Transports
Transport Overview
Overview of transport mechanisms available in MCP Framework
Transport Overview
MCP Framework supports multiple transport mechanisms for communication between the client and server. Each transport type has its own characteristics, advantages, and use cases.
Available Transports
The framework currently supports the following transport types:
- STDIO Transport: The default transport that uses standard input/output streams
- HTTP Stream Transport: Streamable HTTP transport that implements the MCP 2025-11-25 specification
- SSE Transport: DEPRECATED - Server-Sent Events based transport that has been replaced by HTTP Stream Transport
Comparison
| Feature | STDIO Transport | HTTP Stream Transport | SSE Transport (Deprecated) |
|---|---|---|---|
| Protocol | Standard I/O streams | HTTP/SSE | HTTP/SSE |
| Connection | Direct process communication | Network-based | Network-based |
| Authentication | Not applicable | Supports JWT, API Key, and OAuth 2.1 | Supports JWT, API Key, and OAuth 2.1 |
| Session Management | Not applicable | Built-in | Limited |
| Resumability | Not applicable | Supported | No |
| Host Binding | Not applicable | Configurable (default: localhost) | Configurable (default: localhost) |
| Origin Validation | Not applicable | Supported (allowedOrigins) | Supported (allowedOrigins) |
| Use Case | CLI tools, local integrations | Web applications, distributed systems | Legacy systems |
| Configuration | Minimal | Highly configurable | Configurable |
| Scalability | Single process | Multiple clients | Multiple clients |
| MCP Specification | Compliant | 2025-11-25 compliant | Legacy (2024-11-05) |
Choosing a Transport
Choose your transport based on your application's needs:
-
Use STDIO Transport when:
- Building CLI tools
- Need direct process communication
- Working with local integrations
- Want minimal configuration
-
Use HTTP Stream Transport when:
- Building web applications
- Need network-based communication
- Require authentication or session management
- Want to support multiple clients
- Need resumable connections
- Need to scale horizontally
- Require compliance with latest MCP specification
-
Use SSE Transport only for:
- Legacy applications that depend on the older transport
Configuration
STDIO Transport (Default)
const server = new MCPServer();
// or explicitly:
const server = new MCPServer({
transport: { type: "stdio" }
});HTTP Stream Transport
const server = new MCPServer({
transport: {
type: "http-stream",
options: {
port: 8080, // Optional (default: 8080)
endpoint: "/mcp", // Optional (default: "/mcp")
responseMode: "batch", // Optional (default: "batch")
cors: {
allowOrigin: "*" // Optional CORS configuration
},
auth: {
// Optional authentication configuration
}
}
}
});SSE Transport (Deprecated)
const server = new MCPServer({
transport: {
type: "sse",
options: {
port: 8080, // Optional (default: 8080)
endpoint: "/sse", // Optional (default: "/sse")
messageEndpoint: "/messages", // Optional (default: "/messages")
auth: {
// Optional authentication configuration
}
}
}
});Transport Security Features
Both the HTTP Stream and SSE transports include security features introduced in MCP spec 2025-11-25:
- Host Binding: Servers bind to
127.0.0.1(localhost only) by default. Sethost: '0.0.0.0'to accept remote connections when deploying in Docker or cloud environments. - Origin Validation: Configure
allowedOriginsin thecorsblock to validate theOriginheader on every request, protecting against DNS rebinding attacks. Non-browser clients (without anOriginheader) are allowed through. See the individual transport pages for full configuration details.
For detailed information about each transport type, see:
- STDIO Transport
- HTTP Stream Transport
- SSE Transport (Deprecated)