Skip to content

MCP server: code-route vs hosted, and the fine print

The detail behind the MCP server page — the one share choice that shapes everything, what a hosted URL exposes, and how logins work. Pull this up when you're deciding how to hand it over.

Last verified: 2026-06-07 · checked against modelcontextprotocol.io and the Claude Code MCP docs · Confidence: high on the two share shapes, the access model, and the auth options.

The one choice: code others run, vs a URL you host

Same connector, swap one line, and the share changes — not the tool. [confirmed]

  • Code route — they download and run it, they bring their own key, their agent reaches their own system. Nothing of yours is online.
  • Hosted route — you run one copy online, you hold the key, they reach your live data through a login on the URL.

Pick the code route when each recipient has their own system to point at; pick the hosted route when you want them all to reach one shared live source you control.

A hosted MCP URL is a live front door

Treat a hosted server like any service running online: it's a live entry point to whatever the tool can reach. [confirmed]

  • Keep secrets host-side — your database password and API key stay on the host, never in the shared config. [confirmed]
  • Add a login if it touches anything sensitive — anything you wouldn't post publicly should sit behind the gate.
  • A connector is not a hand-over of the system. It exposes only the abilities you named"search grants", "file a ticket" — not your raw database or endpoint. Recipients can do exactly what your tools allow, which is the point. [confirmed]

How the login works

Hosted servers use standard HTTP auth — no custom scheme to learn. [confirmed]

  • A sign-in (OAuth) the recipient approves once, or
  • A bearer token you hand them.

To cut someone off: rotate the token or drop them from the allowlist — their agent's next call fails. A copy of the code they already downloaded stays theirs, but it can't reach your hosted system once the token's dead. [estimate]

What connecting takes, route by route

One line either way — "connect this MCP server to my agent" — floor ~2–4 min if they already have an agent. The two routes differ in what the recipient needs on hand: [estimate]

  • Code route — they run the repo locally, supply their own key, and need the runtime it's written in (Python or Node); their agent approves the connector once. They pay nothing. [confirmed]
  • Hosted route — they add your URL — no download, no runtime, no key on their side — and approve the login if there is one. You run the service; a sleep-to-zero host keeps that near $0. [confirmed]

Either way, their agent then calls the ability in plain language as part of its own work ("search grants for climate") — you never demo it by hand.

Where the data lives

  • The connector's code lives on GitHub.
  • A hosted server runs on whatever host you put it on (e.g. Fly), which then holds your live data and keys.
  • The agents calling it run on their own provider — Anthropic for Claude.

Can you trust the company?

Sources