HubSpot MCP Server

# ============================================================================= # HubSpot MCP Server - Environment Configuration # ============================================================================= # # Production-ready configuration for HubSpot MCP (Model Context Protocol) Server # Copy this file to .env and configure according to your environment # Never commit real credentials to version control # # ============================================================================= # ----------------------------------------------------------------------------- # REQUIRED CONFIGURATION # ----------------------------------------------------------------------------- # HubSpot Private App Access Token (REQUIRED) # Create at: HubSpot Settings > Integrations > Private Apps # Format: pat-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx # Required scopes: crm.objects.contacts.read, crm.objects.companies.read, etc. HUBSPOT_PRIVATE_APP_ACCESS_TOKEN=your_hubspot_private_app_token_here # ----------------------------------------------------------------------------- # TRANSPORT CONFIGURATION # ----------------------------------------------------------------------------- # Transport protocol for MCP communication # Values: http, streamable-http, stdio # Default: http (Standard JSON-RPC 2.0 over HTTP) # streamable-http: Server-sent events for real-time updates # stdio: Process-based communication via stdin/stdout TRANSPORT=http # HTTP server port for MCP API and health checks # Default: 3000 (Standard for Node.js applications) PORT=3000 # Server host binding # Default: 0.0.0.0 (Required for Docker containers) # Use 127.0.0.1 for localhost-only access HOST=0.0.0.0 # ----------------------------------------------------------------------------- # APPLICATION CONFIGURATION # ----------------------------------------------------------------------------- # Runtime environment # Values: production, development, test # Default: production (Secure for production deployment) NODE_ENV=production # Application identification # Used in logging and monitoring APP_NAME=hubspot-mcp-server # Application version # Semantic versioning format APP_VERSION=1.0.0 # Logging level # Values: debug, info, warn, error # Default: info (Balanced logging for production) LOG_LEVEL=info # ----------------------------------------------------------------------------- # HUBSPOT API CONFIGURATION # ----------------------------------------------------------------------------- # HubSpot API base URL # Default: https://api.hubapi.com (Standard HubSpot API endpoint) # Only change for sandbox or custom endpoints HUBSPOT_API_URL=https://api.hubapi.com # ----------------------------------------------------------------------------- # SESSION MANAGEMENT # ----------------------------------------------------------------------------- # Maximum number of concurrent connections/sessions # Default: 100 (Suitable for most production environments) # Increase for high-traffic deployments MAX_CONNECTIONS=100 # Session timeout in seconds # Default: 3600 (1 hour - Industry standard) # Sessions are automatically cleaned up after this period of inactivity SESSION_TIMEOUT=3600 # ----------------------------------------------------------------------------- # RATE LIMITING CONFIGURATION # ----------------------------------------------------------------------------- # Rate limit for tool calls per minute per session # Default: 60 (1 request per second average) # Prevents API abuse and ensures fair usage RATE_LIMIT_TOOLS=60 # Rate limit for resource access per minute per session # Default: 30 (Stricter limit for resource-intensive operations) RATE_LIMIT_RESOURCES=30 # Maximum concurrent requests per session # Default: 10 (Prevents session from overwhelming the server) MAX_CONCURRENT_REQUESTS=10 # ----------------------------------------------------------------------------- # SECURITY CONFIGURATION # ----------------------------------------------------------------------------- # CORS allowed origins # Default: localhost (Restrictive for security) # Production: Set to specific domains (e.g., https://yourdomain.com) # Development: Can use '*' for any origin (not recommended for production) # Multiple origins: comma-separated list CORS_ORIGIN=localhost # Maximum HTTP request payload size (bytes) # Default: 10485760 (10MB) - Prevents DoS attacks MAX_REQUEST_SIZE=10485760 # ----------------------------------------------------------------------------- # CONNECTION CONFIGURATION # ----------------------------------------------------------------------------- # Connection timeout for outbound requests (milliseconds) # Default: 30000 (30 seconds - Standard HTTP timeout) CONNECTION_TIMEOUT=30000 # Graceful shutdown timeout (milliseconds) # Default: 10000 (10 seconds - Industry standard) # Time to wait for graceful shutdown before force termination GRACEFUL_SHUTDOWN_TIMEOUT=10000 # ----------------------------------------------------------------------------- # MONITORING & OBSERVABILITY # ----------------------------------------------------------------------------- # Enable detailed metrics collection # Default: true (Recommended for production monitoring) ENABLE_METRICS=true # Metrics collection interval (milliseconds) # Default: 30000 (30 seconds) METRICS_INTERVAL=30000 # Enable request correlation IDs # Default: true (Essential for distributed tracing) ENABLE_CORRELATION_IDS=true # ----------------------------------------------------------------------------- # DEVELOPMENT CONFIGURATION # ----------------------------------------------------------------------------- # Enable development features (only in development) # Default: false (Security - never enable in production) DEV_MODE=false # Enable debug endpoints # Default: false (Security - only enable in development) ENABLE_DEBUG_ENDPOINTS=false # Enable verbose error messages # Default: false (Security - may leak sensitive information) VERBOSE_ERRORS=false # ----------------------------------------------------------------------------- # DOCKER-SPECIFIC CONFIGURATION # ----------------------------------------------------------------------------- # Timezone for container # Default: UTC (Recommended for consistency) TZ=UTC # Node.js memory options # Default: --max-old-space-size=512 (Suitable for container environments) NODE_OPTIONS=--max-old-space-size=512