Skip to main content

CloudShip Integration

Connect your Station to CloudShip for centralized management, OAuth authentication, and team collaboration.

Why CloudShip?

Quick Setup

1. Get a Registration Key

From your CloudShip dashboard:
  1. Go to Settings > Stations
  2. Click Create Registration Key
  3. Copy the key

2. Configure Station

Add to your config.yaml:

3. Start Station

Your Station is now connected and visible in your CloudShip dashboard.

Authentication Methods

Interactive Login

Get your API key from CloudShip Settings > API Keys.

Registration Key (Automated)

For automated deployments, use a registration key in config:

Check Status

OAuth for MCP Access

When CloudShip OAuth is enabled, MCP clients authenticate through CloudShip before accessing your Station’s agents.

Who Can Access?

Only users who:
  1. Have a CloudShip account
  2. Are members of your organization
  3. Successfully authenticate via OAuth

Enable OAuth

  1. Create an OAuth App in CloudShip (Settings > OAuth Apps)
  2. Configure Station:
  1. Invite team members to your CloudShip organization

How OAuth Works

Flow steps:
  1. MCP client sends request to Station
  2. Station returns 401 with WWW-Authenticate header containing OAuth metadata URL
  3. Client discovers CloudShip’s authorization server endpoints
  4. User logs in via browser, authorizes access
  5. Client exchanges authorization code for access token
  6. Client retries request with Bearer token
  7. Station validates token with CloudShip, returns MCP response

MCP Client Configuration

Point your MCP client to port 8587 (Dynamic Agent MCP):
When connecting:
  1. Client receives 401 with OAuth discovery URL
  2. Browser opens for CloudShip login
  3. After authentication, client automatically retries with token

Configuration Reference

Development Setup

Local Development (No CloudShip)

Local Lighthouse (Testing)

For testing CloudShip integration locally:

Multi-Station Management

Naming Stations

Each Station needs a unique name within your organization:

Filtering by Tags

In CloudShip dashboard, filter Stations by tags to manage specific environments.

Security

Registration Keys

  • Keep registration keys secret
  • Rotate keys periodically
  • Use different keys for different environments

OAuth Tokens

  • Validated on every MCP request
  • PKCE required (S256 code challenge)
  • Cached for 5 minutes to reduce introspection calls

Audit Trail

CloudShip logs all:
  • Station connections/disconnections
  • Agent executions triggered via MCP
  • OAuth authentications
  • Configuration changes

Troubleshooting

Connection Failed

Check:
  1. Registration key is valid
  2. Network allows outbound to lighthouse.cloudshipai.com:443
  3. TLS is properly configured

OAuth 401 Errors

Check:
  1. OAuth is enabled in config
  2. Client ID is correct
  3. User is member of organization

Token Expired

Tokens auto-refresh. If issues persist:

Next Steps