Best Practices

The MCP Server is powerful — and like every powerful tool it benefits from a few habits that keep it secure, performant, and pleasant to use over time.

Security

  • One connection per human. Never share a single API key between multiple humans. Audit logs, rate limits, and approval routing depend on the connection being tied to one person.

  • Least privilege. Default to MCP User for end users. Grant MCP Administrator only to the small group that needs to create connections.

  • Tighten allowed tools. A connection that only ever reads CRM data has no business calling delete_record — add an Allowed Tools whitelist.

  • Use approvals for risky tools. delete_record, execute_method, send_test_email_template, stage_mass_mailing_from_template are perfect candidates.

  • Restrict IPs when possible. Office IP, VPN range, or data centre block on the connection’s IP allowlist makes a leaked key much less dangerous.

  • Rotate periodically. Pick a cadence (every 90 days works for most teams) and rotate connection keys on a schedule.

  • Revoke on departure. When an employee leaves, revoke their connections that same day.

  • Keep payload logging off by default. Turn it on only for a specific investigation, then turn it off again to avoid leaking sensitive data into audit history.

Performance

  • Default rate limits are usually fine. 60/minute and 10,000/day fit most interactive AI usage.

  • Cache friendly prompts. The MCP Server has an adaptive in-memory cache. Frequently-repeated calls (model lists, schemas, ontology lookups) extend their TTL automatically.

  • Choose Basic Search first. Smart Search is great when the question needs semantic understanding, but Basic Search is free, fast, and surprisingly good. Enable Smart Search only when you have long, prose-heavy documents.

  • Trim the Knowledge Layer. Exclude noisy mimetypes (image/*, video/*) and chatty internal models (mail.message). Smaller index = faster search.

  • Watch Audit Log volume. Lower the retention or payload logging if the table grows quickly. Don’t disable audit entirely — it’s your only forensic trail.

Connections & UX

  • Name connections meaningfully. “Cursor on Alice’s laptop” beats “API Key 3”. Future you will thank present you.

  • Use the Description field. Add why the connection exists, who to contact, and any quirks (“paused over the summer”).

  • Clean up idle connections. Sort the Connections list by Last used ascending. Anything idle for 90+ days is usually safe to revoke.

  • Use Shared Pages with a Field Allowlist. Public URLs are easy to leak. Limit what the public viewer can see to exactly the fields they need.

Tools & Workflow

  • Customise tool descriptions sparingly. The seeded descriptions teach the AI how to use the tool — including safety rails. Edit them only when the AI consistently misbehaves.

  • Deactivate tools you do not use. A smaller catalog is a faster, easier-to-audit catalog.

  • Use dry-run aggressively. The AI is trained to use dry_run=true when the user’s request is ambiguous. Encourage end users to ask for a “preview first”.

  • Use prompt templates for recurring asks. A library of Prompt Templates beats everyone in your team improvising their own prompts.

Approvals

  • Pick a real approver. A bot or a “no one” approver defeats the purpose. Even a shared mailbox is fine — any MCP Administrator can act as well.

  • Use short Approval Expiry. 1–4 hours keeps the queue fresh. Stale approvals are an attack surface.

  • Record context. Use the Approver Note field whenever you approve something non-trivial — your future auditor will be grateful.

Governance over time

  • Monthly hygiene. Sort Connections, Sessions, and Shared Pages by Last used / Last viewed and revoke anything obviously dead.

  • Quarterly review. Re-examine the Tools that need approval lists per connection. Real-world usage usually reveals new candidates.

  • Annual audit. Pull the Audit Log for the year, filter to errors and high-risk tools, and review with your security lead.

Knowledge Layer

  • Name files well. “Vendor Contract — Acme.pdf” beats “doc_24.pdf” by a wide margin in any search mode.

  • Re-index after content updates. Replacing an attachment doesn’t automatically replace its chunks. Click Re-index on the source row.

  • Keep the master switch off in development. No need to burn embeddings credits on test data.

User onboarding

  • Walk a new user through the Connect a New Tool wizard the first time — it’s quicker than reading the docs.

  • Hand them the per-client setup snippet from the wizard’s Done step (Cursor JSON, Claude Code command, etc.).

  • Bookmark Advanced MCP Server FAQs for them.

See also