response tricks a model into calling other tools it should not. A support bot with too much standing access turned a routine account recovery flow into a full takeover at Meta earlier this year, and the lesson generalizes directly to MCP: the protocol describes what a tool can do, it does not decide what it should be allowed to do without a human checking in. Treat every MCP server the way you would treat any other piece of code with access to your production systems: least-privilege credentials, explicit confirmation before destructive calls, and logging on every tool invocation. MCP standardizes the interface, it does not remove the need for the access-control thinking you already apply to a normal API.

What should you actually do with this, and what is still unsettled?

If you are deciding whether to build an MCP server this quarter, the honest framing is: build one if you already have an API and a real, near-term reason an AI agent needs to call it, not because it is trending. Wrapping an API you do not expect an agent to use yet is wasted surface area to secure. If you are building an agent product and evaluating whether to support MCP as a client, the calculus is different: the ecosystem of existing servers, for GitHub, for Slack, for Postgres, for your file system, is now large enough that supporting the protocol gets you a long list of integrations you did not have to write.

What is still unsettled is authorization at scale. Early MCP deployments leaned on simple API keys or OAuth passthrough, and the spec's authorization guidance has continued to evolve as real production deployments surface edge cases around token scoping and multi-tenant servers. If you are shipping an MCP server that touches customer data, read the current authorization spec at modelcontextprotocol.io rather than copying a pattern from an early tutorial, because that part of the standard has moved the most since launch.

The useful mental model to leave with: an API is a contract two developers agreed on ahead of time. MCP is that same contract, described in a way a model can read and act on without a developer being in the loop for every new pairing. You are not learning a new way to build backends. You are learning a new way to describe the one you already built.

Sources