Arcade MCP vs Unified.to MCP: which one is easier to self-host and pass a security review?

Most teams evaluating Arcade MCP vs Unified.to MCP are trying to answer two practical questions: which stack is easier to self-host, and which one makes it through a serious security review without turning into a months-long project. The short version: if you care about MCP-native tooling, offline-friendly local runs, and a clear authorization model you can explain to a security engineer, Arcade’s MCP runtime is built for exactly that. Unified.to is strong as a unified API integration layer, but MCP and “agent-safe” execution are not its primary design center.

This FAQ focuses on self-hosting, auth, governance, and security review concerns—not marketing claims.

---

Quick Answer: For MCP-native agent workloads, Arcade is generally easier to self-host and get through a security review because it’s designed as an MCP runtime with clear deployment modes, zero token exposure to LLMs, and enterprise controls (RBAC, audit logs, SSO/SAML). Unified.to is a powerful unified API for integrations, but MCP and multi-user agent authorization are not first-class in the same way.

Frequently Asked Questions

Which is easier to self-host for MCP: Arcade or Unified.to?

Short Answer: Arcade is easier to self-host for MCP use cases because it’s built as an MCP runtime with local-first tooling (uv run, arcade new) and explicit support for running MCP servers anywhere (local, VPC, on‑prem, air‑gapped). Unified.to is more focused on cloud-hosted unified APIs than on self-hosted MCP runtimes.

Expanded Explanation:
Arcade ships with an open-source MCP framework and CLI so you can spin up and run MCP servers locally in seconds. The same servers can then be deployed into your own infra (Docker/Kubernetes, VPC, on‑prem, or air‑gapped) without changing your agent code. The runtime is BYOC (bring your own credentials) and fully local/offline-friendly when you want it to be.

Unified.to’s sweet spot is offering a cloud-hosted unified API that normalizes many SaaS integrations behind a single schema. That’s useful for traditional integration use cases, but it means your agents are often depending on a vendor SaaS API rather than a self-contained MCP server you can drop into your own environment. For teams whose security teams push hard on data residency, air-gapped deployments, or “no external control planes,” that’s a meaningful difference.

Key Takeaways:

• Arcade provides an MCP runtime and open-source MCP server framework optimized for self-hosting (local, VPC, on‑prem, or air‑gapped).
• Unified.to is primarily a managed unified API; MCP and full self-hosted runtime control are secondary at best.

---

How do I self-host Arcade’s MCP runtime in practice?

Short Answer: You develop and test locally with the Arcade MCP framework (uv run server.py), then deploy the same MCP server into your infra (Docker/Kubernetes, VPC, or on‑prem). Arcade’s managed cloud is optional—self-hosting is a first-class path.

Expanded Explanation:
Arcade separates concerns: the MCP runtime that executes tools, and the MCP servers that expose tools to agents. You can run both yourself. Locally, you install the CLI, scaffold a server, and run it with one command. In production, you package that server as a service in your own environment and configure Arcade (or your MCP client) to point to it.

Because Arcade’s MCP servers are fully local and offline-friendly, they work in constrained environments: locked-down VPCs, internal-only networks, and even air-gapped clusters. Credentials are injected at runtime (BYOC), using your existing secrets store. No tokens need to travel through an external control plane if you don’t want them to.

Steps:

1. Install the CLI locally

   uv tool pip install arcade-mcp
   

2. Create and run an MCP server project

   arcade new my_server
   cd my_server
   uv run server.py
   

3. Deploy to your infra
   • Containerize server.py or run it as a service.
   • Wire it into your MCP client (Cursor, Claude, LangGraph, etc.) or through Arcade’s runtime.
   • Configure secrets and OAuth credentials via your own secrets manager or Arcade-managed secrets.

---

How do Arcade MCP and Unified.to MCP differ for security reviews?

Short Answer: Arcade MCP focuses on secure agent authorization—user-specific permissions, scoped OAuth, zero token exposure to LLMs, audit logs, RBAC, and SSO/SAML—so it’s easier to walk through with security teams. Unified.to is strong on integration coverage but less opinionated about MCP-native authorization patterns and agent governance.

Expanded Explanation:
Security reviews for agent systems revolve around three themes:

1. Where do tokens live?
   Arcade’s model is “zero token exposure to LLMs.” Credentials stay in the runtime and are injected only when tools execute. The model sees structured tool calls (e.g., Google.SendEmail) and parameters, not raw OAuth tokens. This is straightforward to explain in a security review and aligns neatly with least-privilege and token isolation guidelines.

2. Who is the agent acting as?
   Arcade’s runtime is explicit: agents act with user-specific permissions—not service accounts. This is enforced in the runtime with scoped OAuth, IDP integration, and permission gates. You can say, “This agent can only read the user’s Gmail with readonly scope, and every action is tied back to that user.”

3. What’s the governance story?
   Arcade includes tenant isolation, audit logs, RBAC, and SSO/SAML support. That gives security and compliance teams levers they expect: who can configure tools, who can deploy agents, what actions agents performed, and which identities they acted on behalf of.

Unified.to, by contrast, tends to be reviewed like any unified API:

• Where does it store tokens?
• What scopes does it request?
• How is tenant separation enforced?

You can absolutely pass a review with Unified.to, but you’ll be doing more of the mapping yourself from “unified API calls” to “agent actions tied to specific users with clear authorization boundaries,” because that isn’t its primary abstraction layer.

Comparison Snapshot:

• Arcade MCP: MCP-native runtime optimized for secure agent authorization (user-specific permissions, scoped OAuth, zero token exposure to LLMs, audit logs, RBAC, SSO/SAML).
• Unified.to MCP: Unified integration layer focused on normalizing APIs; MCP and agent authorization patterns are not central to the architecture.
• Best for:
  • Arcade: Teams building multi-user agents that must survive security review, run in constrained environments, and act safely in systems like Gmail, Slack, GitHub, Salesforce.
  • Unified.to: Teams primarily solving “connect to many SaaS APIs quickly” for application backends, with agents layered on top.

---

What does it take to pass an enterprise security review with Arcade MCP?

Short Answer: You document how Arcade enforces user-specific permissions, token isolation, and governance (RBAC, audit logs, SSO/SAML), and how your deployment keeps tokens and MCP servers within your trust boundary. Arcade’s model lines up closely with what enterprise security teams already expect.

Expanded Explanation:
With Arcade, you walk into a review with a clear architecture story instead of hand-wavy “the LLM behaves.” The focus is on:

• Authorization enforced in code, not prompts
  The runtime is the gatekeeper: tools are executed only if the agent call is authorized for that user and scope. You don’t rely on “please don’t call this tool” prompt hacks.

• Scoped OAuth and IDP integration
  Arcade plugs into your OAuth and identity providers. Each user authorizes specific scopes (e.g., Gmail read-only vs full send access), and those scopes are enforced at tool execution time.

• Zero token exposure to LLMs
  Tokens never go into prompts. The LLM asks for Google.CreateEvent, not for the OAuth token itself. Credentials are fetched and injected by the runtime at the last possible moment.

• Governance and controls

  • Tenant isolation
  • Audit logs of all tool calls (who, what, when, which scopes)
  • Role-based access control (who can configure tools, deploy agents)
  • SSO/SAML to reuse your existing identity policies

That gives you a clean security narrative: you’re not introducing a black-box “AI platform,” you’re introducing a runtime that respects your existing identity and security posture, with explicit boundaries and logs.

What You Need:

• An Arcade deployment model:
  • Arcade-managed cloud, or
  • Self-hosted runtime in your cloud/VPC/on‑prem/air‑gapped environment.
• Identity + secrets decisions:
  • Which IDP/OAuth providers to connect (Google Workspace, Okta, etc.).
  • Where credentials live (your secrets manager or Arcade-managed secrets) and how they’re rotated.

---

Strategically, when should I pick Arcade MCP over Unified.to for agents?

Short Answer: Choose Arcade MCP when your primary goal is production-grade agents that take safe actions across real business systems with user-specific permissions; choose Unified.to when your primary goal is broad API coverage for an app backend and MCP is a nice-to-have, not the core runtime.

Expanded Explanation:
If your roadmap is “move from chat to action” with agents that can actually send emails, schedule meetings, comment on GitHub issues, or update Salesforce records on behalf of specific users, Arcade’s MCP runtime is aligned with that vision:

• Your agents are only as good as your tools.
  Arcade focuses on agent-optimized tools (like Google.SendEmail, Gmail.ListEmails, Google.CreateEvent, Slack and CRM tools) with schemas that minimize ambiguity and control cost. These run under user-specific permissions, not a blanket service account.

• Multi-user is the default, not an afterthought.
  Service-account bots are a dead end in production. Arcade enforces just-in-time auth and per-user authorization so you can roll out agents across a company, not just to a test group.

• Security and DX in the same package.
  The runtime hides the token headaches (storage, refresh, rotation) behind SDK patterns like auth.start(...) + wait_for_completion, while giving security teams auditability and RBAC.

Unified.to shines when your biggest problem is “we need one API over many providers”—for example, building a SaaS that connects to dozens of CRMs or helpdesks. You can then separately build MCP servers that call Unified.to. That’s workable, but you’re now building and operating your own runtime mechanics (auth patterns, token isolation, permission gates) on top, instead of getting an MCP-native runtime out of the box.

Why It Matters:

• Impact on build velocity:
  Arcade removes the need to reinvent OAuth, token storage/refresh, and authorization logic for every integration. You focus on tools and agent logic instead of infrastructure glue.
• Impact on deployability:
  A runtime that security teams actually approve (zero token exposure, user-specific scopes, audit trails) means you can move beyond pilots and get agents into real workflows without getting blocked at the last mile.

---

Quick Recap

For the specific question—Arcade MCP vs Unified.to MCP: which one is easier to self-host and pass a security review?—the edge goes to Arcade for MCP-native agent use cases. Arcade is “the runtime between AI and action,” with an open-source MCP framework, fully local/offline-friendly servers, BYOC credentials, and a security story built around user-specific permissions, scoped OAuth, token isolation, and enterprise controls like RBAC, SSO/SAML, and audit logs. Unified.to remains a strong unified API for integrations, but if your goal is production-grade, multi-user agents your security team can live with, Arcade is the more direct path.

Next Step

Get Started