How MCP and the A2A Protocols Impact API Management

25 August 2025 - ID G00832928 - 8 min read
By Shameen Pillai, Mark O'Neill,  and 1 more
Anthropic’s Model Context Protocol has taken AI and API developers through an extreme cycle of hype. Google’s introduction of Agent2Agent protocol added more to the hype. Software engineering leaders must navigate through the hype and prepare their API management strategy for the next wave of agentic AI.

Overview

Key Findings

  • Model Context Protocol (MCP) and Agent2Agent (A2A) do not replace existing APIs. They rely on APIs for data, context, tools and resources for consumption by autonomous agents and AI applications. Widespread adoption of MCP and A2A will lead to more APIs and more API usage, not less.
  • Emerging protocols like MCP and A2A offer varying levels of security, but remain unproven, requiring elevated API protection and API access controls.

Recommendations

  • Prepare your organization for agentic AI by investing in robust API management that focuses on agent experience to support the requirements of AI agents and applications, rather than only on developer experience.
  • Double down on API security by adding specialist security solutions to supplement standard gateway protections. Rate-limiting and access management, in particular, are vital for APIs AI applications will consume when addressing the risk of data and services being abused by agentic use.

Strategic Planning Assumptions

By 2028, 80% of organizations will see AI agents consume the majority of their APIs, rather than human developers.
Through 2029, over 50% of successful cybersecurity attacks against AI agents will exploit access control issues, using direct or indirect prompt injection as an attack vector.

Introduction

The rise of new agent communication protocols — such as MCP and A2A — is rapidly transforming the AI application development landscape. MCP is already driving innovation in desktop AI and gaining traction in enterprise environments, while A2A is attracting strong interest from developers and vendors. At the same time, agentic consumption of APIs is becoming a central paradigm for how AI systems interact with enterprise data and services.
Most organizations were unprepared for the surge in agent-driven API use, which has intensified challenges around API management, security and scalability. There’s also confusion about whether these protocols will replace APIs. In fact, robust APIs are more essential than ever. Rather than replacing APIs, new protocols like MCP and A2A increase the need for secure, well-managed APIs to fully realize the potential of agentic AI in the enterprise.
So, what do software engineering leaders need to do to prepare for this rising wave of agentic AI? To be successful in agentic AI initiatives, they must level up their API strategies to support AI enablement and create an agentic experience for their APIs. Figure 1 shows a high-level overview of patterns and components of MCP and A2A, in the context of an enterprise application landscape.
Figure 1: AI Agents Depend on APIs
AI agents rely on multiple interconnected APIs—including interagent, orchestration and client/server APIs—to access external, internal, data, and LLM APIs, enabling integration with SaaS, enterprise data, and AI models for full functionality.

Analysis

Prepare Your Organization for Agentic AI

All organizations that develop and consume APIs will be impacted by agentic AI use, regardless of whether they have agentic initiatives underway. The 2024 Gartner API Strategy Survey showed that more than 90% of surveyed organizations either use or plan to use third-party APIs, and more than 80% of them plan to use private or partner APIs.1 So chances are, some of those external or partner API consumers could be AI agents.

MCP: What It Means for API Management

MCP provides a way for AI agents to interact with tools, data and context for AI agents to operate.2 Tools, resources and prompts predominantly use APIs to provide agents with necessary access to enterprise systems and data so that agents can take action toward their assigned goals (see Innovation Insight: Model Context Protocol).
MCP defines clients that maintain connections and interact with servers using a defined protocol. MCP servers aim to provide standardized access to APIs and other local resources necessary for the agent to operate (see Figure 2).
Figure 2: Model Context Protocol
Model Context Protocol enables multiple clients to connect with various servers, allowing access to different types of resources and APIs, such as local, internal, partner, and external APIs.
Although MCP presents itself as a rather simple concept to grasp, its sudden rise and the extreme hype around it raises several questions for API product managers and developers. From conversations with early adopters of MCP and using information from agentic projects on the impacts of MCP in API strategies, Gartner identified key challenges that software engineering leaders face. Table 1 summarizes those challenges and provides recommended actions.

Key Challenges and Recommended Actions for Software Engineering Leaders

Challenges
Impact
Recommendation
Versioning and Change Management
Agents interact with multiple API versions and breaking changes
Use strict version control and manage changes to avoid disruptions
API Types and Utilization
Underutilization of non-REST (GraphQL, gRPC, Async) APIs
Leverage diverse API types for agentic scenarios
API Discovery and Documentation
Agents require discoverable, well-documented APIs
Ensure all APIs are documented, cataloged and easy to find
API Consumer Management
Increased call volume and complexity from agentic consumers
Automate onboarding; adjust throttling and billing policies
API Sprawl Prevention
Risk of duplication and API sprawl
Create focused, experience APIs for agentic AI, reusing existing APIs where possible.
Source: Gartner

MCP: Emerging Technology Approaches

Many tools are emerging to create MCP servers on top of existing APIs. Both independent tools and built-in features in API management platforms are coming up to support and turn existing APIs into tools, tasks and resources for agents to consume. Also emerging are concepts like agent marketplaces, and tools marketplaces in public domains that support internal repositories of MCP server functionality.
Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources and validate the underlying functionality before making plans to leverage those. While these features are still emergent, It is best for organizations to get a quick start into building agentic tools from their existing enterprise APIs or other services they already trust. Remember, robust agentic functionality still relies on well managed and secure APIs to provide access to enterprise systems, data, microservices and legacy systems.

Impact of A2A Protocol

This relatively newer protocol from Google and 50 other supporters and contributors focus on agent interoperability that is aimed at creating an open standard for agent to agent interactions. This is clearly distinct from the goals set forth for MCP and is likely to coexist with MCP. Unlike the earlier versions of MCP, A2A has leveraged existing concepts of public key infrastructure, such as OATH and JWT, to secure agent-to-agent interactions.
A2A becomes relevant when organizations need to enable interagent communication. Interagent communication demands trust in agent behavior and, as noted previously, those agents are heavily dependent on a variety of APIs including MCP, LLM APIs and other services. This highlights the need for well managed, secure APIs of all types.

Create an Agentic Experience for Your APIs

We are in the early days of agentic AI and even earlier days for emerging multiagent systems. However, it is clear, based on Gartner’s interactions with early adopters, that a focus on agents as a major consumer segment of APIs is necessary to succeed in the immediate future.
Agentic experience in the case of APIs means taking action to:
  • Enable autonomous API consumption by streamlining developer registration, API key issuance and access workflows. Ensure that only authorized owners or entities are granted access to your services.
  • Implement the right level and method of API access control, role-based access and identity management for agents.
  • Create a new layer of APIs by leveraging existing investments in APIs dedicated to agentic consumption and focusing on providing the right amount of accurate documentation that agents can rely on.
  • Design APIs with clear, unambiguous functions that map to specific, atomic tasks where appropriate, ensuring consistency and ease of use for all consumers — including agents. Only expose atomic operations when task order is unimportant, and always prioritize clarity to support accurate interpretation and selection by humans and AI.
  • Create an internal repository (or registry) of MCP servers that are easily accessible to AI developers and autonomous agents.
  • Prefer API management tools and platforms that provide out-of-the-box capabilities to manage MCP servers, A2A and other agentic protocols.

Double-Down on API Security to Prepare for Agentic Consumption

As MCP standards and implementations evolve, organizations must proactively address the unique security challenges of agentic interactions (see How to Secure Custom-Built AI Agents). Early adopters should implement robust security measures now to mitigate risks already identified with MCP.
Follow these practices to significantly reduce the risk of security breaches and ensure safe, scalable agentic interactions via MCP:
  • Implement immediate security measures
    • Apply rate limiting for all agentic and AI-driven API consumers.
    • Use API security tools for predictive protection and design-time validation.
    • Automate data and schema validation for all API inputs and outputs.
    • Enforce strong access management, preferably with OAuth.
    • Distinguish machine identities for AI agents from human developers, applying stricter controls for agents.
  • Prioritize robust API security for agentic workloads
    • Strengthen API security, as MCP adoption grows, to protect against known and emerging threats in agentic interactions.
  • Address core MCP security challenges
    • Ensure user identity is passed and authenticated — MCP does not enforce this by default, risking broken access control.
    • Enforce strict data validation to prevent injection, path traversal and Server-Side Request Forgery (SSRF) vulnerabilities.
    • Avoid insecure protocol practices such as session IDs in URLs, lack of authentication standards and missing message integrity controls.
  • Guard against novel attack vectors
    • Establish a trusted supply chain for MCP servers; never connect to untrusted or unknown MCP servers.
    • Be alert to attacks like “line jumping” (prompt injection before tool invocation) and conversation history exfiltration via malicious tool descriptions.
  • Recommendations for early adopters of A2A
    • Agent registry: Implement a trusted agent registry to validate the legitimacy of agents. The registry should be capable of handling dynamic agent attributes and be continuously updated.
    • Digital signatures: Implement digital signatures for all A2A messages to ensure integrity and nonrepudiation.
    • Deprecation policy: Clearly define and enforce a deprecation policy for older protocol versions.
  • Continuously monitor and update security posture
    • Regularly review and update security processes as MCP standards and implementations evolve.
    • Integrate proactive API security tools, AI gateways and MCP-specific gateways into your architecture.

Evidence

1 2024 Gartner API Strategy Survey. This survey was conducted online from 27 February through 8 March 2024 to understand the API strategy of organizations through API usage, API styles and AI APIs.
In total, 89 IT leaders who are Research Circle members, a Gartner-managed panel, participated. The respondents were screened based on their knowledge about the use and priorities of APIs in their organizations. They were primarily from North America (n = 43), EMEA (n = 33), Asia/Pacific (n = 10) and Latin America (n = 3). Disclaimer: The results of this survey do not represent global findings or the market as a whole, but reflect the sentiments of the respondents and companies surveyed.
2 Model Context Protocol

Contributors

Jeremy D’Hoinne, Keith Guttridge