GoHighLevel MCP Server can access private CRM data, sales conversations, contacts, opportunities, calendars, payments, and reporting records. Treat every deployment as production infrastructure, even when it is used only by an internal team.
Security fixes are applied to the main branch and to the hosted production
connector when it is deployed from this repository.
| Version | Supported |
|---|---|
main |
Yes |
| Forks or modified deployments | Maintained by the fork owner |
Report security issues through GitHub Security Advisories for this repository whenever possible. If that is not available, open a private support channel with the maintainers before sharing exploit details publicly.
Please include:
- A short summary of the issue.
- Affected endpoint, tool, route, workflow, or file.
- Reproduction steps using placeholder credentials only.
- Expected impact and whether CRM data, tokens, or hosted access could be exposed.
Do not include real GoHighLevel tokens, OAuth secrets, private keys, customer data, session tokens, or production bearer tokens in reports.
Never commit real credentials. Keep these values in local .env files, GitHub
Actions secrets, Hostinger environment files, or another secret manager:
GHL_API_KEYGHL_LOCATION_IDMCP_AUTH_TOKENMCP_OAUTH_SECRETOPENAI_API_KEY- SSH private keys
- Any exported customer, contact, message, or call data
If a secret is exposed, rotate it immediately in the source system and redeploy the MCP server with the new value.
Before exposing a hosted MCP endpoint:
- Use
MCP_AUTH_MODE=byo-ghl-oauthfor public multi-user connectors. - Set
MCP_PUBLIC_BASE_URLto the public HTTPS origin. - Set a long random
MCP_OAUTH_SECRET; do not reuse your bearer token. - Set
MCP_AUTH_TOKENfor remote MCP access. - Use the default
MCP_CORS_MODE=agentfor public MCP connectors, or setMCP_CORS_MODE=strictand restrict browser origins withMCP_ALLOWED_ORIGINSfor private deployments. - Keep
MCP_JSON_LIMITandMCP_FORM_LIMITsmall unless a specific workflow requires larger payloads. - Use HTTPS only.
- Use least-privilege GoHighLevel Private Integration Token scopes.
- Run
npm auditandnpm audit --prefix mcp-appsbefore deployment. - Run
npm run buildandnpm test -- --runInBand. - Keep Docker running as a non-root user.
- Keep
.env, keys, logs, backups, build output, and exports out of git and Docker build context.
The server includes these controls by default:
- Optional bearer auth for hosted MCP routes.
- BYO-GHL public connector mode with sealed user credentials.
- CORS support for public HTTPS agent clients, with strict allowlisting
available through
MCP_CORS_MODE=strict. - Disabled
x-powered-byExpress header. X-Content-Type-Options,X-Frame-Options,Referrer-Policy,Permissions-Policy, and related response headers.- JSON and form request size limits.
- Generic client-facing execution errors with detailed server-side logs.
- Non-root Docker runtime user.
- Git and Docker ignore rules for common secret and backup file types.
This project is not a substitute for GoHighLevel account governance. Each business remains responsible for user permissions, API scopes, data retention, consent, privacy notices, audit logs, and compliance with applicable laws and third-party platform terms.