Features
Developers

API GENERATION

question mark in a cog

What is DreamFactory?
hello sign

About Us
documents

Docs
book spines

Wiki

API RESOURCES

stacked blocks

Case Studies
papers

White Papers
graduation gap

Academy
calculator

API Calculator
keyhole

Open Source

TRENDING TOPICS

API Generation

API Management

MS SQL Server

Compare DreamFactory

Snowflake

Microservices

SOAP to REST

Postgres

Tutorials
Connectors

DATABASES

MS SQL Server logo

MS SQL Server
Snowflake logo

Snowflake
Oracle logo

Oracle
PostgreSQL logo

PostgreSQL
MongoDB

MongoDB
IBM DB2 logo

IBM DB2

 See all Databasesarrow

FILE SERVICES

GridFS logo

GridFS
FTP/SFTP logo

FTP/SFTP
S3 logo

S3
Azureblob logo

Azureblob
Azure Table Storage logo

Azure Table Storage
Local Storage logo

Local Storage

 See all File Servicesarrow

SOAP

SOAP to REST logo

SOAP to REST

Integrate all of your enterprise data on a single secure platform.

See all Connectorsarrow
Snowflake
Blog
phone icon FREE 30 Minute Demo
Features
Developers

API GENERATION

question mark in cog

What is DreamFactory?
hello tag

About Us
documentation

Docs
book spines

Wiki

API RESOURCES

stacked blocks

Case Studies
papers

White Papers
graduation cap

Academy
calculator

API Calculator
keyhole

Open Source
Connectors

Integrate all of your enterprise data on a single secure platform.

See all connectors
GridFS logo
FTP/SFTP logo
S3 logo
Postgresql logo
Azure Table Storage logo
Local Storage logo
See all Databasesarrow
GridFS logo
FTP/SFTP logo
S3 logo
Azureblob logo
Azure Table Storage logo
Local Storage logo
See all File Servicesarrow
SOAP to REST logo
See SOAParrow
Snowflake
Blog
phone icon FREE 30 Minute Demo
back arrow Blog
MySQL MCP Server: Connect MySQL to Claude and Other AI Agents

MySQL MCP Server: Connect MySQL to Claude and Other AI Agents

by Cody Lord

calendar icon May 14, 2026

Table of contents
RECOMMENDED ARTICLES

Last updated: May 2026

A MySQL MCP server is a service that exposes a MySQL database as tools an AI agent can call through the Model Context Protocol (MCP). Rather than handing an LLM direct database credentials, you put an MCP server between the agent and MySQL. The agent discovers the tools available, calls them by name, and the MCP server translates those calls into safe, governed SQL against your database.

The pragmatic path to a production-grade MySQL MCP server is built on a foundation that already exists in most modern environments: an auto-generated REST API over the MySQL schema. Tools like DreamFactory have been doing exactly this for over a decade — connect a database, get a fully documented, role-protected REST API in minutes, no code written. The MCP server is then a thin surface on top of that same generated API. DreamFactory's framing: "turn your database into an auditable, governed API layer for AI" — the API layer is the foundation; the AI surface is the addition. This guide covers what a MySQL MCP server actually is, the three common setup approaches, the controls a production deployment needs, and how the auto-generated-API-plus-MCP pattern handles the governance.

Quick summary

  • What an MCP server does: Exposes MySQL as MCP tools an AI agent can call.
  • What sits underneath: A REST API over the MySQL schema. The MCP tools are usually just the same REST endpoints exposed via MCP rather than HTTP.
  • Three approaches: official open-source MCP example (prototyping), custom MCP server (full control), or an AI Data Gateway like DreamFactory (auto-generated REST API + MCP server, production-ready).
  • Most common client: Claude Desktop, Claude Code, ChatGPT, Cursor, Windsurf — any MCP-capable client.
  • Production must-haves: identity passthrough, query allow-listing, row limits, query timeouts, audit logging, read replica deployment.
  • Biggest risk: unconstrained queries against tables with millions of rows. Set hard limits on every query.

What is the Model Context Protocol (MCP)?

The Model Context Protocol is an open standard, introduced by Anthropic and rapidly adopted by other LLM providers, that defines how AI models discover and call external tools at runtime. An MCP server exposes tools (callable functions); an MCP client — Claude Desktop, Claude Code, ChatGPT, Cursor, Windsurf — consumes them.

As DreamFactory describes the pattern: MCP gives teams "a single reusable port for multiple AI assistants" rather than bespoke integrations per LLM platform. The same MCP-exposed MySQL tools work across every MCP-capable client.

ee how DreamFactory turns your databases into self-hosted APIs and MCP endpoints for AI.

The foundation: auto-generated REST APIs over MySQL

Before discussing MCP-specific patterns, the layer underneath matters. Every production MCP server for MySQL is, in practice, a REST API for MySQL plus a thin MCP surface on top. The MCP server exposes tools; those tools resolve to HTTP calls; the HTTP calls hit a REST API that talks to MySQL.

This is where DreamFactory's history matters. The product has been auto-generating REST APIs from databases for over a decade. Connect to a MySQL database (primary or read replica), and DreamFactory:

  • Introspects the MySQL schema (tables, views, stored procedures, relationships)
  • Generates a complete REST API with CRUD operations, filtering, sorting, pagination, and bulk operations
  • Generates OpenAPI / Swagger documentation automatically
  • Wraps every endpoint in role-based access control at the table, endpoint, and HTTP-verb level
  • Applies authentication (Entra ID, OAuth 2.0, OpenID Connect, SAML 2.0, LDAP, AD, API keys)
  • Enforces rate limits per user, role, or service
  • Logs every call with calling user, timestamp, and payload for audit

That REST API is useful by itself — human developers integrate with it, mobile apps consume it, internal tools depend on it. The MCP server is the next surface for the same generated endpoints. One configuration; two surfaces. In DreamFactory's MCP tutorial, CTO Kevin McGahey demonstrates exactly this flow against a MySQL database: credentials in a config file, a call to the DreamFactory MCP, and within minutes Claude Code has built a complete dashboard backed by an auto-generated, role-protected, API-key-authenticated, audit-logged MySQL API.

What a MySQL MCP server does specifically

A MySQL MCP server is an MCP server whose tools wrap MySQL queries — typically via the auto-generated REST API. Instead of exposing a generic "run any SQL" tool, a well-designed server exposes named, scoped tools — "find_customer_by_email", "list_orders_for_customer", "get_inventory_for_product".

The agent reads the tool descriptions, picks the right one, and calls it with structured parameters. The MCP server resolves the call to the matching REST endpoint, which translates it into a parameterised SQL statement against MySQL. The agent never writes or sees raw SQL. DreamFactory's framing for this principle: "containment by design" — every AI action is bounded by the policies you set.

Why teams expose MySQL to AI agents

MySQL is the most widely deployed open-source relational database in the world. It backs an enormous share of web applications and SaaS products. Common AI use cases:

  • Conversational customer support: A support agent's copilot queries the customer record, recent orders, and ticket history.
  • Self-serve operational questions: Non-technical staff ask the agent "how many active users signed up last week" without needing SQL.
  • Agent-driven workflows: An autonomous agent reads from MySQL as one step in a multi-step task.
  • Internal admin UIs: A natural-language interface over MySQL replaces or augments traditional admin dashboards.

DreamFactory's customer roster spans many of these patterns — including ExxonMobil, Toyota, Saint-Gobain, PPG, Deloitte, Google Cloud, AkerBP, Netgear, Miller Industries, the National Institutes of Health, the Vermont Agency of Transportation, D.A. Davidson, and Pillsbury Law.

The three ways to set up a MySQL MCP server

Approach

Best for

What gets generated

Time to set up

Production-ready?

Official open-source MCP server

Prototyping, exploration

Read-only MCP server with query tool

~10 minutes

No

Custom MCP server (SDK)

Specialised tools, custom business logic

Whatever you build

Days to weeks

Yes if you build the controls

DreamFactory AI Data Gateway

Production, multi-tenant, regulated, enterprise

Full REST API over MySQL, OpenAPI-documented, role-protected, rate-limited, audit-logged — plus MCP server exposing the same endpoints

Minutes

Yes

1. The official open-source MCP example

The simplest starting point. The MCP community publishes reference implementations that connect to MySQL via a connection string and expose read-only tools — schema inspection and parameterised query execution. Good for prototyping, not for production: they run with a single connection user, don't enforce per-call audit, and expect you to handle TLS and network exposure yourself.

2. Custom MCP server using the SDK

The MCP SDKs let you build a custom server from scratch. Trade setup time for control. Plan on several days of engineering for a tightly-scoped server plus the ongoing work of building auth, query governance, observability, and audit.

3. DreamFactory AI Data Gateway — REST API plus MCP, auto-generated

DreamFactory's AI Data Gateway takes the API-generation foundation the product has had for years and adds the MCP surface on top. Connect to a MySQL database (primary or replica) and:

  1. DreamFactory introspects the MySQL schema and auto-generates a full REST API.
  2. The same configuration wires those endpoints into DreamFactory's built-in MCP server.
  3. Authentication, RBAC, field-level redaction, rate limiting, and audit logging apply at the gateway layer — equally to REST and MCP traffic.
  4. MySQL's own GRANT-based controls continue to apply at the database layer.

For most enterprise deployments this is the path of least resistance.

Security controls every production MySQL MCP server needs

Identity passthrough

The MCP server has its own credentials, but the calling human user drives RBAC decisions. DreamFactory authenticates via Entra ID, OAuth 2.0, SAML, LDAP, or Active Directory, then enforces per-table, per-endpoint, per-HTTP-verb access. MySQL's GRANT-based controls remain in effect at the database layer.

Query allow-listing

Don't expose a generic "run any SQL" tool. Expose named tools backed by specific business operations. DreamFactory's auto-generated REST API gives you this by default — each endpoint is a specific operation; nothing outside the configured list is exposed.

Row limits and query timeouts

MySQL tables often have millions of rows. Enforce row limits (100–1,000 per query), timeouts (10–30 seconds), and concurrency limits. DreamFactory enforces rate limits per user, role, or service at the gateway.

Read replica deployment

Point DreamFactory at a MySQL read replica, not the primary. Benefits: AI-driven query load doesn't compete with OLTP traffic, and the agent literally cannot write. Same pattern teams use for BI tools.

Audit logging

DreamFactory logs every API call with calling user, timestamp, and payload. Combine with MySQL's own query log for end-to-end traceability.

Network exposure

Run DreamFactory inside your VPC or perimeter. Deployment options include Linux installer, Docker, and Kubernetes via Helm chart, with air-gapped configurations supported.

Common pitfalls when exposing MySQL to AI agents

  • Granting unrestricted SQL access. Constrain to named tools or strict allow-list — DreamFactory's auto-generated REST API gives you this by construction.
  • Using a shared service account. Lose per-user enforcement. Use DreamFactory's identity layer.
  • Skipping row limits. Hard limits, every query.
  • Querying the primary database. Point at a read replica.
  • Forgetting about writes. Default to read-only. DreamFactory's per-HTTP-verb RBAC makes this trivial.

When to choose which approach

  • Prototyping: Open-source MCP example.
  • Specialised tools: Custom MCP server with the SDK.
  • You need a production REST API over MySQL anyway, and want AI access too: DreamFactory. The REST API generation alone justifies the platform.
  • Production, sensitive data: DreamFactory.

How DreamFactory fits in

DreamFactory's foundational capability is instant REST API generation: connect a database, get a complete, documented, role-protected REST API in minutes — no code written. The platform has been doing this for over a decade across 40+ supported data sources. Customers like ExxonMobil, Toyota, Saint-Gobain, PPG, Deloitte, Google Cloud, AkerBP, Netgear, Miller Industries, the National Institutes of Health, the Vermont Agency of Transportation, D.A. Davidson, and Pillsbury Law use DreamFactory as their data layer.

The AI Data Gateway is the newer chapter — an MCP server built into the platform that exposes the same auto-generated REST API to AI agents. The company describes it as "an auditable, governed API layer for AI."

For a MySQL deployment specifically:

  • Auto-generated REST API: CRUD, OpenAPI docs, related-data retrieval, filtering, sorting, pagination, bulk operations, stored procedure exposure.
  • Built-in MCP server: same endpoints exposed to Claude Desktop, Claude Code, ChatGPT, Cursor, Windsurf.
  • Authentication: Azure AD / Entra ID, OAuth 2.0, OpenID Connect, SAML 2.0, LDAP, AD, API keys.
  • RBAC: per-table, per-endpoint, per-HTTP-verb.
  • Field-level redaction: configured per role at the gateway.
  • Audit: every call logged with user, timestamp, payload.
  • Rate limiting: per user, role, service.
  • Server-side scripting: PHP, Python, Node.js.
  • Deployment: Linux installer, Windows, Docker, Kubernetes via Helm chart, NPX quick install. Air-gapped supported.

G2 rates DreamFactory 4.7 with badges for "Easiest to Use," "Fastest Implementation," and "Best ROI." See the AI page or request a demo.

Frequently asked questions

What is a MySQL MCP server?

A MySQL MCP server is a service that exposes a MySQL database as tools an AI agent can call through the Model Context Protocol (MCP). The MCP server wraps queries as named tools with semantic descriptions; an MCP client like Claude reads the available tools and invokes them at runtime, letting the AI agent query MySQL without writing raw SQL.

What is DreamFactory's core capability?

DreamFactory's foundational capability is instant REST API generation: connect a database (MySQL, PostgreSQL, SQL Server, Oracle, Snowflake, Databricks, MongoDB — 40+ supported), and the platform auto-generates a fully documented, role-protected REST API in minutes, with no code written. Authentication, RBAC, rate limiting, audit logging, and OpenAPI documentation are built in. The AI Data Gateway and MCP server sit on top of this same auto-generated API — agents call the same governed endpoints human developers would.

Does DreamFactory work without using MCP at all?

Yes. DreamFactory has been an API generation platform for over a decade and is widely deployed for use cases that have nothing to do with AI — modernising legacy systems, syncing enterprise data, and exposing data products inside large enterprises. MCP support is the newest surface; the REST API generation is the foundation.

How do I connect Claude to MySQL?

Configure an MCP server that connects to your MySQL database, then configure Claude Desktop, Claude Code, or the Claude API with MCP enabled to launch that server. For prototyping, an open-source MCP example for MySQL is the fastest path; for production, DreamFactory auto-generates a fully documented, secure REST API from your MySQL schema in minutes and exposes the same endpoints to MCP clients via its built-in MCP server.

Can a MySQL MCP server handle large result sets safely?

Only with explicit limits. MySQL tables in real-world apps often have millions of rows. Production MCP servers should enforce hard row limits on every query (typically 100–1,000), pagination tokens for larger workloads, and query timeouts. DreamFactory's auto-generated REST endpoints support pagination and row limits as built-in query parameters.

How does identity flow from an AI agent to MySQL?

DreamFactory authenticates the calling user via OAuth 2.0, OpenID Connect, Azure AD / Entra ID, SAML 2.0, LDAP, or Active Directory. The user's identity drives DreamFactory's RBAC decisions at the gateway (which tables, which endpoints, which HTTP verbs are allowed). MySQL's own GRANT-based controls continue to apply to queries DreamFactory issues.

What's the safest MCP integration pattern for production MySQL?

Five things in combination: (1) Don't expose raw SQL; use named tools backed by the auto-generated REST endpoints. (2) Use DreamFactory's identity layer (Entra ID, OAuth, SAML, LDAP) so queries inherit the calling user's RBAC. (3) Restrict to read-only operations unless writes are explicitly required and gated. (4) Log every prompt, tool call, query, and result for audit. (5) Run the gateway inside your VPC or perimeter.

Does an MCP server work with MySQL replicas?

Yes, and it's a recommended pattern. Pointing the MCP server (via DreamFactory's connection configuration) at a read replica isolates AI-driven query load from primary OLTP traffic and gives you a safety boundary — the agent literally cannot write, even if mis-configured. This is the same pattern teams use for BI tools.

How do I prevent an AI agent from running expensive MySQL queries?

Three controls: query timeouts (10–30 seconds is a typical default), row limits on every result, and rate limiting per agent and per user. DreamFactory enforces rate limits per user, role, or service at the gateway, so an LLM session can't exceed its configured budget.

Is DreamFactory safe for regulated industries?

Yes. DreamFactory's regulated-industry customers include the National Institutes of Health, Vermont Agency of Transportation (air-gapped), D.A. Davidson (financial services), and Pillsbury Law (legal). All run DreamFactory in production with role-based access control, audit logging, and either on-prem or air-gapped deployment.

Related blog posts
TAGS:
  • MySQL, DreamFactory, MCP, AI Agent