ATTOM MCP Server – Best Practices

Last updated: December 10, 2025

Follow these best practices to ensure secure, efficient, and reliable use of the MCP Server.

1. Secure Your API Key

Store your API key in a secrets manager or encrypted credential system. Avoid hard-coding keys directly in scripts or tools to prevent accidental exposure.

2. Optimize Tool Usage

  • Cache results whenever possible to reduce repeated calls.

  • Reuse previous responses for recurring queries.

  • Design prompts efficiently to minimize unnecessary API requests.

3. Separate Environments

Use distinct API keys for development, testing, and production environments. This reduces the risk of accidental usage in production or exposure of sensitive data.

4. Logging

Maintain logs of:

  • Tool usage

  • Prompt inputs

  • Errors and exceptions

Logging helps with auditing, troubleshooting, and compliance requirements.

5. Retry Policies

Implement retry logic for transient errors, such as network issues or temporary MCP server timeouts. Use exponential backoff to prevent overloading the system.

6. Rate Limiting Awareness

Monitor your monthly or daily MCP request limits to avoid exceeding quotas (429 errors). Schedule high-volume workflows carefully to stay within usage limits.

7. Prompt Design & Clarity

  • Write clear and specific prompts to improve response accuracy.

  • Include necessary context such as property addresses, filters, or radius.

  • For complex queries, break them into smaller, step-by-step prompts.

8. Data Handling & Privacy

  • Avoid including sensitive personal information in prompts unless absolutely necessary.

  • Ensure any retrieved data is stored, processed, and shared according to your organization’s privacy policies.

9. Versioning & Updates

  • Track MCP tool versions and endpoint changes.

  • Update your integrations and prompts if a tool is deprecated or modified.

10. Monitoring & Alerts

  • Monitor for failed requests, unusual error patterns, or unexpected results.

  • Set up alerts to catch misconfigurations or quota issues early.

11. Internal Copilot Integration

  • Restrict authentication when integrating MCP with internal AI copilots.

  • Use separate keys or environment configurations for internal tools to reduce security risks.

12. Testing & Validation

  • Test prompts in development environments before deploying to production.

  • Validate responses for accuracy, especially for workflows affecting valuations, compliance, or business decisions.