Learning how to build an MCP server is the fastest way to give an AI model real capabilities in 2026 without writing per-model integration code. Model Context Protocol is the open standard that lets one tool server talk to any compatible client. The good news: a working server is a couple of hours of work. The honest news: the tricky parts are transport choice and security, not the code.
What changed in 2026
MCP started as an Anthropic project in late 2024, and by 2026 it is the default way AI apps expose tools. The big shift this year is transport. The old HTTP+SSE setup was replaced by streamable HTTP, which is simpler to host and handles reconnects and resumable streams better. If you are following a tutorial that mentions a separate SSE endpoint, it is dated — verify against the current spec before you copy it.
The other change is reach. Claude Desktop, Claude Code, Cursor, and ChatGPT all speak MCP now, so a server you write is portable across clients instead of locked to one vendor. Registries and one-click installs also matured, which means discoverability is real but so is the risk of installing someone else's unvetted server.
The three pieces you actually build
An MCP server exposes up to three primitives. Most servers only use the first.
- Tools — functions the model can call to do things: query a database, hit an API, write a file.
- Resources — readable data the model can pull in, like files or records.
- Prompts — reusable prompt templates the client can inject.
Start with Tools. Resources and Prompts are nice later, but they are not where the value is on day one.
Pick your transport first
This decision shapes everything else, so make it before you write code.
| Transport |
Where it runs |
Auth |
Best for |
Watch out for |
| stdio |
Local child process of the client |
Inherits your machine |
Desktop tools, personal automation |
Any stray stdout print corrupts the protocol |
| Streamable HTTP |
Remote server or container |
OAuth / bearer token |
Multi-user, hosted, team tools |
You own auth, rate limits, and the attack surface |
If you are building a personal tool for Claude Desktop, use stdio. If it needs to run in the cloud or serve more than one person, use streamable HTTP and treat it like any public API.
Build a minimal server
The Python SDK gets you to a running tool fastest. Install it, then define one tool:
pip install "mcp[cli]"
from mcp.server.fastmcp import FastMCP
import httpx
mcp = FastMCP("github-issues")
@mcp.tool()
async def get_open_issues(owner: str, repo: str) -> str:
"""Fetch open issues for a GitHub repo."""
url = f"https://api.github.com/repos/{owner}/{repo}/issues?state=open"
async with httpx.AsyncClient() as client:
r = await client.get(url)
return r.text
if __name__ == "__main__":
mcp.run() # stdio by default
The docstring becomes the tool description the model reads, and the type hints become the input schema. That is most of the work. To serve it over HTTP instead, run it with the streamable HTTP transport rather than stdio.
Register it with a client by pointing the config at your command:
{
"mcpServers": {
"github-issues": { "command": "python", "args": ["/path/to/server.py"] }
}
}
Restart the client and the tool shows up in conversations.
Test it before you trust it
Do not debug through the AI client. Use the MCP Inspector (npx @modelcontextprotocol/inspector) to list tools, call them with sample arguments, and read raw responses. It catches schema mistakes and malformed output in seconds.
One rule that trips up nearly everyone on stdio: never write to stdout. A stray print() or console.log injects garbage into the protocol stream and the connection dies. Log to stderr only.
Security and what to skip
The model generates tool arguments, so treat every argument as untrusted input. Validate paths, escape queries, and scope credentials tightly. For HTTP servers, add real auth from the start and rate-limit expensive tools.
Skip building your own protocol layer or a mega-server that does everything. Skip installing random third-party MCP servers you have not read, especially ones that touch your filesystem or shell. And skip exposing destructive actions (delete, send money, deploy) without an explicit confirmation step, because a confused model will eventually call them.
FAQ
Do I need TypeScript or can I use Python?
Either. Both have official, well-maintained SDKs. Python's FastMCP is the quickest start; TypeScript fits if your stack is already Node.
Does my server work with ChatGPT and Cursor too?
Yes. That is the point of MCP. A compliant server runs across any MCP client without changes, though each client has its own config location.
stdio or HTTP for my first server?
stdio if it runs on your own machine for you. Streamable HTTP the moment it needs to be remote or shared. Do not start with HTTP just because it sounds more serious.
How do I add authentication?
For HTTP transports, MCP supports OAuth-based auth. Wire it in early rather than bolting it on, and never ship a token-free public server. Verify the current auth spec, since it is still evolving.
Where to go next
Once your server works, see which tools deserve one in AI coding agents ranked for 2026, understand when tools beat retrieval in AI agents vs RAG in 2026, and explore where this is heading with AI browser agents in 2026.