Reference Architecture
Enterprise MCP Governance via Azure APIM
AI agents speak Model Context Protocol. Your enterprise systems speak REST. Bridge the gap using the API gateway you already own, complete with Entra ID validation and Terraform deployment.
View on GitHub (Free) →Why use your existing gateway?
Skip the new procurement
Your enterprise already has an API gateway. It handles auth, rate limiting, audit logs, and network isolation. Your security team already approved it. It is significantly less risky to add MCP as another protocol than to deploy an entirely new "AI Gateway" stack.
Keep semantic routing separate
Some dedicated AI products offer semantic guardrails or prompt caching. Fine. Put them on the side. The core governance layer—securing access to your systems of record—should live in APIM. Do not rebuild it.
The Two Patterns
Depending on the API you are exposing, you will likely run both of these patterns simultaneously in production.
- 1.REST-as-MCP — APIM uses standard XML inbound policies and Liquid templates to translate JSON-RPC payloads into native REST calls. Your backend service remains completely unchanged. Perfect for stable CRUD enterprise apps.
- 2.Governed MCP Server — APIM sits in front of a dedicated .NET 9 MCP server, handling auth and observability. Use this when you need complex session state, multi-backend orchestration, or tool logic that doesn't fit neatly into a REST endpoint.
Topology Split
The APIM Front Door
- Entra ID token validation for tool calls.
- Context propagation via On-Behalf-Of flow.
- Rate limiting per session or consumer.
- Application Insights audit logging.
- Private Endpoint network isolation.
The Backend (Pattern 2)
- Tool registration and dynamic discovery.
- Session state management.
- Backend orchestration and composition.
Let's discuss the architecture.
Deploy everywhere with Terraform. If your team is evaluating Azure AI infrastructure, agent governance, or rolling out MCP, let's talk.