env.exampleā¢6.37 kB
# =============================================================================
# HubSpot MCP Server - Environment Configuration
# =============================================================================
#
# Production-ready configuration for HubSpot MCP (Model Context Protocol) Server
# Copy this file to .env and configure according to your environment
# Never commit real credentials to version control
#
# =============================================================================
# -----------------------------------------------------------------------------
# REQUIRED CONFIGURATION
# -----------------------------------------------------------------------------
# HubSpot Private App Access Token (REQUIRED)
# Create at: HubSpot Settings > Integrations > Private Apps
# Format: pat-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# Required scopes: crm.objects.contacts.read, crm.objects.companies.read, etc.
HUBSPOT_PRIVATE_APP_ACCESS_TOKEN=your_hubspot_private_app_token_here
# -----------------------------------------------------------------------------
# TRANSPORT CONFIGURATION
# -----------------------------------------------------------------------------
# Transport protocol for MCP communication
# Values: http, streamable-http, stdio
# Default: http (Standard JSON-RPC 2.0 over HTTP)
# streamable-http: Server-sent events for real-time updates
# stdio: Process-based communication via stdin/stdout
TRANSPORT=http
# HTTP server port for MCP API and health checks
# Default: 3000 (Standard for Node.js applications)
PORT=3000
# Server host binding
# Default: 0.0.0.0 (Required for Docker containers)
# Use 127.0.0.1 for localhost-only access
HOST=0.0.0.0
# -----------------------------------------------------------------------------
# APPLICATION CONFIGURATION
# -----------------------------------------------------------------------------
# Runtime environment
# Values: production, development, test
# Default: production (Secure for production deployment)
NODE_ENV=production
# Application identification
# Used in logging and monitoring
APP_NAME=hubspot-mcp-server
# Application version
# Semantic versioning format
APP_VERSION=1.0.0
# Logging level
# Values: debug, info, warn, error
# Default: info (Balanced logging for production)
LOG_LEVEL=info
# -----------------------------------------------------------------------------
# HUBSPOT API CONFIGURATION
# -----------------------------------------------------------------------------
# HubSpot API base URL
# Default: https://api.hubapi.com (Standard HubSpot API endpoint)
# Only change for sandbox or custom endpoints
HUBSPOT_API_URL=https://api.hubapi.com
# -----------------------------------------------------------------------------
# SESSION MANAGEMENT
# -----------------------------------------------------------------------------
# Maximum number of concurrent connections/sessions
# Default: 100 (Suitable for most production environments)
# Increase for high-traffic deployments
MAX_CONNECTIONS=100
# Session timeout in seconds
# Default: 3600 (1 hour - Industry standard)
# Sessions are automatically cleaned up after this period of inactivity
SESSION_TIMEOUT=3600
# -----------------------------------------------------------------------------
# RATE LIMITING CONFIGURATION
# -----------------------------------------------------------------------------
# Rate limit for tool calls per minute per session
# Default: 60 (1 request per second average)
# Prevents API abuse and ensures fair usage
RATE_LIMIT_TOOLS=60
# Rate limit for resource access per minute per session
# Default: 30 (Stricter limit for resource-intensive operations)
RATE_LIMIT_RESOURCES=30
# Maximum concurrent requests per session
# Default: 10 (Prevents session from overwhelming the server)
MAX_CONCURRENT_REQUESTS=10
# -----------------------------------------------------------------------------
# SECURITY CONFIGURATION
# -----------------------------------------------------------------------------
# CORS allowed origins
# Default: localhost (Restrictive for security)
# Production: Set to specific domains (e.g., https://yourdomain.com)
# Development: Can use '*' for any origin (not recommended for production)
# Multiple origins: comma-separated list
CORS_ORIGIN=localhost
# Maximum HTTP request payload size (bytes)
# Default: 10485760 (10MB) - Prevents DoS attacks
MAX_REQUEST_SIZE=10485760
# -----------------------------------------------------------------------------
# CONNECTION CONFIGURATION
# -----------------------------------------------------------------------------
# Connection timeout for outbound requests (milliseconds)
# Default: 30000 (30 seconds - Standard HTTP timeout)
CONNECTION_TIMEOUT=30000
# Graceful shutdown timeout (milliseconds)
# Default: 10000 (10 seconds - Industry standard)
# Time to wait for graceful shutdown before force termination
GRACEFUL_SHUTDOWN_TIMEOUT=10000
# -----------------------------------------------------------------------------
# MONITORING & OBSERVABILITY
# -----------------------------------------------------------------------------
# Enable detailed metrics collection
# Default: true (Recommended for production monitoring)
ENABLE_METRICS=true
# Metrics collection interval (milliseconds)
# Default: 30000 (30 seconds)
METRICS_INTERVAL=30000
# Enable request correlation IDs
# Default: true (Essential for distributed tracing)
ENABLE_CORRELATION_IDS=true
# -----------------------------------------------------------------------------
# DEVELOPMENT CONFIGURATION
# -----------------------------------------------------------------------------
# Enable development features (only in development)
# Default: false (Security - never enable in production)
DEV_MODE=false
# Enable debug endpoints
# Default: false (Security - only enable in development)
ENABLE_DEBUG_ENDPOINTS=false
# Enable verbose error messages
# Default: false (Security - may leak sensitive information)
VERBOSE_ERRORS=false
# -----------------------------------------------------------------------------
# DOCKER-SPECIFIC CONFIGURATION
# -----------------------------------------------------------------------------
# Timezone for container
# Default: UTC (Recommended for consistency)
TZ=UTC
# Node.js memory options
# Default: --max-old-space-size=512 (Suitable for container environments)
NODE_OPTIONS=--max-old-space-size=512