Jentic + OpenClaw Integration Guide¶
Secure MCP Integration for Enterprise API Orchestration
This guide demonstrates how to safely connect Jentic's MCP server to OpenClaw, enabling unified access to 200+ APIs through a single orchestrated interface.
Architecture Overview¶
OpenClaw Agent → Jentic MCP Server → Jentic Platform → External APIs
(secure proxy) (orchestration) (Gmail, CRM, etc.)
Benefits: - Single Integration Point - Replace dozens of individual tool integrations - Centralized Authentication - Jentic manages all API credentials securely
- Rate Limiting & Compliance - Enterprise-grade API governance - Audit Trail - All operations logged through Jentic platform
Prerequisites¶
- OpenClaw installation with workspace configured
- Jentic agent API key (
ak_*format) — see below - Jentic MCP server endpoint access
- Basic understanding of OpenClaw configuration
Set Up Jentic & Get Your API Key¶
- Go to https://app.jentic.com/sign-up and create an account (free).
- Go to APIS → Jentic API Directory. Search for the APIs your agent needs (e.g., "Gmail", "Slack", "NYT"), select them, and click Add to Registry. This makes each API available inside your Jentic instance — you only do this once per API.
- For each API, go to API Registry → [Your API] → Credentials, click Add Credential, and paste your API key or secret.
- Go to Agent Capabilities → Live → + New Live Instance. Name it, select your APIs and credentials, then click Create Live Capability.
- Copy the API key from the popup. If you missed it, go to Live → Agent Capabilities → More Actions → Regenerate API Key.
Method 1: Direct MCP Integration (Recommended)¶
Step 1: Configure OpenClaw Tool Restrictions¶
Restrict OpenClaw to essential tools only, forcing all external operations through Jentic:
openclaw config patch --note "Configure Jentic-first tool policy" --raw '{
"tools": {
"allow": [
"group:fs",
"group:runtime",
"group:sessions",
"group:memory",
"group:automation"
]
}
}'
Step 2: Create Jentic Helper Script¶
Create a reusable helper script for MCP operations:
# Create scripts directory
mkdir -p scripts
# Create helper script
cat > scripts/jentic-helper.sh << 'EOF'
#!/bin/bash
# jentic-helper.sh - Secure Jentic MCP integration functions
# Configuration (store securely - consider environment variables)
JENTIC_URL="https://api.jentic.com/mcp"
JENTIC_API_KEY="${JENTIC_AGENT_KEY:-ak_YOUR_KEY_HERE}"
JENTIC_SESSION_FILE="/tmp/jentic-session-$(whoami).txt"
# Initialize MCP session with proper error handling
jentic_init() {
echo "🔌 Initializing Jentic MCP session..."
local response=$(curl -X POST "$JENTIC_URL" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "x-jentic-api-key: $JENTIC_API_KEY" \
-d '{"jsonrpc": "2.0", "id": "init", "method": "initialize", "params": {"protocolVersion": "2024-11-05", "capabilities": {"tools": {}}, "clientInfo": {"name": "openclaw", "version": "1.0.0"}}}' \
-v 2>&1)
# Extract session ID from headers
local session_id=$(echo "$response" | grep -i "mcp-session-id" | cut -d' ' -f3 | tr -d '\r')
if [ -n "$session_id" ]; then
echo "$session_id" > "$JENTIC_SESSION_FILE"
echo "✅ Session initialized: $session_id"
return 0
else
echo "❌ Failed to initialize session"
echo "$response"
return 1
fi
}
# Execute MCP operation with session management
jentic_execute() {
local operation_uuid="$1"
local inputs_json="$2"
# Get or create session
if [ -f "$JENTIC_SESSION_FILE" ]; then
local session_id=$(cat "$JENTIC_SESSION_FILE")
else
jentic_init || return 1
local session_id=$(cat "$JENTIC_SESSION_FILE")
fi
echo "⚡ Executing Jentic operation: $operation_uuid"
curl -X POST "$JENTIC_URL" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "x-jentic-api-key: $JENTIC_API_KEY" \
-H "mcp-session-id: $session_id" \
-d "{\"jsonrpc\": \"2.0\", \"id\": \"execute\", \"method\": \"tools/call\", \"params\": {\"name\": \"execute\", \"arguments\": {\"params\": {\"uuid\": \"$operation_uuid\", \"inputs\": $inputs_json}}}}" \
-s | grep "^data:" | head -1 | cut -d' ' -f2-
}
# Search for operations
jentic_search() {
local query="$1"
local max_results="${2:-5}"
local session_id=$(cat "$JENTIC_SESSION_FILE" 2>/dev/null)
if [ -z "$session_id" ]; then
jentic_init || return 1
session_id=$(cat "$JENTIC_SESSION_FILE")
fi
echo "🔍 Searching Jentic for: $query"
curl -X POST "$JENTIC_URL" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "x-jentic-api-key: $JENTIC_API_KEY" \
-H "mcp-session-id: $session_id" \
-d "{\"jsonrpc\": \"2.0\", \"id\": \"search\", \"method\": \"tools/call\", \"params\": {\"name\": \"search_apis\", \"arguments\": {\"request\": {\"query\": \"$query\", \"max_results\": $max_results}}}}" \
-s | grep "^data:" | head -1 | cut -d' ' -f2-
}
# Clean up on exit
cleanup() {
rm -f "$JENTIC_SESSION_FILE"
}
trap cleanup EXIT
EOF
chmod +x scripts/jentic-helper.sh
Step 3: Create Integration Documentation¶
Document the MCP workflow in your workspace:
cat > JENTIC.md << 'EOF'
# JENTIC.md - MCP Integration Guide
## Overview
Jentic is your primary tool interface. All external API operations flow through the Jentic MCP server for security, compliance, and unified orchestration.
## MCP Connection Details
- **Server URL**: `https://api.jentic.com/mcp`
- **API Key**: Secure agent key with `ak_` prefix
- **Protocol**: MCP (Model Context Protocol) with Server-Sent Events
- **Session Management**: Required - initialize session first
## Three Core Operations
### 1. search_apis
Find available operations based on natural language intent.
### 2. load_execution_info
Get detailed operation parameters and requirements.
### 3. execute
Run operations with proper inputs through Jentic platform.
## Workflow Pattern
1. **Search** → `jentic_search "read emails"`
2. **Load** → Get operation UUID and required parameters
3. **Execute** → Run operation with inputs
4. **Process** → Handle results securely
## Security Features
- **Session-based authentication** - Temporary MCP sessions
- **Centralized credential management** - No API keys in OpenClaw
- **Rate limiting** - Jentic handles API quotas
- **Audit logging** - All operations tracked
## Available Systems
Through Jentic MCP, access to:
- Gmail, Google Calendar, Google Drive
- CRM systems (Salesforce, HubSpot, Attio)
- GitHub, GitLab repositories
- Discord, Slack communication
- 200+ additional APIs
## Error Handling
- **Session expiry** - Automatic re-initialization
- **Rate limits** - Jentic manages quotas transparently
- **Authentication** - Centralized through Jentic platform
- **Network issues** - Retry logic with exponential backoff
EOF
Step 4: Update Workspace Configuration¶
Ensure OpenClaw agents know about Jentic integration:
# Add Jentic to agent startup sequence
cat >> AGENTS.md << 'EOF'
## Jentic MCP Integration
**IMPORTANT**: This workspace uses Jentic as the primary external tool interface.
### Every Session Startup
3. Read `JENTIC.md` — Learn MCP integration workflow
4. Source `scripts/jentic-helper.sh` — Load helper functions
### External Operations
- **Never use individual API tools** - Everything goes through Jentic
- **Follow MCP workflow** - search → load → execute
- **Respect rate limits** - Jentic handles API quotas
- **Log operations** - All calls are audited
### Common Operations
# Get emails
jentic_execute "op_6e5f3d4d56c207de" '{"userId": "me", "maxResults": 5}'
# Search for operations
jentic_search "send email to customer" 3
EOF
Method 2: Environment Variable Configuration (Alternative)¶
For enhanced security, store credentials in environment variables:
# Set environment variables (add to ~/.bashrc or ~/.zshrc)
export JENTIC_AGENT_KEY="ak_your_secure_key_here"
export JENTIC_MCP_URL="https://api.jentic.com/mcp"
# Update helper script to use environment variables
sed -i 's/ak_YOUR_KEY_HERE/${JENTIC_AGENT_KEY}/' scripts/jentic-helper.sh
Security Best Practices¶
The OpenClaw agent can access the Jentic API key from environment variables, the helper script, or curl output in logs. While your underlying API credentials (e.g., Gmail OAuth tokens, NYT keys) remain server-side on Jentic's platform, the agent can still use them indirectly — any operation the Capability Set allows can be executed with the Jentic API key alone.
The Capability Set scoping limits which APIs the agent can reach, but the agent can freely call any of them. Other practices to limit exposure:
1. Scope Narrowly¶
Create separate Capability Sets per agent with only the minimum APIs each agent needs.
2. Restrict Agent Permissions¶
- Remove
group:runtimefrom the OpenClaw tool allowlist if your workflow doesn't require it - Use
chmod 600 scripts/jentic-helper.shand consider restrictinggroup:fsto specific directories - Remove the
-vflag fromjentic_initin production — it prints the API key in request headers
3. API Key Management¶
# ✅ GOOD: Environment variables
export JENTIC_AGENT_KEY="ak_xxx"
# ❌ BAD: Hard-coded in files
JENTIC_API_KEY="ak_xxx" # Never do this
# ✅ GOOD: Restricted file permissions
chmod 600 scripts/jentic-helper.sh
4. Network Security¶
# Verify SSL certificate
curl -I https://api.jentic.com/mcp
# Use timeout to prevent hanging
curl --timeout 30 --max-time 60 [...]
5. Session Management¶
# Sessions expire - handle gracefully
if ! jentic_execute "op_xxx" '{}'; then
echo "Session may have expired, re-initializing..."
jentic_init && jentic_execute "op_xxx" '{}'
fi
6. Audit Logging¶
# Log all Jentic operations
echo "$(date): Jentic operation $operation_uuid" >> ~/.openclaw/jentic-audit.log
Testing the Integration¶
1. Verify Connection¶
source scripts/jentic-helper.sh
jentic_init
Expected output:
🔌 Initializing Jentic MCP session...
✅ Session initialized: abc123def456
2. Test Search Function¶
jentic_search "list emails" 3
Should return JSON with available Gmail operations.
3. Test Execution¶
# Get latest emails (using known Gmail operation UUID)
jentic_execute "op_6e5f3d4d56c207de" '{"userId": "me", "maxResults": 5}'
4. Verify in OpenClaw¶
Ask your OpenClaw agent:
"Show me my latest 3 emails"
The agent should use Jentic MCP integration automatically.
Troubleshooting¶
Common Issues¶
Issue: mcp-session-id not found in response
# Solution: Check API key format
echo $JENTIC_AGENT_KEY # Should start with 'ak_'
Issue: "Tool not found" errors
# Solution: Verify tool allowlist
openclaw config get | grep -A10 tools.allow
Issue: Session expired errors
# Solution: Re-initialize session
rm -f /tmp/jentic-session-$(whoami).txt
jentic_init
Debug Mode¶
# Enable verbose curl output
export JENTIC_DEBUG=1
# Add to helper script:
if [ "$JENTIC_DEBUG" = "1" ]; then
CURL_OPTS="-v"
else
CURL_OPTS="-s"
fi
Production Deployment¶
1. Secure Key Storage¶
# Use secrets management
kubectl create secret generic jentic-keys \
--from-literal=agent-key="ak_your_key_here"
# Or HashiCorp Vault
vault kv put secret/jentic agent_key="ak_xxx"
2. Monitoring¶
# Monitor session health
watch -n 30 'test -f /tmp/jentic-session-$(whoami).txt && echo "Session active" || echo "No session"'
# Log rotation
logrotate -f ~/.openclaw/jentic-audit.log
3. High Availability¶
# Multiple MCP endpoints (if available)
JENTIC_ENDPOINTS=(
"https://api.jentic.com/mcp"
"https://<your-backup-endpoint>/mcp"
)
Integration Benefits¶
Before Jentic Integration¶
- ❌ 20+ individual API tool configurations
- ❌ Scattered credential management
- ❌ No unified rate limiting
- ❌ Limited audit trail
- ❌ API quota conflicts
After Jentic Integration¶
- ✅ Single MCP integration point
- ✅ Centralized credential management
- ✅ Enterprise-grade rate limiting
- ✅ Complete audit trail
- ✅ Unified API governance
Support¶
- Documentation: This file +
JENTIC.mdin workspace - Helper Functions:
scripts/jentic-helper.sh - Troubleshooting: Check session files in
/tmp/jentic-session-* - Logs:
~/.openclaw/jentic-audit.log
Note: This integration was successfully tested and verified on Feb 19, 2026. The MCP workflow can access Gmail, Calendar, CRM, GitHub, and 200+ other APIs through a single secure interface.
Contact Us