|
|
|
|
|
|
by james_marks
212 days ago
|
|
|
MCP is not just providing an API, it’s providing a client that uses that API. And it does so in a standard way so that my client is available across AI providers. My users can install my client from an ordained URL without getting phished, or the LLM asking them to enter an API key. What’s the alternative? Providing a sandbox to execute arbitrary code and make API calls? Having an LLM implement OAuth on the fly when it needs to make an API call? MCP has a place. |
|
|
It does just provide an API. Your client may have a way to talk to some software via MCP protocol. You know, like a client can talk to a server exposing an endpoint via an API.
> And it does so in a standard way so that my client is available across AI providers.
As in: it's an API on a port with a schema that a certain subset of software understands.
> What’s the alternative? Providing a sandbox to execute arbitrary code and make API calls?
MCP is a protocol. It couldn't care less what you do with your "tool" calls. Vast majority of clients and servers don't run in any sandbox at all. Because MCP is a protocol, not a docker container.
> Having an LLM implement OAuth on the fly when it needs to make an API call?
Yes, MCP has also a bolted-on authorisation that they didn't even think of when they vibe-coded the protocol. And at least finally there was some adult in the room that said "perhaps you should actually use a standardised way to do this". You know, like all other APIs get OAuth (and other types) of authorisations.