> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Build with Go

> How to build a Go MCP server (official Go SDK or mcp-go) to run behind MCP Manager: serving Streamable HTTP, and why these frameworks are resource servers that verify bearer tokens rather than authorization servers with dynamic client registration — so you connect via MCP Manager's token-in-header or pre-registration modes, advertising an external authorization server through RFC 9728 protected-resource metadata.

Go has two main MCP frameworks: the official [Go SDK](https://github.com/modelcontextprotocol/go-sdk) (maintained with Google) and the popular community [`mcp-go`](https://github.com/mark3labs/mcp-go). Both serve Streamable HTTP, and both are **resource servers** — they verify a bearer token but do **not** implement an OAuth authorization server or dynamic client registration. That's the defining fact for **MCP Manager**: with Go you connect via the **token-in-header** or **pre-registration** modes, with any DCR handled by a *separate* authorization server. This page covers that path; the frameworks' own docs are authoritative.

<Note>
  Start with [Building Your Own MCP
  Server](/build-your-own-mcp-server/overview)
  for the requirements and the auth-mode
  decision tree. This page is the Go
  layer on top.
</Note>

## Serve Streamable HTTP

Both frameworks expose Streamable HTTP as an `http.Handler`:

* **Official Go SDK:** `mcp.NewStreamableHTTPHandler(getServer, opts)` returns a handler serving a single MCP endpoint. See the [repo](https://github.com/modelcontextprotocol/go-sdk) and the [`auth` package](https://pkg.go.dev/github.com/modelcontextprotocol/go-sdk/auth).
* **mcp-go:** `server.NewStreamableHTTPServer(mcpServer, server.WithEndpointPath("/mcp"))`, with options like `WithStateful` and `WithStreamableHTTPCORS`. See the [repo](https://github.com/mark3labs/mcp-go).

```go Illustrative — see the framework docs theme={null}
// Official Go SDK — a single Streamable HTTP endpoint.
handler := mcp.NewStreamableHTTPHandler(getServer, nil)
http.ListenAndServe(":8080", handler)
```

<Warning>
  Serve Streamable HTTP, not an SSE-only
  endpoint — MCP Manager won't connect
  to a legacy HTTP+SSE-only server. On
  multi-instance hosts, prefer stateless
  handling (or sticky sessions); both
  frameworks keep stateful sessions in
  process memory by default.
</Warning>

## Authenticate as a resource server

Neither framework issues tokens or registers clients — they validate tokens an external authorization server issued, and advertise that authorization server through RFC 9728 metadata.

* **Official Go SDK:** wrap your handler with `auth.RequireBearerToken(verifier, opts)` (it returns `401` with a `WWW-Authenticate` pointing at your metadata) and serve `auth.ProtectedResourceMetadataHandler(...)`.
* **mcp-go:** serve `server.NewProtectedResourceMetadataHandler(...)` at `/.well-known/oauth-protected-resource`; do token validation in your own middleware.

This maps to MCP Manager as follows:

| You want                   | How, in Go                                                                                                                   |
| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| **Token in a header**      | Validate an API key / bearer token in middleware. Simplest; one shared identity unless you scope tokens per user             |
| **OAuth pre-registration** | Run an external authorization server (your IdP), advertise it via RFC 9728, and give MCP Manager a Client ID + Secret for it |

Standard OAuth + **DCR** isn't available from the Go server itself — there's no `/register` endpoint to expose. If you need DCR, put a DCR-capable authorization server in front and let the Go server validate its tokens.

## MCP Manager compatibility checklist

<Steps>
  <Step title="Streamable HTTP at a fixed path">
    Serve `NewStreamableHTTPHandler` (Go
    SDK) or `NewStreamableHTTPServer`
    (mcp-go) at a stable path; not an
    SSE-only endpoint.
  </Step>

  <Step title="Stateless or sticky on multi-instance">
    Stateful sessions live in process
    memory — run stateless or enable
    sticky sessions behind a load
    balancer.
  </Step>

  <Step title="Choose token or pre-registration">
    Validate a header token (simplest),
    or stand up an external
    authorization server and connect MCP
    Manager with pre-registration.
  </Step>

  <Step title="Advertise the authorization server (RFC 9728)">
    Serve protected-resource metadata so
    MCP Manager can discover the
    external authorization server, with
    the `resource` set to your public
    URL.
  </Step>
</Steps>

## Go gotchas

<AccordionGroup>
  <Accordion title="No dynamic client registration" icon="ban">
    Neither framework can be an authorization server, so DCR must live elsewhere. Don't expect MCP Manager's automatic OAuth path to find a `registration_endpoint` on the Go server itself — use token or pre-registration. See [the auth modes](/build-your-own-mcp-server/overview#choosing-an-authentication-mode).
  </Accordion>

  <Accordion title="Sessions held in memory" icon="database">
    Stateful Streamable HTTP sessions are
    per-process. Behind a load balancer
    without sticky routing, follow-up
    requests can miss their session — run
    stateless or pin sessions.
  </Accordion>

  <Accordion title="Audience must match your public URL" icon="lock">
    Your token verifier should validate the audience against your canonical public URL (no trailing slash), or valid tokens get rejected with `401`.
  </Accordion>
</AccordionGroup>

## Further reading

<CardGroup cols={2}>
  <Card title="Official Go SDK" icon="golang" href="https://github.com/modelcontextprotocol/go-sdk">
    The Streamable HTTP handler and the `auth` package for bearer verification.
  </Card>

  <Card title="mcp-go" icon="github" href="https://github.com/mark3labs/mcp-go">
    The community framework, its
    Streamable HTTP server, and
    protected-resource metadata.
  </Card>

  <Card title="Authentication & Identity" icon="fingerprint" href="/security/authentication-and-identity">
    MCP Manager's token-in-header and
    pre-registration modes in depth.
  </Card>

  <Card title="Building Your Own MCP Server" icon="hammer" href="/build-your-own-mcp-server/overview">
    The cross-framework requirements, decision tree, and troubleshooting catalog.
  </Card>
</CardGroup>
