Production MCP: Authentication, Error Handling & Deployment — Building MCP Servers: Connect AI to Everything

# Production MCP: Authentication, Error Handling & Deployment

Beyond the Basics

A working MCP server is step one. A production MCP server needs authentication, error handling, rate limiting, and deployment infrastructure. This lesson covers the engineering that makes MCP servers reliable at scale.

Error Handling

Never let unhandled errors crash your server. Wrap every tool handler:

server.tool(
  "query_database",
  "Run a read-only SQL query",
  { query: z.string().describe("SQL SELECT query") },
  async ({ query }) => {
    try {
      // Validate: only allow SELECT queries
      if (!query.trim().toUpperCase().startsWith("SELECT")) {
        return {
          content: [{ type: "text" as const, text: "Error: Only SELECT queries are allowed." }],
          isError: true,
        };
      }
      const results = await db.query(query);
      return {
        content: [{ type: "text" as const, text: JSON.stringify(results, null, 2) }],
      };
    } catch (error) {
      return {
        content: [{ type: "text" as const, text: `Database error: ${(error as Error).message}` }],
        isError: true,
      };
    }
  }
);

Key patterns: - Validate inputs before executing (SQL injection prevention, path traversal, etc.) - Return `isError: true` so the AI knows the tool failed and can respond appropriately - Never expose stack traces to the client — log them server-side

Unlock this lesson

Upgrade to Pro to access the full content

What you'll learn:

Secure MCP servers with authentication and authorization
Implement robust error handling and input validation
Deploy MCP servers for remote access via HTTP/SSE transport

See pricing