Gateway

One managed exchange layer between AI and your MSP stack.

MSPlex is not just a collection of connectors. The gateway is the product boundary that handles routing, connector auth state, and tenancy proof so AI can operate against real MSP systems without each workflow building its own infrastructure.

Talk to the team View full Experience page

Architecture

The gateway is the control plane, not just a pass-through.

gateway-cli

$ msplex connect halopsa --tenant acme

-> Gateway session ready

$ msplex status

-> Control plane: operational

-> Current build: 5 connectors

-> Endpoint: https://msplex.ai/mcp/v1/acme-corp

Enforcement chain

Before a tool runs, the gateway clears the request.

A tool call does not go straight to a connector. The gateway validates identity, entitlements, policy, and execution state first, which is why the exchange is useful as an operational control plane instead of just a transport layer.

POST /mcp -> tools/call

Identity

1Auth

Authenticate principal

2Tenant

Resolve tenant context

3Customer

Resolve customer context

Entitlements

4Snapshot

Load entitlement snapshot

5Subscription

Verify subscription status

6Connector

Verify connector entitlement

7Readiness

Verify instance readiness

Policy

8Policy

Evaluate tool policy and RBAC

9Quota

Check quota and overage

10Approval

Check approval requirement

Execution

11Dispatch

Dispatch to worker

12Audit

Write audit and metering

13Response

Return response

The connector never sees the request until the full enforcement chain clears.

What the gateway owns

The exchange becomes useful when it carries the operational burden.

Auth stays in the exchange

The gateway owns token refresh, connector auth state, and the boundary between AI clients and production systems.

One route layer, many tools

Routing logic lives in one place, so AI clients do not need custom point-to-point integrations for every MSP system.

Tenant proof travels with the call

Every request carries tenant proof and stays inside a boundary that is easier to reason about than scattered MCP glue.

Evaluation rules

A better gateway review ties architecture to rollout reality.

Map the first workflow

Start by identifying which systems the first workflow must touch and whether the current build already covers them.

Review the gateway in context

Keep the gateway conversation tied to trust review, connector fit, and rollout timing instead of treating it as abstract architecture.

Choose a durable control plane

Use the gateway as the control boundary for production AI workflows rather than letting each agent invent its own connector logic.

Review next

Pair the gateway page with trust and connector fit.

Review next

Security Connector Guidance

Practical note

The gateway matters because it becomes the operational contract between AI workflows and production systems. That contract should be understandable before rollout begins.

Need the gateway explained against your current stack?

Bring the tools you want AI to reach, the trust constraints you need to preserve, and the rollout timeline you are targeting.

Talk to the team Return to Resources