8 min read

MCP Server Tutorial: Complete Beginner's Guide

This beginner's guide covers MCP protocol fundamentals, transport layer tradeoffs, and production-ready setup steps for AI tool integrations. It also breaks down hosting options, common security risks, and the July 2026 stateless spec shift that impacts remote server deployments.

Featured image for "MCP Server Tutorial: Complete Beginner's Guide"

Over 10,000 public MCP servers are now available, and the protocol hit 110 million monthly SDK downloads in April 2026 alone. Yet most tutorials skip the part that actually matters: understanding what you’re connecting to, why the transport layer determines your hosting options, and where the real costs hide. This guide covers the protocol fundamentals, setup walkthroughs, and the operational tradeoffs that separate a working demo from something you’d actually trust in production.

What MCP Actually Solves

The an open standard from Anthropic that standardizes how AI applications connect to external tools and data sources — the official analogy being a USB-C port for AI applications. Before MCP, every AI tool that wanted to talk to your database, your filesystem, or your Slack workspace shipped a bespoke integration. N tools times M apps meant N×M separate builds to maintain. MCP collapses that to one standard port.

The protocol itself is JSON-RPC 2.0 over a transport layer. That transport decision — how your server communicates with clients — is where most of the practical complexity lives, and it’s the first thing you need to get right.

In December 2025, Anthropic donated MCP to the Agentic AI Foundation under the Linux Foundation, with Block and OpenAI as co-founders and AWS, Google, Microsoft, Cloudflare, and Bloomberg as member organizations. This matters because it means the protocol is no longer controlled by a single vendor — it’s infrastructure now, not a product feature.

The Three Transports: Where Your Server Actually Runs

MCP supports three transport modes, and each one implies a completely different hosting and security profile.

Stdio runs the MCP server as a local subprocess of the client. The client spawns your binary, communicates over stdin/stdout, and kills it on exit. Zero network surface, zero hosting cost. This is the default for local tools like filesystem access and local databases — you’ve seen it in every Claude Desktop config that looks like "command": "node", "args": ["./my-server.js"].

HTTP with Server-Sent Events (SSE) was the original networked transport. It requires a persistent running process, a public TLS URL, and a host that doesn’t kill long-lived connections. Here’s the catch most tutorials miss: serverless platforms with hard timeouts — Vercel Functions, Cloudflare Workers default tier — will close SSE streams after 10-60 seconds, making them unsuitable for SSE-based MCP servers. This transport is now deprecated for new remote deployments.

Streamable HTTP, introduced in the March 2025 spec update, merges SSE and POST into a single bidirectional endpoint. It supports stateless operation for serverless and edge deployments, which is why it’s the recommended transport for new remote MCP servers. Stateless mode means each request is self-contained — no session memory required. Stateful mode still needs a sticky backend.

The practical takeaway: if you’re building a new remote server in 2026, use Streamable HTTP. If you’re building a local tool, use stdio. SSE is legacy.

What an MCP Server Exposes: Tools, Resources, and Prompts

Every MCP server exposes three core capabilities to its clients:

  • Tools — callable functions the AI can invoke to perform actions (run a query, create a file, send a message)
  • Resources — read-only data the AI can fetch for context (a database row, a file’s contents, an API response)
  • Prompts — reusable parameterized prompt templates the AI can surface to users

Tools are what you’ll work with most. Resources matter when you want the model to reason about existing data without modifying it. Prompts are useful for standardizing recurring workflows — think “code review this PR” or “summarize yesterday’s tickets.”

For a deeper dive into the SDK and how to register these capabilities in code, our guides on building MCP servers in Python and building MCP servers in Node.js cover the implementation details.

Setting Up Your First MCP Server in Claude Desktop

Adding an MCP server to Claude Desktop requires editing a single JSON file. On macOS, it lives at ~/Library/Application Support/Claude/. On Windows, it’s in %APPDATA%\Claude\. You add a server entry specifying the command, arguments, and environment variables, then fully quit and reopen Claude Desktop to apply changes.

Here’s a minimal example for a local stdio server:

{
  "mcpServers": {
    "my-server": {
      "command": "node",
      "args": ["/path/to/my-server.js"],
      "env": {
        "API_KEY": "your_key_here"
      }
    }
  }
}

For Claude Code users, the process is simpler — the claude mcp add CLI command writes the configuration automatically without manual file editing.

Non-developers can install and configure MCP servers without writing code by editing the same claude_desktop_config.json file with a server entry that specifies the command, arguments, and required environment variables like API keys for services such as Brave Search. The key thing to understand: you’re not programming, you’re configuring. It’s the same mental model as adding a new account to your email client.

Hosting Remote Servers: Free Options and Their Limits

When you need your MCP server accessible over the network — for team access, multiple clients, or cloud-based AI assistants — you’ll need hosting. Several platforms offer free tiers in 2026:

PlatformLanguageFree TierDeploy MethodBest For
Cloudflare WorkersTypeScript / JS100K req/dayCLI (wrangler)Edge performance, global scale
Vercel FunctionsTS / JS / PythonHobby tier (100 GB-hrs)Git push / CLINext.js teams, preview deploys
FastMCP CloudPython (FastMCP)Free personal tierfastmcp deployPython developers, one-command deploy
mcphosting.ioPython / Node.jsTotally freeGitHub integrationZero-config, beginners
AWS LambdaAny1M req/month freeSAM / CDK / CLIEnterprise, existing AWS infra

All of these platforms use Streamable HTTP transport, which is the standard for remote MCP. But free tiers come with real constraints. One developer with three months of production MCP hosting experience reported that Heroku Free Dynos sleep after 30 minutes of inactivity, leading to 10-30 second wake-up times and occasional connection failures, provide only 550 hours of free runtime per month (roughly 18 days of 24/7 uptime), and use an ephemeral filesystem that deletes locally stored data on dyno restart.

The pattern here: free hosting works for development and low-traffic personal tools. It breaks down when you need reliability. Serverless platforms impose cold starts, connection timeouts, and resource limits that make stateful or latency-sensitive MCP workloads painful.

The Security Landscape: Why Auth Is the Hard Part

MCP’s ease of server creation has outpaced the security tooling needed to run it safely. Researchers disclosed 30+ MCP-related CVEs in the first four months of 2026, including a CVSS 9.6 remote code execution vulnerability in the mcp-remote tool. That’s not a theoretical risk — that’s a critical vulnerability in a widely-used component.

The auth story is evolving fast. On June 18, 2026, the Model Context Protocol promoted Enterprise-Managed Authorization (EMA) to stable, enabling zero-touch SSO for MCP server access via enterprise identity providers like Okta. This eliminates the per-user OAuth consent flows that blocked large-scale enterprise adoption — previously, every employee had to manually authenticate to every MCP server individually, which doesn’t scale.

For smaller teams, the auth burden is still real. Our MCP authentication security best practices guide covers the current recommendations, including why public MCP servers still have no authentication at all.

The Stateless Spec Shift: July 2026 Changes Everything

The incoming July 28, 2026 MCP specification update will make the protocol stateless by removing the initialize handshake and session header, enabling vanilla load balancing and simplified serverless deployment. This is a significant architectural shift.

Here’s why it matters: today, many MCP servers rely on session state to track context across requests. The stateless spec forces developers to externalize that state into Redis, databases, or other stores. For simple tools, this is fine. For complex workflows — personal knowledge bases, multi-step automation, anything requiring session memory — it adds complexity, cost, and latency.

If you’re building a new MCP server now, design for stateless operation. Store session data externally if you need it. Assume the July spec will be the baseline by the time you ship.

The Shadow MCP Problem

Enterprise environments have 3–10 times more unapproved MCP servers deployed than IT expects. This is the new Shadow IT — developers connecting AI agents to internal tools without security review, audit trails, or access controls.

The EMA extension addresses this by centralizing server approval through identity providers. But governance is still fragmented. There’s no standard mechanism for patching the 30+ CVEs disclosed this year, no universal audit logging, and no built-in way to discover what your team is actually running.

If you’re operating at scale, assume you have more MCP servers than you know. Inventory them before someone else does.

Should You Build or Use Pre-Built?

For most teams in 2026, the answer is: use pre-built. The official registry tracks thousands of community-built servers covering databases, APIs, browsers, and developer tools. Make’s MCP server, for example, is included on all Make plans at no additional cost, including the $0 Free tier with 1,000 monthly credits.

Building custom makes sense when you have specialized internal tools, strict data sovereignty requirements, or high-stakes use cases where you need full control over tool logic and security. For everything else — standard SaaS integrations, common developer workflows, personal productivity — the operational cost of self-hosting (security patching, hosting maintenance, auth management) far exceeds the marginal value of custom tooling.

Our guide on building an MCP server for your SaaS product breaks down the real cost structure: authentication, multi-tenant isolation, and compliance infrastructure make up most of the work. The protocol itself is the cheapest part.

Getting Started This Weekend

If you’re new to MCP, here’s a practical path forward:

  1. Start with stdio and Claude Desktop. Install a pre-built server like Brave Search or GitHub using the config file approach. Get comfortable with how tools appear in your client.
  2. Evaluate your hosting needs. If it’s just you, local is fine. If you need team access, pick a Streamable HTTP host with a free tier and test it.
  3. Design for stateless operation. Even if you’re using the current stateful spec, externalize session data now. The July spec will thank you.
  4. Audit what you have. If you’re in an enterprise, assume Shadow MCP exists. Start inventorying before it becomes a security incident.

MCP is infrastructure now — not a product feature, not a vendor lock-in play, but the plumbing that connects AI agents to the tools you already use. Treat it with the same operational rigor you’d give any other infrastructure component, and it’ll reward you. Treat it as a weekend hack, and you’ll be debugging connection timeouts at 2 AM.