1. Write Descriptions That Actually Work
Your tool description is the single most important thing you configure. The AI reads it to decide:- Whether to call this tool at all
- Which tool to call when multiple options exist
- What arguments to supply
- Start with a verb:
Retrieve,Create,Search,Send,Update,Delete - State what the tool returns (not just what it does)
- Include when to use it vs when to use a similar tool
- Keep it under 200 words — models truncate very long descriptions
- Avoid vague words like “handles”, “manages”, “processes”
2. Name Tools in snake_case with a Verb
Tool names follow averb_noun or verb_noun_noun pattern. The AI’s reasoning will often include the tool name, so make it readable:
| Good | Bad |
|---|---|
get_customer | customer |
create_invoice | newInvoice |
search_products | products_search |
send_email | email |
list_open_orders | orders |
update_subscription_plan | editSub |
get_ for retrieval, don’t also use fetch_ or retrieve_ — pick one.
3. Design Schemas for the AI, Not the API
Your input schema describes what the AI should provide — not necessarily what the underlying API needs. Map the gap in parameter mappings, not in the schema. Don’t expose internal IDs as required inputs when names work better:optional — the AI will omit them when not needed.
Add description to every parameter. The AI uses these to understand what values to pass:
4. One Tool = One Action
Keep tools focused. A tool that does six different things depending on which parameters you pass produces inconsistent AI behavior.| Don’t do this | Do this instead |
|---|---|
manage_customer (with action: create/update/delete) | create_customer, update_customer, delete_customer |
order_tool (fetches or updates depending on params) | get_order, update_order_status |
5. Use Caching for Read-Only Data
Enable Cache TTL on tools that return data that doesn’t change frequently. This is one of the easiest performance wins:| Tool type | Suggested TTL |
|---|---|
| Product catalog | 300–900 seconds |
| Reference / lookup data | 600–3600 seconds |
| User-specific data | 0 (no cache) |
| Real-time status | 0 (no cache) |
| Documentation content | 3600+ seconds |
6. Set Appropriate Timeouts and Retries
Timeout — default is 30 seconds. Adjust based on your API:- Fast internal APIs: 5–10 seconds
- Slow report generation, file exports: 60–120 seconds
- Third-party APIs (Stripe, GitHub, etc.): 15–30 seconds
7. Organize Servers by Domain and Access Level
One server per logical group — not one server for everything:- Limit blast radius if a URL is shared accidentally
- Different inbound auth credentials per team
- Cleaner
tools/list— the AI only sees the tools relevant to the current task - Independent rate limits per domain
8. Keep Parameter Mappings Clean
Use the right mapping type for each parameter — don’t send everything in the body:| Parameter type | Mapping |
|---|---|
| Record ID in the URL | Path (/customers/{id}) |
| Filters, pagination | Query (?status=active&page=2) |
| Data to create/update | Body (POST/PUT only) |
| API keys (if user-supplied) | Header |
9. Test Before You Ship
Use the built-in Test panel on every tool before sharing the server URL with anyone. What to verify:- Tool returns the expected data shape
- Required parameters produce an error when missing
- Error responses from the API are handled gracefully
- Response size is reasonable (very large responses slow AI clients)
10. Security Checklist
- Enable inbound authentication for production servers (not
none) - Use HTTPS on your WordPress site — required for credentials in transit
- Store API keys only in Custom Headers — never embed them in endpoint URLs where they appear in logs
- Set a rate limit appropriate for your upstream API’s own limits
- Configure webhooks to alert on
tool.errorevents so you catch auth failures fast - Rotate test credentials independently from production keys
- Review call logs periodically for unexpected clients or unusual patterns

