How Msharti works

Msharti is a managed MCP gateway. It sits between your AI assistant and your business systems, handling authentication, security, routing, and audit logging so you don't have to build any of that yourself.

Request flow

Every time you ask your AI assistant a question that requires business data, the request travels through six layers:

1
AI assistant

Claude, Copilot, Cursor, or ChatGPT detects that your question requires a tool call. It sends an MCP request over HTTPS to the Msharti gateway endpoint you registered.

2
Authenticate API key

The gateway validates your API key. Invalid or expired keys are rejected immediately — no request reaches your data.

3
Resolve tenant

Every API key is scoped to exactly one tenant. The gateway loads your connector configuration, credentials, and role permissions. One tenant's key can never access another tenant's data.

4
Injection detection

The request payload is scanned for prompt injection patterns — attempts by malicious content in your data to hijack the AI's instructions. Flagged requests are blocked and logged.

5
Route to connector server

The gateway forwards the request to the correct connector server — one isolated Docker container per system. The connector decrypts your credentials, calls the external API, and returns results.

6
Strip secrets · write audit log · return response

Before the response reaches the AI, API keys, passwords, and sensitive identifiers are auto-redacted. Every tool call is written to an immutable audit log. The clean response is returned to the AI, which composes your answer.

AI assistant Claude · Copilot · Cursor · ChatGPT
↕ MCP over HTTPS
Msharti Gateway
Auth Tenant Injection scan Route Strip secrets Audit log
Connector servers One isolated container per system
Your systems M-Pesa · KRA · Salesforce · PostgreSQL · …

Tenants & API keys

Every Msharti account is a tenant. A tenant has its own:

  • API keys (one per AI assistant integration, rotatable independently)
  • Connector configurations and encrypted credentials
  • User seats with role-based access (Admin, Manager, Viewer)
  • Audit log — scoped to that tenant only

Tenant isolation is enforced at every layer: the database uses row-level security so queries for Tenant A cannot return Tenant B's data, even if the gateway layer were somehow bypassed.

ℹ️

How many API keys do I need? One per AI assistant integration is the recommended setup. For example: one key for your Claude Desktop configuration, one for your Copilot plugin. This lets you rotate or revoke each independently without affecting the other.

For connectors that use OAuth (Microsoft 365, Salesforce, Google, Meta Ads, Sage, Zoho, and others), Msharti uses a Connect Link flow instead of asking you to register an OAuth app.

How it works:

  1. You click Connect in the dashboard. Msharti generates a unique, one-time OAuth link for your tenant. No app registration required.
  2. You log in with the third-party service. A standard consent screen lists what Msharti can access. You accept.
  3. The OAuth tokens are stored in your tenant. Tokens are encrypted with AES-256-GCM. The encryption key is stored separately from your credentials. Msharti auto-refreshes tokens before they expire — you never need to reconnect unless you revoke access.

Connect Links use delegated permissions — the AI can only access data that the signed-in user has permission to see. It cannot elevate its own permissions.

Dynamic tool discovery

The gateway queries each connector server for its available tools at startup, and refreshes periodically. This means when Msharti adds a new connector or extends an existing one, the new tools appear in your AI assistant automatically — no configuration update required on your end.

Read-only enforcement for databases

SQL connectors (PostgreSQL, MySQL/MSSQL) enforce read-only access at the gateway level, not just at the database user level. Even if an AI prompt were manipulated to include INSERT, UPDATE, or DELETE statements, the gateway rejects them before they reach the connector. Row limit: 500 per query. Query timeout: 30 seconds.