# API Credentials Setup Guide

This guide explains how to obtain and configure API credentials for RFP Scraper and LinkedIn MCPs.

## RFP Scraper Configuration

### What You Need

The RFP Scraper MCP requires:
- `RFP_API_KEY` - API key for authenticating requests
- `RFP_BASE_URL` - Base URL of the RFP scraping service

### Getting RFP Scraper Credentials

#### Option 1: Self-Hosted RFP Scraper

If you're running your own RFP scraping service:

1. **Get the API Key** from your RFP service admin panel or configuration
2. **Get the Base URL** - typically something like:
   - `https://rfp.yourdomain.com`
   - `https://rfp-service.example.com`
   - `http://localhost:3000` (if local)

#### Option 2: Third-Party RFP Service

If using a commercial RFP discovery service:

1. Sign up for an account
2. Navigate to API/Developer settings
3. Generate an API key
4. Note the service endpoint URL

**Popular RFP Services:**
- **Bonfire** (https://www.bonfirehub.com) - RFP/Grant discovery platform
- **ProposalWorks** - RFP management
- **BidNet Direct** - Government RFP aggregation
- **Catch** - RFP aggregation service

### Example RFP_API_KEY Format

- Bonfire: `Bearer eyJhbGciOiJIUzI1NiIs...`
- Custom service: `mcpgw_rfp_abc123xyz789`
- Token-based: `token_1234567890abcdef`

---

## LinkedIn Configuration

### What You Need

The LinkedIn MCP requires:
- `LINKEDIN_ACCESS_TOKEN` - OAuth2 access token for LinkedIn API
- `LINKEDIN_API_KEY` - LinkedIn API key (enterprise)

### Getting LinkedIn Credentials

#### Step 1: Create a LinkedIn App

1. Go to **LinkedIn Developer Portal**: https://www.linkedin.com/developers/apps
2. Click **Create App**
3. Fill in the required fields:
   - **App Name**: e.g., "MCP Gateway Job Search"
   - **LinkedIn Page**: Select your company page
   - **App Logo**: Upload a logo
   - **Legal Agreement**: Accept terms

#### Step 2: Get Your API Credentials

After creating the app:

1. Go to the **Auth** tab
2. Find your **Client ID** and **Client Secret**
3. In the **Authorized redirect URLs** section, add:
   ```
   http://10.0.0.25:4444/callback
   https://mcp.wilddragon.net/callback
   ```

#### Step 3: Request API Access

LinkedIn requires specific API access. Submit requests for:

1. **Sign In with LinkedIn** - For authentication
2. **Share on LinkedIn** - If posting functionality needed
3. **LinkedIn Jobs Search** - For job search capabilities

Request these under the **Request access** tab.

#### Step 4: Generate Access Token

Option A - Using OAuth2 Flow:

```bash
# 1. Direct user to LinkedIn authorization
https://www.linkedin.com/oauth/v2/authorization?
  response_type=code
  &client_id=YOUR_CLIENT_ID
  &redirect_uri=http://10.0.0.25:4444/callback
  &scope=r_liteprofile%20r_emailaddress%20w_member_social

# 2. LinkedIn redirects with authorization code
# 3. Exchange code for access token:
curl -X POST https://www.linkedin.com/oauth/v2/accessToken \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=YOUR_AUTHORIZATION_CODE" \
  -d "redirect_uri=http://10.0.0.25:4444/callback" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"
```

Option B - Using Personal Access Token (Enterprise):

If you have LinkedIn enterprise access:

1. Go to **Settings** → **Personal tokens**
2. Create a new token with required scopes
3. Copy the token immediately (it won't be shown again)

#### Step 5: Verify Your Token

Test your token with:

```bash
curl -X GET https://api.linkedin.com/v2/me \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
```

Should return your LinkedIn profile info.

---

## Configuring the .env File

Once you have your credentials:

### Step 1: Edit .env

```bash
nano /sessions/vigilant-elegant-ramanujan/mnt/MCP\ Servers/mcp-gateway/.env
```

### Step 2: Add RFP Scraper Credentials

```env
# RFP Scraper MCP Server
RFP_API_KEY=your_actual_api_key_here
RFP_BASE_URL=https://rfp.yourdomain.com
```

### Step 3: Add LinkedIn Credentials

```env
# LinkedIn MCP Server
LINKEDIN_ACCESS_TOKEN=your_actual_access_token_here
LINKEDIN_API_KEY=your_actual_api_key_here
```

### Step 4: Optional - Gateway Static API Key

For testing without OAuth:

```env
GATEWAY_STATIC_API_KEY=your_static_test_key_here
```

### Step 5: Save and Exit

- Press `Ctrl+X` then `Y` then `Enter`

---

## Example .env Configuration

```env
# Gateway
GATEWAY_PORT=4444
GATEWAY_STATIC_API_KEY=mcpgw_test_key_12345

# OAuth 2.1 Configuration
OAUTH_ISSUER_URL=https://mcp.wilddragon.net
OAUTH_PASSWORD=your-Nv0SEJtFC&kmXri
OAUTH_ACCESS_TOKEN_TTL=3600
OAUTH_REFRESH_TOKEN_TTL=2592000

# ERPNext MCP Server
ERPNEXT_URL=https://erp.broadcastmgmt.cloud
ERPNEXT_API_KEY=74f38b21ba493c4
ERPNEXT_API_SECRET=ba3b39cfff13d7f

# TrueNAS MCP Server
TRUENAS_URL=https://true.wilddragon.net
TRUENAS_API_KEY=10-rKjEy58EHyfsKndMb4sFQkl0mrv2OX7eD2UUMde6is1fznPzliTjfUJWYGyjmLVv

# Home Assistant MCP Server
HASS_URL=https://haos.wilddragoncore.online
HASS_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmODFhOTczMDI2YTU0OGEyYjZkMGUyYTM2ZmYzNmI0NiIsImlhdCI6MTc3NDY2NDQ0NiwiZXhwIjoyMDkwMDI0NDQ2fQ.h5KKm6nnuPcc6t5karUqalQyzHYDc1ekwNFIAkkrkjs

# Wave Finance MCP Server
WAVE_ACCESS_TOKEN=pNZZqeHicNLtsvEli6zDGCJ6uNnYUG

# Wave Finance OAuth
WAVE_CLIENT_ID=jWVuzSgq98ILhX23Az6J_wqpNWsGb3-OJFSgikeE
WAVE_CLIENT_SECRET=tYz1m8NOUd7z2eLx2Lem7pGGebcu7D4A3amWyZgJaoSozLYdTrrQJPK2jwOq7RQtFUAKQrk8b4klTgDmmJnMQ8TeAHvHNGEXLkhVT70MaXUPFYx6kZIvXLzPBn9XIiFb

# RFP Scraper MCP Server
RFP_API_KEY=your_rfp_api_key_here
RFP_BASE_URL=https://rfp.yourdomain.com

# LinkedIn MCP Server
LINKEDIN_ACCESS_TOKEN=your_linkedin_access_token_here
LINKEDIN_API_KEY=your_linkedin_api_key_here
```

---

## Deploying with New Credentials

### Step 1: Verify Credentials in .env

```bash
grep -E "RFP_|LINKEDIN_" /path/to/.env
```

You should see your actual values (not blank).

### Step 2: Rebuild Containers

```bash
cd /path/to/mcp-gateway
docker-compose down
docker-compose build
```

### Step 3: Start Services

```bash
docker-compose up -d
```

### Step 4: Check Logs

```bash
# Check if services started successfully
docker-compose logs rfpscraper-mcp
docker-compose logs linkedin-mcp

# Should NOT see "variable not set" warnings
```

### Step 5: Verify in Dashboard

Visit: `http://10.0.0.25:4444/dashboard`

Should show:
- ✅ RFP Scraper - Healthy (with tool count)
- ✅ LinkedIn - Healthy (with tool count)

---

## Troubleshooting

### "Connection refused" or "Failed to initialize"

1. **Check environment variables were saved**:
   ```bash
   docker-compose config | grep -E "RFP_|LINKEDIN_"
   ```

2. **Check containers are running**:
   ```bash
   docker-compose ps | grep -E "rfpscraper|linkedin"
   ```

3. **Check service logs**:
   ```bash
   docker-compose logs rfpscraper-mcp --tail=50
   ```

### "Invalid API key" or "Authentication failed"

1. **Verify the credential format** - Check the service documentation
2. **Ensure no extra spaces** - Credentials should not have leading/trailing whitespace
3. **Check token expiration** - Some tokens expire after a period
4. **Regenerate if needed** - Get a fresh token from the service

### RFP Service not responding

1. **Verify RFP_BASE_URL** - Should be accessible from the gateway container
2. **Check network connectivity**:
   ```bash
   docker-compose exec gateway-mcp ping rfp.yourdomain.com
   ```
3. **Check firewall rules** - Ensure port 443 (or service port) is not blocked

### LinkedIn API not working

1. **Verify Token Scope** - Ensure token has required scopes
2. **Check Token Expiration** - LinkedIn tokens may expire
3. **Verify App Permissions** - Check LinkedIn app has necessary API access approved

---

## Security Best Practices

1. **Never commit .env to version control** - Add to `.gitignore`
2. **Rotate credentials periodically** - Regenerate API keys every 90 days
3. **Use environment variables** - Never hardcode credentials
4. **Limit token scope** - Request only necessary permissions
5. **Monitor usage** - Check API usage logs for suspicious activity
6. **Use separate tokens** - Consider separate keys for development/production

---

## Next Steps

1. ✅ Obtain API credentials for RFP Scraper
2. ✅ Obtain API credentials for LinkedIn
3. ✅ Update .env file with actual values
4. ✅ Rebuild and restart Docker containers
5. ✅ Verify services are healthy in dashboard
6. ✅ Grant users access to new MCPs in user management

Once configured, your gateway will have access to job search and professional networking capabilities!