Tango MCP (AI agents)¶

The Tango MCP server gives AI agents access to federal procurement competitive intelligence via the Tango API. The server is hosted at https://govcon.dev/mcp and uses HTTP transport — you connect your MCP client to the remote endpoint; no local install required. Use it from Claude Desktop, Cursor, the OpenAI Responses API, or any MCP-compatible client.

What it does¶

The server exposes 4 tools that let an AI agent research government contracting data on your behalf:

Discover what's in the data — Use resolve to find entities, agencies, vehicles, NAICS/PSC codes, contracts, opportunities, and more by name or keyword; get identifiers and previews to use with other tools.
Search contracts and related data — Use search to query contracts, IDVs, vehicles, OTAs, OTIDVs, subawards, and organizations by vendor, agency, NAICS, PSC, dates, and other filters; optionally get aggregate statistics (obligated amounts, set-aside breakdown, etc.).
Search active opportunities — Use search_opportunities to find SAM.gov opportunities, forecasts, and notices by agency, NAICS, set-aside type, response deadline, and keyword.
Get full details for any item — Use get_details to retrieve detailed information for a specific entity, contract, IDV, vehicle, agency, opportunity, OTA, OTIDV, or organization by ID, with optional related-data enrichment.

Quick start¶

Prerequisites¶

A Tango API key (from the Tango web interface), or for OAuth clients: access tokens via Authorization: Bearer <access_token>
An MCP-compatible client (e.g. Cursor, Claude Desktop)

Connect via HTTP¶

The server is hosted at https://govcon.dev. The MCP endpoint is https://govcon.dev/mcp. Configure your client to connect to this URL over HTTP and send your API key (see Using with MCP clients below).

Using with MCP clients¶

Remote MCP (HTTP) — recommended¶

Connect your client to the hosted server over HTTP using mcp-remote. The server expects your Tango API key in the X-Tango-API-Key header (or an OAuth bearer token in Authorization: Bearer).

Cursor / Claude with remote URL (API key):

{
  "mcpServers": {
    "tango-remote": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://govcon.dev/mcp",
        "--header",
        "X-Tango-API-Key: your_api_key_here"
      ]
    }
  }
}

Cursor / Claude with remote URL (OAuth bearer token):

{
  "mcpServers": {
    "tango-remote-oauth": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://govcon.dev/mcp",
        "--header",
        "Authorization: Bearer your_oauth_token_here"
      ]
    }
  }
}

Use a fresh access token from your Tango OAuth flow; refresh the token when it expires.

Streamable HTTP (JSON mode) — The server uses HTTP transport and returns JSON responses rather than Server-Sent Events (SSE). If you see errors like "Unexpected content type" or "Failed to open SSE stream", ensure the client uses JSON mode.

API key security — Prefer setting the API key via environment variable or a secrets manager. When using mcp-remote with --header X-Tango-API-Key: ..., avoid committing the key to config; use a local env var or secret so the key is not logged or stored in plain text.

Claude Desktop¶

If you have the Tango MCP Desktop Extension (.mcpb), install it in Claude Desktop (Settings → Extensions), set the Server URL to https://govcon.dev/mcp, and enter your Tango API key when prompted. The extension connects to the hosted server over HTTP — no local server required.

OAuth flow¶

When connecting over HTTP, you can authenticate with a bearer token instead of an API key. This is useful for clients that support OAuth (e.g. ChatGPT MCP) or when you obtain access tokens from Tango's OAuth server.

Obtain an access token from the Tango OAuth server at tango.makegov.com. Use the authorization code or client credentials flow; supported grant types include authorization_code, client_credentials, and refresh_token. Required scope is typically read.
Send the token on each request via the Authorization header: Authorization: Bearer <your_access_token>.
Auth precedence — The server resolves auth in this order: (1) Authorization: Bearer if present, (2) X-Tango-API-Key if present, (3) TANGO_API_KEY from the environment (stdio/local only).

OAuth discovery — The server exposes standard discovery endpoints so clients can find the Tango authorization server and required scopes:

Authorization server metadata: GET /.well-known/oauth-authorization-server and GET /mcp/.well-known/oauth-authorization-server
Protected resource metadata: GET /.well-known/oauth-protected-resource

These return JSON (issuer, authorization_endpoint, token_endpoint, scopes_supported, etc.). The default issuer is https://tango.makegov.com.

OpenAI Responses API¶

OpenAI's MCP integration requires a publicly accessible server. Use the hosted MCP endpoint https://govcon.dev/mcp in your tools configuration. See the OpenAI MCP documentation for details.

Available tools¶

Tool	Description
`resolve`	Find entities, agencies, vehicles, NAICS/PSC codes, contracts, opportunities, OTAs, OTIDVs, subawards, and organizations matching a search query. Use first when you have a name or keyword and need to discover what's in the data; returns identifiers and previews for use with other tools.
`search`	Search contracts, IDVs, vehicles, OTAs, OTIDVs, subawards, and organizations. Primary data tool: filter by vendor, agency, NAICS, PSC, dates, keyword, and more. Set `include_summary=true` for aggregate statistics (total obligated, set-aside breakdown, etc.) across matching records.
`search_opportunities`	Search open opportunities, forecasts, and notices. Filter by agency, NAICS, PSC, set-aside type, response deadline, keyword, and other criteria.
`get_details`	Get detailed information for a single item by ID and type (entity, contract, idv, vehicle, agency, opportunity, ota, otidv, organization). Use after search or resolve to drill into a specific record. Optional `include_related` enriches with related data (e.g. entity + contracts + socioeconomic; contract + subawards).

Configuration¶

API key vs OAuth: Send your Tango API key in the X-Tango-API-Key header, or use Authorization: Bearer <token> with an OAuth access token from tango.makegov.com.
Endpoint: The hosted server is at https://govcon.dev; the MCP endpoint is https://govcon.dev/mcp (HTTP transport).

Troubleshooting¶

424 error from OpenAI — OpenAI can only reach publicly accessible servers. Use the hosted endpoint https://govcon.dev/mcp.

Empty results — Verify your API key is valid. Check that the UEI, NAICS code, or other identifiers you are using exist in the Tango database.

502 Bad Gateway / "Failed to open SSE stream" — The server uses HTTP transport and JSON responses, not SSE. If the client expects SSE, use a client that supports JSON mode.

403 when calling the server URL — A proxy or firewall may be blocking the request to https://govcon.dev/mcp. Ensure your client sends the API key or Bearer token as described above.

"Invalid API key or authentication required" — When connecting to https://govcon.dev/mcp, the server must receive either your Tango API key in the X-Tango-API-Key header or an OAuth bearer token in the Authorization: Bearer <token> header. Ensure your MCP client is configured to send one of these.

Get help¶

For API keys, account issues, or MCP connection problems:

Email: [email protected]
Tango web interface: tango.makegov.com — sign in to manage your account and API keys.

Privacy¶

Data handling and privacy are described in our Privacy policy.

References¶

govcon.dev — Hosted Tango MCP server (HTTP transport)
Model Context Protocol Specification
MCP Inspector — Interactive testing and debugging for MCP servers
OpenAI MCP Documentation
Tango API

Report an issue with this page