MCP Gateway Positioning
A common question when evaluating STOA: "How does this relate to AI provider billing? Aren't tokens already managed by Claude/OpenAI?"
This page clarifies exactly what STOA MCP Gateway manages and its relationship to AI providers.
The Two Layersβ
| Layer | Who Manages | What's Measured | Billing Model |
|---|---|---|---|
| AI Provider | Anthropic, OpenAI, etc. | Tokens consumed | Pay per token |
| MCP Gateway (STOA) | Your organization | Tool invocations | Pay per request |
Key Insight
These are different things. STOA doesn't re-bill tokens β STOA bills tool invocations and provides governance.
What STOA MCP Gateway Doesβ
1. Governance & Policy Enforcementβ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Agent (Claude) β
β β β
β calls tool β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β STOA MCP Gateway β β
β β βββββββββββ βββββββββββ βββββββββββββββββββ β β
β β β OPA β β Audit β β Rate Limiting β β β
β β β Policiesβ β Trail β β per tenant β β β
β β βββββββββββ βββββββββββ βββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β forwards to β
β βΌ β
β Backend Service β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- OPA Policies: Fine-grained authorization per tool, per user, per tenant
- Audit Trail: Complete log of who called what tool, when, with what parameters
- Rate Limiting: Control usage per team, per application, per user
2. Multi-Tenancy & Isolationβ
- Tenant Isolation: Each team/department sees only their authorized tools
- Quotas: Set limits per tenant (e.g., "Marketing team: 10,000 calls/month")
- Dashboards: Usage analytics per team, cost allocation
3. Unified Catalogβ
βββββββββββββββββββββββββββββββββββββββββββ
β STOA Developer Portal β
βββββββββββββββββββββββββββββββββββββββββββ€
β REST APIs β MCP Tools β
β ββββββββββββ β ββββββββββ β
β β’ Payment API β β’ create_invoice β
β β’ User API β β’ search_orders β
β β’ Product API β β’ generate_report β
βββββββββββββββββββββββββββββββββββββββββββ
Same portal, same subscription,
same governance
4. Developer Experienceβ
- Subscribe: One-click subscription to tools
- Test: Try tools directly from the portal
- Monitor: Real-time usage, latency, error rates
- API Keys: Secure key management with 2FA
What STOA Does NOT Doβ
Not in Scope
These are explicitly not part of STOA's value proposition:
| β We Don't | Why |
|---|---|
| Re-bill Claude/OpenAI tokens | That's the AI provider's job |
| Intercept LLM responses | Privacy concern, adds latency |
| Create a "Claude API wrapper" | No value-add, just complexity |
| Count tokens in responses | Already done by the provider |
The Value Equationβ
Without STOA MCP Gateway:
- AI agents call tools directly
- No visibility into usage
- No governance
- No multi-tenant isolation
- Each team manages their own tool access
With STOA MCP Gateway:
- Centralized tool catalog
- Policy-as-Code governance
- Complete audit trail
- Usage analytics & cost allocation
- Self-service developer portal
Summaryβ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β AI Provider (Claude, OpenAI, etc.) β
β βββ Manages: Tokens, reasoning, generation β
β βββ Bills: Per token consumed β
β β
β STOA MCP Gateway β
β βββ Manages: Tool access, governance, multi-tenancy β
β βββ Bills: Per tool invocation (optional) β
β β
β Your Backend Services β
β βββ Execute: Business logic, data access β
β βββ Own: Your data, your APIs β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
STOA is the governance layer between AI agents and your enterprise tools.