Skip to main content
This guide walks you through deploying and verifying Golf Gateway connected to your Control Plane. By the end, you’ll have a working gateway that securely routes MCP traffic between your client and server.

What you’ll learn

  • How Golf Gateway sits between MCP clients and servers
  • How to create a gateway in the Golf Control Plane
  • How to deploy the gateway with Docker
  • How to verify traffic is flowing through the gateway

Before You Begin

Before starting, make sure you have:
  • Docker and Docker Compose (optional) installed
  • An MCP client (Claude Desktop, Cursor, or similar)
  • Access to your organization’s Golf Control Plane
  • 20 minutes
1

Log In to the Control Plane

Navigate to your organization’s Golf Control Plane and log in with your credentials.Enterprise customers receive their Control Plane URL and credentials during onboarding. If you don’t have access yet, contact your organization’s administrator.Checkpoint: You can see your organization’s Control Plane after logging in.
2

Create Your First Gateway

From the Control Plane, create a new gateway:
  1. Click Add Gateway in the top navigation
  2. Enter a name for your gateway (e.g., my-first-gateway)
  3. Select your deployment region
  4. Click Create Gateway
After creation, the Control Plane displays your gateway’s credentials:
  • Gateway ID: A unique identifier for your gateway
  • API Key: The secret key used to authenticate the gateway
Copy and save your API key now. It is only shown once and cannot be retrieved later.
Checkpoint: Your gateway appears in the Control Plane with a Pending status.
3

Deploy the Gateway with Docker

Create a docker-compose.yml file with the following content:
docker-compose.yml
version: "3.8"
services:
  redis:
    image: redis:7-alpine
    ports:
      - "6379:6379"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3

  golf-gateway:
    image: ghcr.io/golf-mcp/golf-gateway-backend:latest
    ports:
      - "8080:8080"
    environment:
      GOLF_GATEWAY_ID: <your-gateway-id>
      GOLF_GATEWAY_API_KEY: <your-api-key>
      GOLF_GATEWAY_CONTROL_PLANE_URL: https://api.golf.dev
      GOLF_CACHE_REDIS_URL: redis://redis:6379/0
    depends_on:
      redis:
        condition: service_healthy
Replace <your-gateway-id> and <your-api-key> with the values from the previous step.Start the gateway:
Terminal
docker compose up -d
Verify the gateway is healthy:
Terminal
curl http://localhost:8080/health
Expected response:
{"status": "healthy", "redis": "ok", "redis_circuit_breaker": "closed", "database": "ok", "upstreams": "1 configured", "http_client": "ok"}
Checkpoint: The health check returns healthy and your gateway shows Active in the Golf Control Plane.
4

Add an MCP Server

Now configure an MCP server to route traffic through your gateway:
  1. In the Control Plane, click MCP Servers in the sidebar
  2. Click Add Server
  3. Fill in the server details:
    • Name: A descriptive name (e.g., “Demo Server”)
    • URL: The MCP server endpoint (e.g., https://demo.mcp.run/sse for testing)
    • Description: Optional description of what the server provides
  4. Select which gateway should route to this server
  5. Select the Server Type:
    • In-House: Your organization’s MCP servers
    • Third Party: External vendor MCP servers
  6. Click Save
Checkpoint: The server appears in your servers list.
5

Connect Your MCP Client

The Control Plane generates client-specific connection instructions for you:
  1. Navigate to the server you just added
  2. Click Connection Instructions
  3. Select your MCP client (Claude Desktop, Cursor, Windsurf, etc.)
  4. Copy the generated configuration
  5. Add it to your client’s configuration file
  6. Restart your MCP client
Checkpoint: After restarting your client, tools from the MCP server appear in your client’s available tools.
6

See Security in Action

Now test that traffic flows through your gateway with security analysis:
  1. In your MCP client, use one of the tools from the connected server
  2. Return to the Control Plane
  3. Navigate to Logs & Sessions in the sidebar
  4. Find your recent session
You’ll see:
  • The request and response details
  • Security analysis results (threat score)
  • User and session information
  • Timing and performance data
Checkpoint: You can see your request in the logs with security analysis attached.

Next Steps

Now that you have a working gateway, learn how to enhance its security:

Configure PII Scrubbing

Mask sensitive data in logs automatically

Set Up Access Control

Control who can access which servers

Export Audit Logs

Send logs to your SIEM for compliance

Configure SSO

Add OAuth/OIDC authentication
For a deeper understanding of the concepts: