In financial services, technology alone is no longer a differentiator; trust, interoperability, and control are. Open banking raised the bar for how standards must handle identity, privacy, and access control, and MCP should be held to the same standard as it becomes an important interface for AI agents.
In this talk, I’ll share how Spendesk approached the design of an MCP service, with security and regulatory discipline as pillars from day one. Rather than exposing a broad API surface, we selected a focused set of tools based on real user needs and practical use cases, then designed the server with least privilege, privacy, and safe interoperability in mind. I’ll walk through the architecture, the main technical decisions, and the bottlenecks we hit when adapting an existing financial API platform to MCP, including discovery, authorization, tool visibility, and execution-time controls.
The session will use practical examples to show the tradeoffs behind those decisions and the solutions we chose to maintain a high security bar. Attendees will leave with a reusable blueprint for adopting MCP in other regulated or high-sensitivity environments.
High impact blog posts and eBooks on API business models, and tech advice
Connect with market leading platform creators at our events
Join a helpful community of API practitioners
Can't make it to the event? Signup to the Nordic APIs newsletter for quality content. High impact blog posts on API business models and tech advice.
By clicking below, you agree that we process your information per the terms in our Privacy Policy.
Become a part of our global community of API practitioners and enthusiasts. Share your insights on the blog, speak at an event or exhibit at our conferences and create new business relationships with decision makers and top influencers responsible for API solutions.
