MCP Hub

.env.example•31.9 KiB

# ============================================================================== # MCP Hub - Environment Configuration # ============================================================================== # # Version: 3.0.0 # Last Updated: 2026-02-17 # # This file contains all environment variables needed to run the MCP server. # Copy this file to .env and fill in your actual values. # # SECURITY NOTE: Never commit .env file to version control! # # Multi-Endpoint Architecture (v3.0.0): # - /mcp → Admin (all 587 tools, Master API Key required) # - /system/mcp → System (17 tools, Master Key) # - /wordpress/mcp → WordPress Core (65 tools) # - /woocommerce/mcp → WooCommerce (28 tools) # - /wordpress-advanced/mcp → WordPress Advanced (22 tools) # - /gitea/mcp → Gitea (56 tools) # - /n8n/mcp → n8n Automation (56 tools) # - /supabase/mcp → Supabase Self-Hosted (70 tools) # - /openpanel/mcp → OpenPanel Analytics (73 tools) # - /appwrite/mcp → Appwrite Backend (100 tools) # - /directus/mcp → Directus CMS (100 tools) # - /project/{alias}/mcp → Project-specific (site-locked tools) # # For deployment guide, see: docs/DEPLOYMENT_GUIDE.md # For testing guide, see: docs/TESTING_GUIDE.md # ============================================================================== # ============================================================================== # AUTHENTICATION # ============================================================================== # Master API Key (required) # This key has full access to all projects and admin operations. # Generate a secure random key (32+ characters recommended): # python -c "import secrets; print(secrets.token_urlsafe(32))" MASTER_API_KEY=your_secure_master_key_here # API Keys Storage Path (optional) # Where to store per-project API keys JSON file # Default: data/api_keys.json #API_KEYS_STORAGE=data/api_keys.json # ============================================================================== # OAUTH 2.1 CONFIGURATION # ============================================================================== # OAuth JWT Secret Key (required for OAuth) # Used to sign and verify JWT access tokens # Generate a secure random key: # python -c "import secrets; print(secrets.token_urlsafe(64))" # OR: openssl rand -base64 64 #OAUTH_JWT_SECRET_KEY=your_jwt_secret_key_here # Dashboard Session Secret (recommended) # Used for signing dashboard session cookies # If not set, falls back to OAUTH_JWT_SECRET_KEY, then generates a random key (lost on restart) # Generate: python -c "import secrets; print(secrets.token_hex(32))" #DASHBOARD_SESSION_SECRET=your_dashboard_session_secret_here # OAuth JWT Algorithm (optional) # Algorithm for signing JWTs # Options: HS256 (default), HS384, HS512, RS256, RS384, RS512 # Default: HS256 #OAUTH_JWT_ALGORITHM=HS256 # OAuth Access Token TTL (optional) # How long access tokens are valid (in seconds) # Default: 3600 (1 hour) #OAUTH_ACCESS_TOKEN_TTL=3600 # OAuth Refresh Token TTL (optional) # How long refresh tokens are valid (in seconds) # Default: 604800 (7 days) #OAUTH_REFRESH_TOKEN_TTL=604800 # OAuth Storage Configuration (optional) # Where to store OAuth tokens and authorization codes # Type: json (default) | redis (future) # Default: json #OAUTH_STORAGE_TYPE=json #OAUTH_STORAGE_PATH=/app/data # OAuth Base URL (optional) # Used for reverse proxy/Coolify deployments # If not set, will be auto-detected from X-Forwarded headers #OAUTH_BASE_URL=https://mcp.example.com # ============================================================================== # OAUTH AUTHORIZATION SECURITY # ============================================================================== # # Controls how OAuth authorization endpoint validates users # # Options: # # 1. required (Recommended for Production) 🔒 # - API Key is ALWAYS required in authorization URL # - OAuth tokens inherit API Key's scope and project access # - Use: Production environments with custom OAuth clients # - Example: ?api_key=cmp_xxx is mandatory # # 2. optional (ChatGPT OAuth Manual) ⚠️ # - API Key is optional in authorization URL # - If provided: OAuth token inherits API Key permissions # - If missing: OAuth token has full access # - Use: ChatGPT OAuth (manual) integration only # - ⚠️ SECURITY WARNING: Anyone with authorization URL can connect # - 🔒 MITIGATION: Use minimal scopes (e.g., "read" only) when registering client # # Note: trusted_domains mode is DEPRECATED - no longer needed with OAuth (manual) # # Default for Production: required # For ChatGPT OAuth (manual): optional OAUTH_AUTH_MODE=required # ⚠️ For ChatGPT Integration: Uncomment below and use minimal scopes # OAUTH_AUTH_MODE=optional # OAuth Trusted Domains (DEPRECATED) # This setting is no longer needed with OAuth (manual) integration # API Key is always required regardless of domain # OAUTH_TRUSTED_DOMAINS=chatgpt.com,chat.openai.com,openai.com,platform.openai.com # ============================================================================== # OAUTH SECURITY NOTES (Updated for OAuth Manual) # ============================================================================== # # Security Model (Updated): # ───────────────────────── # - Client Registration (/oauth/register): Master API Key required (protected) # - Authorization (/oauth/authorize): API Key ALWAYS required (OAUTH_AUTH_MODE=required) # - Token Exchange (/oauth/token): Requires client_id + client_secret # # ChatGPT OAuth (manual) Integration: # ─────────────────────────────────── # 1. Admin registers OAuth client with Master API Key # 2. Admin configures ChatGPT with client_id + client_secret (OAuth manual) # 3. Users authorize with their personal API Key # 4. OAuth token inherits user's API Key permissions # # Recommended Settings: # ──────────────────── # Development: OAUTH_AUTH_MODE=optional (testing only) # Production: OAUTH_AUTH_MODE=required (recommended) # # Permission Inheritance: # ────────────────────── # OAuth tokens inherit the authorizing API Key's permissions: # - Master API Key → OAuth token with full access # - Per-project API Key → OAuth token limited to that project # - Read-only API Key → OAuth token with read-only scope # # Security: Users control their own access via API Keys # # ============================================================================== # ============================================================================== # WORDPRESS PROJECTS # ============================================================================== # # Format: WORDPRESS_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL, USERNAME, APP_PASSWORD # Optional keys: ALIAS, CONTAINER # # Example: Configure wordpress_site1 # # Site 1 Configuration WORDPRESS_SITE1_URL=https://example1.com WORDPRESS_SITE1_USERNAME=admin WORDPRESS_SITE1_APP_PASSWORD=your_app_password_here WORDPRESS_SITE1_ALIAS=myblog WORDPRESS_SITE1_CONTAINER=coolify-wp-site1 # For WP-CLI access (optional) # Site 2 Configuration #WORDPRESS_SITE2_URL=https://example2.com #WORDPRESS_SITE2_USERNAME=admin #WORDPRESS_SITE2_APP_PASSWORD=your_app_password_here #WORDPRESS_SITE2_ALIAS=mystore #WORDPRESS_SITE2_CONTAINER=coolify-wp-site2 # Site 3 Configuration #WORDPRESS_SITE3_URL=https://example3.com #WORDPRESS_SITE3_USERNAME=admin #WORDPRESS_SITE3_APP_PASSWORD=your_app_password_here # Add more sites as needed (wordpress_site4, wordpress_site5, etc.) # ============================================================================== # WOOCOMMERCE PLUGIN # ============================================================================== # # WooCommerce provides 28 e-commerce tools: # - Products (12 tools): CRUD, categories, tags, attributes, variations # - Orders (5 tools): list, get, create, update_status, delete # - Customers (4 tools): list, get, create, update # - Coupons (4 tools): list, create, update, delete # - Reports (3 tools): sales, top_sellers, customer_report # # ⭐ IMPORTANT: WooCommerce uses the SAME site configurations as WordPress! # You don't need to configure separate WOOCOMMERCE_* environment variables. # Simply configure your WordPress sites above, and WooCommerce tools will # automatically work with those same sites. # # Example: # - Configure WORDPRESS_SITE1_URL, WORDPRESS_SITE1_USERNAME, etc. # - WooCommerce tools will work with site1 if WooCommerce is installed # # Endpoint: /woocommerce/mcp # Tools are prefixed with "woocommerce_" (e.g., woocommerce_list_products) # # ============================================================================== # ============================================================================== # WORDPRESS ADVANCED PLUGIN # ============================================================================== # # WordPress Advanced provides 22 advanced management tools: # - Database operations (7 tools): export, import, search, query, repair # - Bulk operations (8 tools): batch updates/deletes for posts, products, media # - System operations (7 tools): system info, cache, cron, error logs # # REQUIRED: Docker container name for WP-CLI access # NOTE: WordPress Advanced has the SAME configuration pattern as WordPress # but requires 'container' configuration for WP-CLI access. # # Security Benefits: # - Separate API keys for advanced vs basic operations # - Better tool visibility (basic users don't see advanced tools) # - Granular access control # # Site 1 Advanced Configuration WORDPRESS_ADVANCED_SITE1_URL=https://example1.com WORDPRESS_ADVANCED_SITE1_USERNAME=admin WORDPRESS_ADVANCED_SITE1_APP_PASSWORD=your_app_password_here WORDPRESS_ADVANCED_SITE1_ALIAS=myblog WORDPRESS_ADVANCED_SITE1_CONTAINER=coolify-wp-site1 # REQUIRED for advanced features # Site 2 Advanced Configuration #WORDPRESS_ADVANCED_SITE2_URL=https://example2.com #WORDPRESS_ADVANCED_SITE2_USERNAME=admin #WORDPRESS_ADVANCED_SITE2_APP_PASSWORD=your_app_password_here #WORDPRESS_ADVANCED_SITE2_ALIAS=mystore #WORDPRESS_ADVANCED_SITE2_CONTAINER=coolify-wp-site2 # Add more sites as needed (wordpress_advanced_site3, wordpress_advanced_site4, etc.) # ============================================================================== # LOGGING & MONITORING # ============================================================================== # Log Level # Options: DEBUG, INFO, WARNING, ERROR, CRITICAL # Default: INFO LOG_LEVEL=INFO # Audit Log Configuration # GDPR-compliant JSON logging for all tool calls AUDIT_LOG_RETENTION_DAYS=90 # How long to keep audit logs AUDIT_LOG_PATH=logs/audit.log # Path to audit log file AUDIT_LOG_MAX_SIZE_MB=10 # Max file size before rotation AUDIT_LOG_BACKUP_COUNT=5 # Number of backup files to keep # ============================================================================== # HEALTH MONITORING # ============================================================================== # Metrics Retention METRICS_RETENTION_HOURS=24 # How long to keep metrics in memory # Alert Thresholds HEALTH_ALERT_RESPONSE_TIME_MS=5000 # Alert if response time > 5 seconds HEALTH_ALERT_ERROR_RATE_PERCENT=10 # Alert if error rate > 10% # ============================================================================== # RATE LIMITING # ============================================================================== # Rate Limits (per client) RATE_LIMIT_PER_MINUTE=60 # Max requests per minute RATE_LIMIT_PER_HOUR=1000 # Max requests per hour RATE_LIMIT_PER_DAY=10000 # Max requests per day # Rate Limit Window Sizes (in seconds) #RATE_LIMIT_WINDOW_MINUTE=60 #RATE_LIMIT_WINDOW_HOUR=3600 #RATE_LIMIT_WINDOW_DAY=86400 # ============================================================================== # SERVER CONFIGURATION # ============================================================================== # Server Host & Port (for SSE transport) #MCP_HOST=0.0.0.0 #MCP_PORT=8000 # Transport Protocol # Options: stdio (Claude Desktop), sse (HTTP server) #MCP_TRANSPORT=sse # Multi-Endpoint Configuration # Enable/disable multi-endpoint architecture # Default: true MULTI_ENDPOINT=true # ============================================================================== # GITEA PROJECTS # ============================================================================== # # Format: GITEA_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL # Optional keys: TOKEN, ALIAS, OAUTH_ENABLED # # NOTE: Token is optional - can use OAuth instead (recommended for ChatGPT) # # Example: Configure gitea_site1 with token authentication # Site 1 Configuration (with token) GITEA_SITE1_URL=https://gitea.example.com GITEA_SITE1_TOKEN=your_gitea_personal_access_token_here GITEA_SITE1_ALIAS=mygitea #GITEA_SITE1_OAUTH_ENABLED=false # Use token instead of OAuth # Site 2 Configuration (with OAuth - for ChatGPT integration) #GITEA_SITE2_URL=https://gitea.example.com #GITEA_SITE2_ALIAS=workgitea #GITEA_SITE2_OAUTH_ENABLED=true # Use OAuth instead of token # Note: When using OAuth, TOKEN can be omitted # Site 3 Configuration #GITEA_SITE3_URL=https://git.company.com #GITEA_SITE3_TOKEN=your_token_here #GITEA_SITE3_ALIAS=companygit # Add more sites as needed (gitea_site4, gitea_site5, etc.) # ============================================================================== # GITEA PERSONAL ACCESS TOKEN GENERATION # ============================================================================== # # To generate a Personal Access Token for Gitea: # # 1. Log in to your Gitea instance # 2. Go to: Settings → Applications → Generate New Token # 3. Enter a token name (e.g., "MCP Server") # 4. Select permissions (recommended: repo, write:org, read:user, write:issue) # 5. Click "Generate Token" # 6. Copy the token (it will only be shown once!) # 7. Use it as GITEA_SITEX_TOKEN value # # Recommended Permissions: # - repo (all): Full repository access # - write:org: Manage organizations and teams # - read:user: Read user information # - write:issue: Create and edit issues/PRs # # ============================================================================== # ============================================================================== # N8N AUTOMATION PLUGIN # ============================================================================== # # n8n provides 56 workflow automation tools: # - Workflows (14 tools): CRUD, activate, execute, duplicate, export/import # - Executions (8 tools): list, get, delete, stop, retry, wait # - Credentials (5 tools): get, create, delete, schema, transfer [Enterprise] # - Tags (6 tools): CRUD + bulk delete # - Users (5 tools): list, get, create, delete, change_role # - Projects (8 tools): project management [Enterprise] # - Variables (6 tools): environment variables [Enterprise] # - System (4 tools): audit, source control, health, info # # Format: N8N_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL, API_KEY # Optional keys: ALIAS # # Site 1 Configuration N8N_SITE1_URL=https://n8n.example.com N8N_SITE1_API_KEY=your_n8n_api_key_here N8N_SITE1_ALIAS=automation # Site 2 Configuration #N8N_SITE2_URL=https://n8n-staging.example.com #N8N_SITE2_API_KEY=your_n8n_api_key_here #N8N_SITE2_ALIAS=staging-automation # Add more sites as needed (n8n_site3, n8n_site4, etc.) # ============================================================================== # N8N API KEY GENERATION # ============================================================================== # # To generate an API Key for n8n: # # 1. Log in to your n8n instance # 2. Go to: Settings → API → Create an API Key # 3. Enter a label (e.g., "MCP Server") # 4. Copy the generated key (it will only be shown once!) # 5. Use it as N8N_SITEX_API_KEY value # # Note: n8n API requires n8n version 0.215.0 or later # Some features (Projects, Variables, Source Control) require Enterprise license # # ============================================================================== # ============================================================================== # SUPABASE PLUGIN (Self-Hosted) # ============================================================================== # # Supabase Self-Hosted provides 70 tools: # - Database (18 tools): PostgREST CRUD, SQL, bulk operations # - Auth (14 tools): GoTrue user management, MFA, invitations # - Storage (12 tools): buckets, files, upload/download # - Functions (8 tools): Edge Functions invoke/deploy # - Admin (12 tools): postgres-meta DB administration # - System (6 tools): health, config, stats # # ⚠️ NOTE: This is for SELF-HOSTED Supabase on Coolify, NOT Supabase Cloud! # Management API (projects, organizations, branches) is NOT available in self-hosted. # # Format: SUPABASE_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL, ANON_KEY, SERVICE_ROLE_KEY # Optional keys: ALIAS, DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD # # Site 1 Configuration (Self-Hosted Instance) SUPABASE_SITE1_URL=https://supabase.example.com SUPABASE_SITE1_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... SUPABASE_SITE1_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... SUPABASE_SITE1_ALIAS=mysupabase # Site 1 Direct DB Access (Optional - for postgres-meta admin operations) #SUPABASE_SITE1_DB_HOST=db.supabase.example.com #SUPABASE_SITE1_DB_PORT=5432 #SUPABASE_SITE1_DB_NAME=postgres #SUPABASE_SITE1_DB_USER=postgres #SUPABASE_SITE1_DB_PASSWORD=your-db-password # Site 2 Configuration (Another Self-Hosted Instance) #SUPABASE_SITE2_URL=https://supabase-staging.example.com #SUPABASE_SITE2_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... #SUPABASE_SITE2_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... #SUPABASE_SITE2_ALIAS=staging # Add more instances as needed (supabase_site3, supabase_site4, etc.) # ============================================================================== # SUPABASE SELF-HOSTED CREDENTIALS # ============================================================================== # # Finding your credentials in Coolify: # # 1. URL: # - Coolify Dashboard → Project → Supabase → Domain # - Usually: https://supabase.yourdomain.com # # 2. ANON_KEY & SERVICE_ROLE_KEY: # - Coolify Dashboard → Project → Supabase → Environment Variables # - Or in your .env file used for Supabase deployment # - These are JWT tokens signed with JWT_SECRET # # 3. Kong API Gateway: # - All APIs accessed through single URL (Kong on port 8000) # - /rest/v1/ → Database (PostgREST) # - /auth/v1/ → Authentication (GoTrue) # - /storage/v1/ → File Storage # - /functions/v1/ → Edge Functions # - /pg/ → Database Admin (postgres-meta) # # Security Notes: # - ANON_KEY: Safe for client-side, protected by RLS policies # - SERVICE_ROLE_KEY: ⚠️ SERVER ONLY - bypasses ALL RLS policies! # - Never expose SERVICE_ROLE_KEY to clients # # ============================================================================== # ============================================================================== # OPENPANEL ANALYTICS PLUGIN # ============================================================================== # # OpenPanel provides 73 product analytics tools: # - Core (25 tools): Events, Export, System # - Analytics (24 tools): Reports, Funnels, Profiles # - Management (24 tools): Projects, Dashboards, Clients # # Format: OPENPANEL_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL, CLIENT_ID, CLIENT_SECRET # Recommended keys: PROJECT_ID (required for Export/Read APIs) # Optional keys: ALIAS, ORGANIZATION_ID, SESSION_COOKIE # # Note: CLIENT_ID/CLIENT_SECRET are used for Track API authentication. # PROJECT_ID is the OpenPanel project ID for reading analytics data. # ORGANIZATION_ID is for multi-tenant setups (optional). # SESSION_COOKIE is for tRPC API access (analytics queries). # You can find PROJECT_ID in OpenPanel Dashboard → Project Settings. # # IMPORTANT: Self-hosted OpenPanel tRPC API requires session cookie authentication. # To get a session cookie: # 1. Login to your OpenPanel dashboard # 2. Open browser DevTools → Console # 3. Run: document.cookie (copy the "session" value) # 4. Add to SESSION_COOKIE below # # Without SESSION_COOKIE, analytics queries may fail with 401 Unauthorized. # Track API (event tracking) works with CLIENT_ID/CLIENT_SECRET. # Site 1 Configuration OPENPANEL_SITE1_URL=https://analytics.example.com OPENPANEL_SITE1_CLIENT_ID=your_client_id_here OPENPANEL_SITE1_CLIENT_SECRET=your_client_secret_here OPENPANEL_SITE1_PROJECT_ID=your_project_id_here OPENPANEL_SITE1_ORGANIZATION_ID=your_org_id_here OPENPANEL_SITE1_SESSION_COOKIE=your_session_cookie_here OPENPANEL_SITE1_ALIAS=myanalytics # Site 2 Configuration #OPENPANEL_SITE2_URL=https://analytics-staging.example.com #OPENPANEL_SITE2_CLIENT_ID=your_client_id_here #OPENPANEL_SITE2_CLIENT_SECRET=your_client_secret_here #OPENPANEL_SITE2_PROJECT_ID=your_project_id_here #OPENPANEL_SITE2_ALIAS=staging-analytics # Add more sites as needed (openpanel_site3, openpanel_site4, etc.) # ============================================================================== # APPWRITE PLUGIN # ============================================================================== # # Appwrite Self-Hosted provides 100 backend management tools: # - Databases (18 tools): databases, collections, attributes, indexes # - Documents (12 tools): CRUD, bulk ops, queries, full-text search # - Users (12 tools): user management, sessions, labels, status # - Teams (10 tools): teams, memberships, roles # - Storage (14 tools): buckets, files, image transformation # - Functions (14 tools): functions, deployments, executions # - Messaging (12 tools): topics, subscribers, email/SMS/push # - System (8 tools): health checks, avatars # # ⚠️ NOTE: This is for SELF-HOSTED Appwrite on Coolify! # # Format: APPWRITE_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL, PROJECT_ID, API_KEY # Optional keys: ALIAS # # Site 1 Configuration (Self-Hosted Instance) APPWRITE_SITE1_URL=https://appwrite.example.com/v1 APPWRITE_SITE1_PROJECT_ID=your_project_id_here APPWRITE_SITE1_API_KEY=your_api_key_here APPWRITE_SITE1_ALIAS=myappwrite # Site 2 Configuration (Another Self-Hosted Instance) #APPWRITE_SITE2_URL=https://appwrite-staging.example.com/v1 #APPWRITE_SITE2_PROJECT_ID=your_project_id_here #APPWRITE_SITE2_API_KEY=your_api_key_here #APPWRITE_SITE2_ALIAS=staging # Add more instances as needed (appwrite_site3, appwrite_site4, etc.) # ============================================================================== # APPWRITE SELF-HOSTED CREDENTIALS # ============================================================================== # # Finding your credentials in Coolify: # # 1. URL: # - Coolify Dashboard → Project → Appwrite → Domain # - Add /v1 to the URL: https://appwrite.yourdomain.com/v1 # # 2. PROJECT_ID: # - Appwrite Console → Your Project → Settings → Project ID # - Or create a new project and copy its ID # # 3. API_KEY: # - Appwrite Console → Your Project → Settings → API Keys # - Create a new API Key with required scopes: # * databases.read, databases.write # * documents.read, documents.write # * users.read, users.write # * teams.read, teams.write # * files.read, files.write # * buckets.read, buckets.write # * functions.read, functions.write # * execution.read, execution.write # * messaging.read, messaging.write # * health.read # # Security Notes: # - API Keys have project-level access (no cross-project access) # - Set appropriate scopes for least-privilege access # - Rotate keys regularly using MCP tools # # ============================================================================== # ============================================================================== # DIRECTUS CMS PLUGIN # ============================================================================== # # Directus Self-Hosted provides 100 headless CMS tools: # - Items (12 tools): CRUD, bulk ops, search, aggregation, import/export # - Collections (14 tools): collections, fields, relations management # - Files (12 tools): files, folders, import from URL # - Users (10 tools): user management, current user, invite # - Access (12 tools): roles, permissions, policies # - Automation (12 tools): flows, operations, webhooks # - Content (10 tools): revisions, versions, comments # - Dashboards (8 tools): dashboards, panels # - System (10 tools): settings, server info, schema, activity # # ⚠️ NOTE: This is for SELF-HOSTED Directus on Coolify! # # Format: DIRECTUS_{SITE_ID}_{CONFIG_KEY}=value # Required keys: URL, TOKEN # Optional keys: ALIAS # # Site 1 Configuration (Self-Hosted Instance) DIRECTUS_SITE1_URL=https://directus.example.com DIRECTUS_SITE1_TOKEN=your_static_admin_token_here DIRECTUS_SITE1_ALIAS=mycms # Site 2 Configuration (Another Self-Hosted Instance) #DIRECTUS_SITE2_URL=https://directus-staging.example.com #DIRECTUS_SITE2_TOKEN=your_static_admin_token_here #DIRECTUS_SITE2_ALIAS=staging # Add more instances as needed (directus_site3, directus_site4, etc.) # ============================================================================== # DIRECTUS SELF-HOSTED CREDENTIALS # ============================================================================== # # Finding/Creating your credentials: # # 1. URL: # - Coolify Dashboard → Project → Directus → Domain # - Usually: https://directus.yourdomain.com # # 2. Static Admin Token: # - Option A: Environment Variable # Set ADMIN_TOKEN in Directus environment (Coolify env vars) # This creates a static token for the admin user # # - Option B: Database Token # Connect to Directus database and create a token: # INSERT INTO directus_users (token, ...) VALUES ('your-token', ...); # # - Option C: Generate via Admin UI (temporary) # Directus Admin → Settings → Data Model → Users # Create/edit user → Token field # # Authentication Methods (in order of preference): # - Static Token: Best for server-to-server (MCP) # - Temporary Token: Login endpoint → expires # - Session Cookie: Browser only # # Directus REST API Endpoints: # - /items/{collection} → Collection data # - /collections → Schema management # - /fields → Field management # - /relations → Relationship management # - /files → Asset management # - /folders → Folder management # - /users → User management # - /roles → Role management # - /permissions → Permission rules # - /policies → Access policies # - /flows → Automation flows # - /operations → Flow operations # - /webhooks → Webhook triggers # - /activity → Activity log # - /revisions → Content history # - /versions → Content versions # - /comments → Item comments # - /dashboards → Insight dashboards # - /panels → Dashboard panels # - /settings → System settings # - /server → Server info # - /schema → Schema snapshot # # Security Notes: # - Static tokens never expire (use for automation) # - Tokens inherit user's role permissions # - Admin tokens have full access to all collections # - Create limited-scope users for restricted access # # ============================================================================== # ============================================================================== # FUTURE PLUGINS # ============================================================================== # Reserved for future plugins... # ============================================================================== # WORDPRESS APP PASSWORD GENERATION # ============================================================================== # # To generate an Application Password for WordPress: # # 1. Log in to WordPress admin panel # 2. Go to: Users → Profile → Application Passwords # 3. Enter a name (e.g., "MCP Server") # 4. Click "Add New Application Password" # 5. Copy the generated password (it will only be shown once!) # 6. Use it as WORDPRESS_SITEX_APP_PASSWORD value # # Note: Application Passwords require WordPress 5.6+ with SSL/HTTPS # # ============================================================================== # ============================================================================== # DOCKER-SPECIFIC CONFIGURATION # ============================================================================== # If running in Docker container and need WP-CLI access: # # 1. Mount Docker socket in docker-compose.yaml: # volumes: # - /var/run/docker.sock:/var/run/docker.sock:ro # # 2. Add docker group to container: # group_add: # - "999" # Docker group ID (check with: getent group docker) # # 3. Set container name for each WordPress site: # WORDPRESS_SITE1_CONTAINER=actual_container_name # # Find container name: docker ps | grep wordpress # # ============================================================================== # ============================================================================== # COOLIFY DEPLOYMENT # ============================================================================== # # When deploying to Coolify: # # 1. Repository: https://github.com/your-org/mcphub # 2. Build Pack: Docker Compose # 3. Port: 8000 (internal only, Coolify handles external routing) # 4. Health Check: GET /health (should return 200) # 5. Environment Variables: Add all variables from this file # # For detailed deployment guide, see: DEPLOYMENT_GUIDE.md # # ============================================================================== # ============================================================================== # SECURITY BEST PRACTICES # ============================================================================== # # 1. Use strong, unique passwords (32+ characters) # 2. Rotate API keys regularly (use manage_api_keys_rotate tool) # 3. Use per-project API keys instead of master key when possible # 4. Enable HTTPS for all WordPress sites (required for App Passwords) # 5. Keep audit logs for compliance and security analysis # 6. Monitor rate limit statistics for unusual activity # 7. Review and revoke unused API keys periodically # # ============================================================================== # ============================================================================== # API KEYS MANAGEMENT # ============================================================================== # # The MCP server supports two types of API keys: # # 1. MASTER_API_KEY (above): # - Full access to all projects and operations (scope: "read write admin") # - Used for server administration # - Should be kept highly secure # # 2. Per-Project API Keys (managed via MCP tools): # - Scoped access: single or multiple scopes # * "read" - Read-only access # * "write" - Read + Write access # * "admin" - Full access including dangerous operations # * "read write" - Read + Write (no admin) # * "read write admin" - All permissions (equivalent to master key for that project) # - Can be limited to specific projects or "*" for all projects # - Can have expiration dates # - Tracked usage and audit trail # # Create per-project keys using: # # Single scope # manage_api_keys_create(project_id="wordpress_site1", scope="read") # # # Multiple scopes (space-separated) # manage_api_keys_create(project_id="wordpress_site1", scope="read write") # # # All scopes for OAuth integration (ChatGPT, etc.) # manage_api_keys_create(project_id="wordpress_site1", scope="read write admin") # # # All scopes for all projects (like master key but tracked) # manage_api_keys_create(project_id="*", scope="read write admin") # # List keys: # manage_api_keys_list() # # Revoke keys: # manage_api_keys_revoke(key_id="key_xxx") # # Rotate keys: # manage_api_keys_rotate(project_id="wordpress_site1") # # 📝 NOTE: For OAuth integration (ChatGPT, etc.), create API Keys with all required scopes. # Example: If ChatGPT requests "read write admin", your API Key must have # "read write admin" to avoid "Not all requested permissions were granted" error. # # ==============================================================================

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/airano-ir/mcphub'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

.env.example•31.9 KiB