// In short
Not every API belongs on an MCP server. This cheat sheet covers which APIs are good candidates, how to design tools an LLM won't misuse, the production rules that keep you safe, and how this actually looks in MuleSoft, custom flow vs. MCP Bridge, and why Process/Experience APIs beat raw System APIs as MCP candidates.
I've spent the last few months building MCP servers for integration projects, and I keep running into the same assumption: if an API has OpenAPI docs, it's ready for an agent. Honestly, it's not. A classic API is designed for a developer who reads documentation. A model needs something different, high signal-to-noise, and a lot less room to guess.
Here's the checklist I use.