# Building and securing MCP servers with FastMCP

> Source: <https://coles.codes/posts/securing-mcp-servers-fastmcp/>
> Published: 2026-07-10 00:00:00+00:00

Most MCP tutorials stop at a server that adds two numbers over stdio. That’s the easy 10%. The hard part, and the part nobody writes up, is everything you hit the moment you want to put an MCP in front of real company data: who’s allowed to call what, how you authenticate them, what you log, and how you stop the model drowning in eighty tools it doesn’t need.

I’ve spent a big chunk of the last few months living in this, including a run of conversations with Australian businesses and a few US fintech companies trying to wire MCPs into real systems. The question that comes up every time is less about whether you can build a tool and more about whether you can safely let one reach production data, and the fintechs especially won’t let you hand-wave it.
