From 45406721cfa4fe8186e49e6ef4b85c3dfa19f396 Mon Sep 17 00:00:00 2001 From: zgaetano Date: Tue, 31 Mar 2026 15:29:22 -0400 Subject: [PATCH] Add mcp-gateway/API_CREDENTIALS_SETUP.md --- mcp-gateway/API_CREDENTIALS_SETUP.md | 325 +++++++++++++++++++++++++++ 1 file changed, 325 insertions(+) create mode 100644 mcp-gateway/API_CREDENTIALS_SETUP.md diff --git a/mcp-gateway/API_CREDENTIALS_SETUP.md b/mcp-gateway/API_CREDENTIALS_SETUP.md new file mode 100644 index 0000000..524b7cc --- /dev/null +++ b/mcp-gateway/API_CREDENTIALS_SETUP.md @@ -0,0 +1,325 @@ +# API Credentials Setup Guide + +This guide explains how to obtain and configure API credentials for RFP Scraper and LinkedIn MCPs. + +## RFP Scraper Configuration + +### What You Need + +The RFP Scraper MCP requires: +- `RFP_API_KEY` - API key for authenticating requests +- `RFP_BASE_URL` - Base URL of the RFP scraping service + +### Getting RFP Scraper Credentials + +#### Option 1: Self-Hosted RFP Scraper + +If you're running your own RFP scraping service: + +1. **Get the API Key** from your RFP service admin panel or configuration +2. **Get the Base URL** - typically something like: + - `https://rfp.yourdomain.com` + - `https://rfp-service.example.com` + - `http://localhost:3000` (if local) + +#### Option 2: Third-Party RFP Service + +If using a commercial RFP discovery service: + +1. Sign up for an account +2. Navigate to API/Developer settings +3. Generate an API key +4. Note the service endpoint URL + +**Popular RFP Services:** +- **Bonfire** (https://www.bonfirehub.com) - RFP/Grant discovery platform +- **ProposalWorks** - RFP management +- **BidNet Direct** - Government RFP aggregation +- **Catch** - RFP aggregation service + +### Example RFP_API_KEY Format + +- Bonfire: `Bearer eyJhbGciOiJIUzI1NiIs...` +- Custom service: `mcpgw_rfp_abc123xyz789` +- Token-based: `token_1234567890abcdef` + +--- + +## LinkedIn Configuration + +### What You Need + +The LinkedIn MCP requires: +- `LINKEDIN_ACCESS_TOKEN` - OAuth2 access token for LinkedIn API +- `LINKEDIN_API_KEY` - LinkedIn API key (enterprise) + +### Getting LinkedIn Credentials + +#### Step 1: Create a LinkedIn App + +1. Go to **LinkedIn Developer Portal**: https://www.linkedin.com/developers/apps +2. Click **Create App** +3. Fill in the required fields: + - **App Name**: e.g., "MCP Gateway Job Search" + - **LinkedIn Page**: Select your company page + - **App Logo**: Upload a logo + - **Legal Agreement**: Accept terms + +#### Step 2: Get Your API Credentials + +After creating the app: + +1. Go to the **Auth** tab +2. Find your **Client ID** and **Client Secret** +3. In the **Authorized redirect URLs** section, add: + ``` + http://10.0.0.25:4444/callback + https://mcp.wilddragon.net/callback + ``` + +#### Step 3: Request API Access + +LinkedIn requires specific API access. Submit requests for: + +1. **Sign In with LinkedIn** - For authentication +2. **Share on LinkedIn** - If posting functionality needed +3. **LinkedIn Jobs Search** - For job search capabilities + +Request these under the **Request access** tab. + +#### Step 4: Generate Access Token + +Option A - Using OAuth2 Flow: + +```bash +# 1. Direct user to LinkedIn authorization +https://www.linkedin.com/oauth/v2/authorization? + response_type=code + &client_id=YOUR_CLIENT_ID + &redirect_uri=http://10.0.0.25:4444/callback + &scope=r_liteprofile%20r_emailaddress%20w_member_social + +# 2. LinkedIn redirects with authorization code +# 3. Exchange code for access token: +curl -X POST https://www.linkedin.com/oauth/v2/accessToken \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "grant_type=authorization_code" \ + -d "code=YOUR_AUTHORIZATION_CODE" \ + -d "redirect_uri=http://10.0.0.25:4444/callback" \ + -d "client_id=YOUR_CLIENT_ID" \ + -d "client_secret=YOUR_CLIENT_SECRET" +``` + +Option B - Using Personal Access Token (Enterprise): + +If you have LinkedIn enterprise access: + +1. Go to **Settings** → **Personal tokens** +2. Create a new token with required scopes +3. Copy the token immediately (it won't be shown again) + +#### Step 5: Verify Your Token + +Test your token with: + +```bash +curl -X GET https://api.linkedin.com/v2/me \ + -H "Authorization: Bearer YOUR_ACCESS_TOKEN" +``` + +Should return your LinkedIn profile info. + +--- + +## Configuring the .env File + +Once you have your credentials: + +### Step 1: Edit .env + +```bash +nano /sessions/vigilant-elegant-ramanujan/mnt/MCP\ Servers/mcp-gateway/.env +``` + +### Step 2: Add RFP Scraper Credentials + +```env +# RFP Scraper MCP Server +RFP_API_KEY=your_actual_api_key_here +RFP_BASE_URL=https://rfp.yourdomain.com +``` + +### Step 3: Add LinkedIn Credentials + +```env +# LinkedIn MCP Server +LINKEDIN_ACCESS_TOKEN=your_actual_access_token_here +LINKEDIN_API_KEY=your_actual_api_key_here +``` + +### Step 4: Optional - Gateway Static API Key + +For testing without OAuth: + +```env +GATEWAY_STATIC_API_KEY=your_static_test_key_here +``` + +### Step 5: Save and Exit + +- Press `Ctrl+X` then `Y` then `Enter` + +--- + +## Example .env Configuration + +```env +# Gateway +GATEWAY_PORT=4444 +GATEWAY_STATIC_API_KEY=mcpgw_test_key_12345 + +# OAuth 2.1 Configuration +OAUTH_ISSUER_URL=https://mcp.wilddragon.net +OAUTH_PASSWORD=your-Nv0SEJtFC&kmXri +OAUTH_ACCESS_TOKEN_TTL=3600 +OAUTH_REFRESH_TOKEN_TTL=2592000 + +# ERPNext MCP Server +ERPNEXT_URL=https://erp.broadcastmgmt.cloud +ERPNEXT_API_KEY=74f38b21ba493c4 +ERPNEXT_API_SECRET=ba3b39cfff13d7f + +# TrueNAS MCP Server +TRUENAS_URL=https://true.wilddragon.net +TRUENAS_API_KEY=10-rKjEy58EHyfsKndMb4sFQkl0mrv2OX7eD2UUMde6is1fznPzliTjfUJWYGyjmLVv + +# Home Assistant MCP Server +HASS_URL=https://haos.wilddragoncore.online +HASS_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmODFhOTczMDI2YTU0OGEyYjZkMGUyYTM2ZmYzNmI0NiIsImlhdCI6MTc3NDY2NDQ0NiwiZXhwIjoyMDkwMDI0NDQ2fQ.h5KKm6nnuPcc6t5karUqalQyzHYDc1ekwNFIAkkrkjs + +# Wave Finance MCP Server +WAVE_ACCESS_TOKEN=pNZZqeHicNLtsvEli6zDGCJ6uNnYUG + +# Wave Finance OAuth +WAVE_CLIENT_ID=jWVuzSgq98ILhX23Az6J_wqpNWsGb3-OJFSgikeE +WAVE_CLIENT_SECRET=tYz1m8NOUd7z2eLx2Lem7pGGebcu7D4A3amWyZgJaoSozLYdTrrQJPK2jwOq7RQtFUAKQrk8b4klTgDmmJnMQ8TeAHvHNGEXLkhVT70MaXUPFYx6kZIvXLzPBn9XIiFb + +# RFP Scraper MCP Server +RFP_API_KEY=your_rfp_api_key_here +RFP_BASE_URL=https://rfp.yourdomain.com + +# LinkedIn MCP Server +LINKEDIN_ACCESS_TOKEN=your_linkedin_access_token_here +LINKEDIN_API_KEY=your_linkedin_api_key_here +``` + +--- + +## Deploying with New Credentials + +### Step 1: Verify Credentials in .env + +```bash +grep -E "RFP_|LINKEDIN_" /path/to/.env +``` + +You should see your actual values (not blank). + +### Step 2: Rebuild Containers + +```bash +cd /path/to/mcp-gateway +docker-compose down +docker-compose build +``` + +### Step 3: Start Services + +```bash +docker-compose up -d +``` + +### Step 4: Check Logs + +```bash +# Check if services started successfully +docker-compose logs rfpscraper-mcp +docker-compose logs linkedin-mcp + +# Should NOT see "variable not set" warnings +``` + +### Step 5: Verify in Dashboard + +Visit: `http://10.0.0.25:4444/dashboard` + +Should show: +- ✅ RFP Scraper - Healthy (with tool count) +- ✅ LinkedIn - Healthy (with tool count) + +--- + +## Troubleshooting + +### "Connection refused" or "Failed to initialize" + +1. **Check environment variables were saved**: + ```bash + docker-compose config | grep -E "RFP_|LINKEDIN_" + ``` + +2. **Check containers are running**: + ```bash + docker-compose ps | grep -E "rfpscraper|linkedin" + ``` + +3. **Check service logs**: + ```bash + docker-compose logs rfpscraper-mcp --tail=50 + ``` + +### "Invalid API key" or "Authentication failed" + +1. **Verify the credential format** - Check the service documentation +2. **Ensure no extra spaces** - Credentials should not have leading/trailing whitespace +3. **Check token expiration** - Some tokens expire after a period +4. **Regenerate if needed** - Get a fresh token from the service + +### RFP Service not responding + +1. **Verify RFP_BASE_URL** - Should be accessible from the gateway container +2. **Check network connectivity**: + ```bash + docker-compose exec gateway-mcp ping rfp.yourdomain.com + ``` +3. **Check firewall rules** - Ensure port 443 (or service port) is not blocked + +### LinkedIn API not working + +1. **Verify Token Scope** - Ensure token has required scopes +2. **Check Token Expiration** - LinkedIn tokens may expire +3. **Verify App Permissions** - Check LinkedIn app has necessary API access approved + +--- + +## Security Best Practices + +1. **Never commit .env to version control** - Add to `.gitignore` +2. **Rotate credentials periodically** - Regenerate API keys every 90 days +3. **Use environment variables** - Never hardcode credentials +4. **Limit token scope** - Request only necessary permissions +5. **Monitor usage** - Check API usage logs for suspicious activity +6. **Use separate tokens** - Consider separate keys for development/production + +--- + +## Next Steps + +1. ✅ Obtain API credentials for RFP Scraper +2. ✅ Obtain API credentials for LinkedIn +3. ✅ Update .env file with actual values +4. ✅ Rebuild and restart Docker containers +5. ✅ Verify services are healthy in dashboard +6. ✅ Grant users access to new MCPs in user management + +Once configured, your gateway will have access to job search and professional networking capabilities!