Database and API Integration Servers
The integration landscape
Most agentic workflows need external data. Agents query databases, read issues from project trackers, pull documentation, and interact with collaboration tools. The MCP ecosystem has production-ready servers for these common integrations.
This page covers the servers that handle the bulk of enterprise integration needs: databases, source control, communication platforms, and productivity tools. Knowing what already exists saves you from building what someone else already built.
Database servers
Database access is the most requested integration category. An agent that can query production data understands context that no amount of documentation conveys.
PostgreSQL
The original Anthropic reference implementation (@modelcontextprotocol/server-postgres) is archived.
A SQL injection vulnerability discovered in April 2025 let attackers bypass read-only restrictions via semicolon-delimited statements.
The fix landed in git but the vulnerable version remains on npm with 21,000 weekly downloads.
Production alternatives exist.
Postgres MCP Pro from CrystalDBA provides configurable read/write access, explain plan analysis, and index tuning recommendations.
The Zed fork (@zeddotdev/postgres-context-server) patches the vulnerability for simple read-only use cases.
What PostgreSQL servers can do:
- List databases and tables
- Inspect schemas (columns, types, indexes)
- Execute SQL queries
- Connect to multiple databases
Do not deploy the archived @modelcontextprotocol/server-postgres in production.
The SQL injection vulnerability affects all versions on npm.
Use Postgres MCP Pro or the Zed fork instead.
SQLite
The Anthropic SQLite server (@modelcontextprotocol/server-sqlite) is also archived due to SQL injection vulnerabilities.
Over 5,000 downstream forks inherited the vulnerability before archival.
Better implementations offer AI-native features: 73 specialized tools for analytics, JSON operations, text processing, vector search, and geospatial queries. WAL mode support enables better concurrent access. Full-text search via FTS5 works out of the box.
SQLite servers remain useful for local development and testing. For production, verify the implementation patches the injection vulnerability.
DBHub
DBHub from Bytebase is a universal database gateway with enterprise features. One server supports PostgreSQL, MySQL, MariaDB, SQL Server, and SQLite.
What it does:
- Executes SQL with transaction support and safety controls
- Searches and explores schemas across multiple databases
- Provides a web interface for query execution and request tracing
- Handles SSH tunneling and TLS encryption
- Enforces read-only mode, row limits, and query timeouts
Configuration uses TOML files that specify multiple database connections. The design minimizes context consumption.
DBHub has 105,000+ downloads and is the recommended choice for multi-database environments.
Time-series and specialized databases
GreptimeDB MCP handles observability data: metrics, logs, and events. SQL and TQL (PromQL-compatible) queries work. A three-layer security model includes read-only user support, application-level gates, and automatic data masking.
AWS Aurora DSQL provides distributed SQL access with natural language query conversion.
Read-only by default; write access requires the --allow-writes flag.
Choosing a database server
| Server | Best for | Trade-off |
|---|---|---|
| DBHub | Multi-database enterprise environments | Requires TOML configuration |
| Postgres MCP Pro | PostgreSQL with query optimization | More setup than simple read access |
| Zed fork | Simple PostgreSQL read-only | Minimal features |
| GreptimeDB | Time-series and observability | Specialized use case |
| AWS Aurora DSQL | Distributed cloud SQL | AWS-specific |
GitHub MCP server
The GitHub MCP server is the most downloaded server in the ecosystem at 889,000+ downloads. GitHub maintains it.
What it does
Repository operations let you browse and query code, search files across repositories, analyze commit history, and understand project structure.
Issue and PR management covers creating, updating, and managing issues; reviewing and commenting on pull requests; triaging bugs with label management; and maintaining project boards.
CI/CD integration includes monitoring GitHub Actions workflows, analyzing build failures, managing releases, and tracking deployment pipeline status.
Security features let you examine security findings, review Dependabot alerts, and access code scanning results.
Authentication
Two options:
OAuth 2.1 with PKCE (recommended): One-click setup in VS Code, Visual Studio, JetBrains, Eclipse, Xcode, and Cursor. Supports SAML enforcement, automatic token refresh, and short-lived credentials. Scoped access limits permissions to specific repositories or organizations.
Personal Access Tokens: Manual configuration for environments where OAuth flows are impractical. Organizations can restrict PAT usage through policy settings.
Organization members with Copilot Business or Enterprise plans must enable the "MCP servers in Copilot" policy. OAuth policies may require explicit app authorization per client.
Slack MCP server
Slack's official MCP server is rolling out to select partners with broad availability expected by summer 2025.
What it does
- Searches message history with date, user, and content filters
- Sends messages to any conversation type
- Retrieves full channel histories including threads
- Creates and shares canvases (formatted documents)
- Exports canvases as markdown
- Accesses user profiles and status information
- Searches public and private channels
Authentication and admin controls
Admin approval is required. Workspace administrators control which MCP clients can connect. All actions respect existing Slack permissions. Users cannot access channels or messages they could not access through the Slack interface.
The admin control panel in Slack's administrative interface manages all MCP integrations.
Atlassian servers (Jira and Confluence)
The Atlassian Rovo MCP Server provides official cloud-hosted access to Jira, Confluence, and Compass.
What it does
- Searches and summarizes across all Atlassian products
- Creates and updates Jira issues via natural language
- Generates Confluence pages from specifications
- Handles bulk content operations
- Enables cross-product workflows (meeting notes to tickets to documentation)
Security model
OAuth 2.1 handles authentication. All actions respect the user's existing access controls: project roles, space permissions, and IP allowlisting rules. Audit logging tracks key actions. Administrators manage external tool connections.
Atlassian MCP is Cloud-only. Server and Data Center deployments do not support the official MCP server. Community alternatives exist for self-hosted Atlassian installations.
Notion MCP server
Notion's official hosted server provides full workspace access.
What it does
- Reads and writes pages as native operations
- Searches across workspace content
- Generates documents: PRDs, technical specs, release notes
- Automates task creation and management
- Compiles reports from multiple sources
Notion provides a markdown API optimized for AI agents. The format uses fewer tokens than general-purpose API responses.
Connection methods
- In-app directory of featured AI tools (one-click)
- Manual connection via public URL:
https://mcp.notion.com/mcp - Custom MCP client configurations
Google integrations
Google Cloud announced official MCP servers in December 2025.
Official Google Cloud servers
BigQuery enables direct schema interpretation and native query execution. Data remains in place rather than moving into the context window. Forecasting and analytics work through natural language.
Google Maps provides location-based integrations and geocoding.
Google Compute Engine and Google Kubernetes Engine allow infrastructure management through MCP.
Expansion plans include Cloud Storage, Cloud SQL, Cloud Logging, and security services.
Google Workspace
No official MCP servers exist for Google Sheets, Drive, or Docs as of January 2026.
Community implementations (google_workspace_mcp, google-workspace-mcp) provide Gmail, Calendar, Drive, Docs, and Sheets access.
Community servers vary in security implementation. OAuth 2.0/2.1 flows are standard, but review the specific implementation before production use.
When to use existing servers
The general guidance: exhaust existing options before building custom servers.
Use existing servers when:
- The functionality matches common patterns (GitHub, Slack, databases)
- Time-to-deployment matters
- Standard security compliance is sufficient
- Multiple team members need the same integration
Build custom when:
- Proprietary data sources have no existing coverage
- Industry-specific workflows require specialized logic
- Security requirements exceed off-the-shelf solutions
- Legacy systems need cohesive integration
- Custom error handling or agent decision logic is required
Check the MCP Registry at registry.modelcontextprotocol.io before building. Third-party directories like mcp.so and Glama.ai index over 17,000 implementations. The server you need may already exist.
A hybrid approach works well: use existing servers for standard integrations (Slack, GitHub, databases) and build custom servers for sensitive or organization-specific systems.
Security patterns across API servers
All major API integration servers share security patterns:
- OAuth 2.1 with PKCE is standard for remote authentication
- Permission inheritance: MCP respects existing platform permissions
- Audit logging: Tracked at the platform level
- Admin controls: Management interfaces for organizational oversight
- Encrypted transport: HTTPS/TLS 1.2+ required
The archived Anthropic database servers demonstrate that even reference implementations can have vulnerabilities. Review any server's security posture before production deployment. Prefer actively maintained implementations over archived reference servers.