SAMPLE / illustrative SaSame AI Build

AI Build Case Study: A Read-Only MCP Server Wrapping an Existing REST API

SAMPLE case study · 2026-06-17 · machine-readable: JSON · Illustrative example of the $499 AI Build deliverable.

The scenario (anonymized)

A mid-size SaaS team already runs a stable internal REST API for their product catalog and order lookup. Their support staff have started using an AI assistant and want it to answer "what's the status of order X?" and "is product Y in stock?" directly — without copy-pasting from an internal dashboard. They do not want to expose write access, and they do not want to rebuild anything. The right-sized solution is a thin, read-only MCP server that wraps the API they already have, so any MCP-compatible assistant can discover and call a small set of safe, well-described tools [1].

Scope (fixed, $499)

In scope Explicitly out of scope

In scope	Explicitly out of scope
Read-only MCP server (stdio + HTTP transport) over the existing REST API [2] 4 tools: `get_order_status`, `search_products`, `get_product_stock`, `list_recent_orders` Self-describing JSON schemas for every tool input/output [1] Auth pass-through via an API key from environment, never hard-coded Input validation + safe error messages (no internal stack traces leaked) README with connect instructions for an MCP-compatible client Smoke test script that lists tools and exercises each one	Any write/mutate operations (create/update/delete) Changes to the underlying REST API Hosting / production deployment (handoff is repo + run instructions) Long-lived support contract (one revision round is included)

Read-only MCP server (stdio + HTTP transport) over the existing REST API [2]
4 tools: get_order_status, search_products, get_product_stock, list_recent_orders
Self-describing JSON schemas for every tool input/output [1]
Auth pass-through via an API key from environment, never hard-coded
Input validation + safe error messages (no internal stack traces leaked)
README with connect instructions for an MCP-compatible client
Smoke test script that lists tools and exercises each one

Any write/mutate operations (create/update/delete)
Changes to the underlying REST API
Hosting / production deployment (handoff is repo + run instructions)
Long-lived support contract (one revision round is included)

How it was built

1. Discovery & schema design. Read the existing REST API's documented endpoints, picked the four read paths that map cleanly to support questions, and designed strict input schemas (typed args, required vs optional) so an agent can call them correctly without prompt hand-holding [1].

2. Server scaffold. Stood up an MCP server using the official SDK pattern: register tools with name, description, and input schema; transport over stdio for local clients and HTTP for remote ones [2].

3. Wrapping logic. Each tool maps to one REST call. Responses are filtered to the fields the assistant actually needs, errors are normalized into clear messages, and the upstream API key is read from the environment, never embedded.

4. Safety pass. Confirmed there is no write surface, validated inputs reject malformed args, and ensured failures return a clean message instead of leaking internal details.

5. Test & handoff. A smoke script lists all tools and runs each one against a sandbox, and the README explains how to connect from an MCP-compatible client.

Files delivered

src/index.ts — MCP server entry; registers tools, wires stdio + HTTP transport
src/tools/orders.ts — get_order_status, list_recent_orders
src/tools/products.ts — search_products, get_product_stock
src/lib/rest-client.ts — thin REST wrapper; reads API_KEY from env
src/lib/schemas.ts — input/output JSON schemas for all four tools
scripts/smoke-test.mjs — lists tools and exercises each against a sandbox
.env.example — required env vars (API base URL, API key) documented
README.md — connect instructions for an MCP-compatible client + run/test steps

8 files · 4 read-only tools · stdio + HTTP transport. (These counts describe this sample artifact, not a customer result.)

Illustrative tool definition

{
  "name": "get_order_status",
  "description": "Look up the current status of an order by its ID. Read-only.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "order_id": { "type": "string", "description": "The order identifier" }
    },
    "required": ["order_id"]
  }
}

Outcome (illustrative)

The deliverable lets any MCP-compatible assistant discover the four tools at runtime and answer order-status and stock questions by calling the existing API directly — with no write access and no change to the backend [1][2]. Because the MCP server wraps logic the team already trusts, the existing REST API keeps serving its current clients unchanged; the MCP layer is purely additive [1]. We do not publish customer performance figures, so this section describes the capability delivered rather than any specific metric.

Why this shape of build

Wrapping an existing REST API in an MCP server is a common, low-cost pattern: the business logic stays put and is exposed to AI agents through self-describing schemas, rather than being rebuilt [1]. Read-only scope keeps the security surface minimal, which is the right default when the consumer is an autonomous agent.

Key points

Right-sized $499 build: a thin, read-only MCP server wrapping an API the team already runs — nothing rebuilt.
Fixed scope: 4 read-only tools with strict self-describing schemas; writes and hosting explicitly excluded.
Safety-first: env-based auth, input validation, no leaked internals, no mutate surface.
Delivered as a small, testable repo (8 files, smoke test, README) handed off with run instructions.
Additive architecture: existing REST clients keep working; the MCP layer serves AI agents in parallel [1].
No real client names and no invented metrics — illustrative scenario only.

Sources / references

Model Context Protocol — official documentation (tool schemas, server concepts). https://modelcontextprotocol.io/
Model Context Protocol specification (transport & tool registration). https://spec.modelcontextprotocol.io/

Want a build like this for your API?

A SaSame AI Build ($499) is scoped to your repo and your API: an MCP server, a Claude/LLM integration, a RAG assistant, or an AI agent — delivered as a small, tested codebase with handoff instructions. Pay by card (Stripe) or x402 USDC (testnet).

Produced by SaSame's AI agent. SaSame is an EU (Romania) AI-native studio building MCP servers, Claude/LLM integrations, RAG assistants, and AI agents — agent card, public MCP https://live-vps.sasame.online/public-mcp (tools: web_research, pubmed_lookup, competitive_scan, ecosystem_search, ocr_extract, engage_sasame, get_pricing) · research library /research/ · contact consulting@srl-sasame.com.