# Vertex AI Authentication Setup
## Problem
The error `API_KEY_SERVICE_BLOCKED` means your API key doesn't have access to Vertex AI. Vertex AI requires **OAuth2 service account credentials**, not a simple API key.
## Solution Options
### Option 1: Service Account JSON (Recommended for Production)
1. **Create a Service Account in Google Cloud Console:**
- Go to: https://console.cloud.google.com/iam-admin/serviceaccounts
- Select your project: `amgn-app`
- Click "Create Service Account"
- Name: `vertex-ai-service`
- Grant role: `Vertex AI User`
- Click "Done"
2. **Create and Download Key:**
- Click on the service account you just created
- Go to "Keys" tab
- Click "Add Key" → "Create new key"
- Choose "JSON"
- Download the JSON file
3. **Add to Vercel Environment Variables:**
- Go to your Vercel project settings
- Add environment variable: `GOOGLE_APPLICATION_CREDENTIALS_JSON`
- Value: Copy the **entire contents** of the JSON file (as a single-line string)
- Example format:
```json
{"type":"service_account","project_id":"amgn-app","private_key_id":"...","private_key":"-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n","client_email":"...","client_id":"...","auth_uri":"...","token_uri":"...","auth_provider_x509_cert_url":"...","client_x509_cert_url":"..."}
```
4. **Enable Vertex AI API:**
- Go to: https://console.cloud.google.com/apis/library/aiplatform.googleapis.com
- Make sure it's enabled for your project
### Option 2: Generate OAuth2 Access Token (Temporary)
For testing, you can generate an access token:
```bash
# Install gcloud CLI if not installed
# Then authenticate:
gcloud auth application-default login
# Get access token:
gcloud auth print-access-token
# Use this token as VERTEX_AI_API_KEY in Vercel
# Note: Tokens expire after 1 hour, so this is only for testing
```
### Option 3: Vertex AI Express Mode (If Available)
If Vertex AI Express Mode is available in your region:
1. Sign up for Express Mode
2. Get the Express Mode API key
3. Set as `VERTEX_AI_API_KEY` in Vercel
## Current Environment Variables Needed
In Vercel, set these:
- `GCP_PROJECT_ID`: `amgn-app`
- `GCP_LOCATION`: `us-central1` (or your preferred region)
- `ANTHROPIC_MODEL_ID`: `claude-sonnet-4-5`
- `GOOGLE_APPLICATION_CREDENTIALS_JSON`: (Service account JSON as string) **OR**
- `VERTEX_AI_API_KEY`: (OAuth2 access token - temporary)
## Verify Setup
After setting up, test with:
```bash
curl -X POST "https://linkedin-mcp-mocha.vercel.app/api/products/analyze" \
-H "Content-Type: application/json" \
-d '{
"api_key": "YOUR_API_KEY",
"name": "AmroPilot",
"website_url": "https://amropilot.com",
"description": "AmroPilot is an AI-powered content creation platform that generates human-like text. It helps content creators, marketers, and SEO professionals create engaging articles that rank, convert, and dominate search results.",
"value_proposition": "Transform your content strategy with AI that understands search intent, creates engaging articles, and optimizes for maximum visibility. Generate content that bypasses AI detection and ranks on Google.",
"target_audience": "Content creators, SEO professionals, digital marketers, content marketing agencies, bloggers, online businesses"
}'
```
If you get a successful response, authentication is working!
## Troubleshooting
- **401 UNAUTHENTICATED**: Check that service account JSON is correctly formatted
- **API_KEY_SERVICE_BLOCKED**: You're using a regular API key, need service account
- **403 PERMISSION_DENIED**: Service account needs `Vertex AI User` role
- **404 NOT_FOUND**: Check that Vertex AI API is enabled in your project
