AI Build · 2026

A secure MCP gateway for marketing data

A digital marketing agency needed a single, secure server that would let its whole team use AI assistants to pull live data from Google Search Console, Google Business Profile, and Google Analytics — replacing fragile per-laptop setups with one access-controlled gateway, protected by two independent layers of authentication. I designed and built it, then handed it off documented and reproducible.

1

Hosted gateway

3

Isolated connectors

2

Independent auth layers

0

Credentials on laptops

One hosted home for the team's reporting tools, reachable by everyone (and the occasional outside consultant) — and locked down so only authorized people can ever reach client data.

The challenge

A tool on every laptop, a credential on every laptop.

The agency's team increasingly relied on AI assistants to pull reporting data from clients' Google marketing accounts. But the tools that connected the AI to that data — MCP servers — had to be installed and individually authenticated on each person's laptop. That created three problems.

The solution

One encrypted address. Two layers that should never be conflated.

We built a centralized gateway on a private server, with each tool isolated in its own container behind a single encrypted web address. The architecture separates two concerns that are easy to confuse — identity (who may use the server) and data permission (what the server may read).

A reverse proxy terminates HTTPS and routes traffic; a lightweight authorization gate enforces the OAuth 2.1 login on every request before any connector runs. The result is a clean data flow: a team member asks their AI assistant a question → the request hits one secure address → it's checked for a valid login → it's routed to the right connector → the connector uses its stored Google permission to fetch the data → the answer returns the same way.

Identity providerWorkOS AuthKitGoogle SSO · invite-onlyvalidates loginTeam memberAI assistantHTTPSone addressPrivate VPS · firewall 443 + adminDocker hostReverse proxy · TLSCaddyOAuth 2.1Auth gateroutes when authorizedMCP connectorSearch ConsoleMCP connectorBusiness ProfileMCP connectorAnalyticsown credential · on-server onlyGoogle APISearch ConsoleGoogle APIBusiness ProfileGoogle APIAnalyticsIdentity — who may use the serverData permission — what it may read

Identity is handled by a managed provider with Google sign-in and an invite-only policy. Each connector holds its own Google credential, authorizing it to read only its one service — and those credentials live only on the server, in locked-down files, never in shared code.

The separation

Who may use it, and what it may read, are different questions.

Technical highlights

Standards at the front door, depth behind it.

A note on real-world problem-solving

Two issues that proved the value of clean separation.

A recurring credential expiry on one connector was diagnosed not as a server fault but as a Google project still in “testing” mode — a configuration fix, not a code one. And when an initial approach to instant revocation hit a limitation in how the tokens were scoped, we chose the proven, reliable pattern over a brittle workaround.

Because identity and data-permission were kept as distinct layers, each problem was isolated and resolved without destabilizing the rest of the system.

The outcome

A gateway the team operates, not a setup they babysit.

Stack: Ubuntu VPS · Docker · Caddy (reverse proxy + automatic TLS) · Python MCP servers (Search Console, Business Profile, Analytics) · WorkOS AuthKit (OAuth 2.1 + Google sign-in) · Let's Encrypt · Google APIs.

Build one for your org

Give AI access to your data without scattering the keys.

If your team is wiring AI assistants into live client data one laptop at a time — or you want one access-controlled place that AI clients can reach without the credentials ever leaving your server — that's the conversation. Thirty minutes, and I'll come with a point of view.

Or write me directly: hello@joekim.info