Skip to main content
Private BetaContact us to get set up.
External MCP servers are operated by third parties—SaaS vendors, public APIs, services outside your control. Users connect through OAuth, granting the Tool Hub permission to call tools on their behalf.

The difference from internal

With internal MCP servers, you control the code. You trust it. The identity exchange gives the server a scoped token, and you’re confident it will use that token appropriately. External servers are different. You don’t control the code or deployment. You don’t know what the server does with the data it receives. Additional safeguards apply.

How it works

Users connect external services through OAuth. They see a consent screen, authorize access, and the Tool Hub stores the token. When the user calls an external tool, the Hub uses that token. But it also inspects the request and response—guardrails run on external tool calls to catch prompt injection, PII leakage, and policy violations.

What you get

User-consented access. Users explicitly authorize each external service. They see what permissions they’re granting. Admin visibility. You can require admin approval before users connect external services. No shadow IT—you know what’s connected. Content inspection. External tool calls flow through guardrails. Arguments are scanned before sending; responses are scanned before returning. See Trust Boundaries for how Char treats external tools differently.

See also

Trust Boundaries

How Char classifies internal vs external tools