3 insider tips for using the Model Context Protocol effectively

The Model Context Protocol (MCP) offers an extremely powerful way to connect LLMs with outside data sources. 

But using it effectively involves carefully reviewing MCP servers and picking the one that best meets your integration requirements.

To help you navigate this, I’ve broken down some best practices you can apply—based on our experience testing MCP servers and building one ourselves.

{{this-blog-only-cta}}

Review the MCP servers’ security controls

The LLM you use can easily confuse data types with one another, leading it to inadvertently share sensitive information to users.

For example, say you want to use a tool that can create employees in your HR software.

If your HR software labels the first name field “FN” and the last name field “SN” (short for surname), the LLM can accidentally mistake SN for social security number, leading it to write the employee’s social security number there. Any employee with access to the HR platform can then see the SSN.

To prevent security incidents like these from happening, adopt an MCP server that takes a few measures:

• Access control levels (ACLs): This only allows users to perform actions that fall within their level of permissions in the integrated application. In our example, if the employee wants to create a user, they wouldn’t be able to unless they’re an admin of the HR software

• Schema enforcement: A tool can define the parameters for specific fields, and any inputs that don't meet these parameters couldn’t get POSTed into an application 

Going back to our example, the tool can use the following input schema to ensure “sn” doesn’t include numbers:

‍{
  "name": "process_user_info",
  "description": "Processes user information including first name (fn) and surname (sn).",
  "inputSchema": {
    "type": "object",
    "properties": {
      "fn": {
        "type": "string",
        "description": "First name of the user"
      },
      "sn": {
        "type": "string",
        "description": "Surname of the user",
        "pattern": "^[a-zA-Z-]+$"
      }
    },
    "required": ["fn", "sn"]
  }
}

Related: How MCP works

Learn how the MCP servers manage integrations

If you use MCP to support product integrations, you’ll probably still be responsible for:

• Handling API providers’ unique requirements, which includes incorporating rate limiting strategies like exponential backoff, retries, and pagination

• Dealing with the complexities of syncing data, whether that’s managing computational resources at scale efficiently or ensuring data consistency across distributed systems

• Implementing and updating authentication flows (OAuth 2.0, API keys, etc.) and onboarding instructions

• Handling errors gracefully and ensuring end users get instructions on fixing issues related to permissions and authentication

• Defining and maintaining normalized data models across categories (e.g., CRM, file storage, ticketing) to ensure your LLM generates reliable, non-sensitive, and accurate outputs

All of this work is extremely time intensive for your engineers, and if you’re looking to implement several integrations, this workload only grows exponentially.

To address this, look for MCP servers that offer ongoing support for their integrations. 

Merge, for instance, offers Merge MCP, a server that not only facilitates access to customers’ applications but also fully maintains and enhances these integrations over time—from data normalization to auth handling—so your engineers don’t have to.

Related: How MCP compares with APIs

Assess the MCP servers’ tools carefully

Your LLM can easily perform the wrong action if the MCP server’s tools aren’t descriptive, comprehensive, and unique from one another.

To help you assess the quality of an MCP server’s tools, look for:

• Detailed names and descriptions: Each tool should have a unique name that explains its function clearly and a description that highlights what the tool does, what its purpose is, and the specific action(s) it takes. The same goes for the tool’s parameters
  

• Explicit parameter requirements: The tools should use JSON Schema to define each parameter, including specifying the data types, required fields, and constraints to ensure inputs are validated and correctly formatted
  

• Clear examples: While this isn’t necessary, providing sample inputs and expected outputs can help clarify how a tool works
  

• Robust error handling and validation: Check to see if the schema uses strict validation to ensure all inputs conform to the defined schema. This prevents errors and enhances reliability

Start using Merge MCP in a matter of minutes

Merge MCP is now available to every user across our plans!

Through Merge MCP, you’ll have access to all of our integrations and endpoints, Integration Observability tooling, advanced syncing features (e.g., Field Mapping), and more to help your LLM access customer data securely, quickly, and reliably.

Best of all, Merge MCP is incredibly easy to adopt.

Simply copy this code to your MCP client configuration to start using it today.

{
  "mcpServers": {
    "merge-mcp": {
      "command": "uvx",
      "args": ["merge-mcp"],
      "env": {
        "MERGE_API_KEY": "xxxxxxx",
        "MERGE_ACCOUNT_TOKEN": "xxxxxxx"
      }
    }
  }
}

{{this-blog-only-cta}}