daBongo LMS AI Training Courses

Model Context Protocol – Advanced Patterns for Production

Lesson 4: Transport Mechanisms for Production

Lesson Objectives

By the end of this lesson, students should be able to:

  • Apply the transport selection criteria for stdio vs. HTTP/SSE
  • Implement an HTTP/SSE transport server
  • Add authentication to a remote MCP server
  • Choose the right transport for their deployment topology

Lesson Content

Transport selection criteria.

| Factor | stdio | HTTP/SSE | |——–|——-|———-| | Deployment | Local, same machine as host | Remote or shared infrastructure | | Multiple clients | One client (child process model) | Multiple simultaneous clients | | Authentication | OS process permissions | Explicit (bearer token, mTLS) | | Latency | Lowest (IPC) | Higher (network) | | Complexity | Lower | Higher | | Production infrastructure | Limited | Full (load balancing, health checks) |

Default choice: stdio for personal tools and development. HTTP/SSE for production servers, shared organizational tools, and remote deployments.

HTTP/SSE server implementation (Python pattern).

“`python from mcp.server.sse import SseServerTransport from starlette.applications import Starlette from starlette.routing import Route, Mount

sse = SseServerTransport("/messages/")

async def handle_sse(request): async with sse.connect_sse(request.scope, request.receive, request._send) as streams: await app.run(streams[0], streams[1], app.create_initialization_options())

starlette_app = Starlette(routes=[ Route("/sse", endpoint=handle_sse), Mount("/messages/", app=sse.handle_post_message), ]) “`

Run with an ASGI server (uvicorn). Verify current HTTP/SSE implementation patterns at modelcontextprotocol.io/sdk.

Authentication for remote servers.

Remote MCP servers should require authentication. Common patterns:

  • Bearer token: Client includes an Authorization header; server validates the token before accepting the connection
  • mTLS (mutual TLS): Both client and server present certificates; appropriate for server-to-server deployments

For Claude Code connecting to a remote server, configure the bearer token in the MCP server configuration entry. The client includes it on every connection.

Health checks and load balancing.

HTTP/SSE servers integrate with standard infrastructure:

  • Add a /health endpoint that returns 200 when the server is ready
  • Configure load balancer health checks against /health
  • Use standard HTTP monitoring for server availability

stdio servers have no HTTP surface – health checking must be via process monitoring.

Practical Example

A developer moves a team's shared MCP server from individual developer stdio instances to a shared HTTP/SSE deployment.

Benefits: one server process, multiple simultaneous client connections, centralized updates (update the server once, all clients get the new version), and integration with the team's existing infrastructure monitoring.

She adds bearer token authentication, a /health endpoint, and configures the load balancer.

The stdio configuration each developer ran on their laptop is replaced by a URL and token in each developer's Claude Code config.

Safety Notes

Remote MCP servers accept connections over the network – they require proper authentication, TLS encryption in transit, and appropriate network access controls. An unauthenticated MCP server accessible on the network is an open execution endpoint for any attacker who can reach it. For production deployments, require authentication, use HTTPS, and restrict network access to authorized clients only.

Log in and enroll to access lesson quizzes.

Scroll to Top