FG API

Appearance

Environment Variables

Note: This guide is for developers and administrators setting up the FG API platform. End users don't need to configure environment variables - they can use the platform directly.

This guide covers all environment variables used in the FG API platform.

Backend Environment Variables (Railway)

Required Variables

NODE_ENV

  • Description: Environment mode

  • Values: development, production, test

  • Example: production

  • Usage: Determines CORS settings and logging levels

DATABASE_URL

  • Description: PostgreSQL connection string

  • Format: postgresql://user:password@host:port/database

  • Example: postgresql://user:password@host.railway.app:5432/database

  • Usage: Prisma database connection

JWT_SECRET

  • Description: Secret key for JWT access tokens

  • Requirements: Strong, random string (32+ characters)

  • Example: your-very-strong-jwt-secret-key-here

  • Usage: Signing and verifying access tokens

REFRESH_TOKEN_SECRET

  • Description: Secret key for refresh tokens

  • Requirements: Different from JWT_SECRET, strong and random

  • Example: your-very-strong-refresh-token-secret

  • Usage: Signing and verifying refresh tokens

REGISTRATION_APPROVAL_CODE

  • Description: Code required for user registration

  • Requirements: Secure code for account approval

  • Example: APPROVAL123

  • Usage: Validates registration requests

Optional Variables

CLOUDFLARE_PAGES_URL

  • Description: Frontend URL for CORS configuration

  • Format: https://your-domain.com

  • Example: https://your-frontend.pages.dev

  • Usage: Allows cross-origin requests from frontend

CLIENT_URL

  • Description: Alternative client URL

  • Format: https://your-domain.com

  • Example: https://your-custom-domain.com

  • Usage: Additional CORS origin

RAILWAY_STATIC_URL

  • Description: Railway static URL

  • Format: https://your-app.railway.app

  • Example: https://your-backend.railway.app

  • Usage: Railway-specific CORS origin

Frontend Environment Variables (Cloudflare Pages)

Required Variables

VITE_BASE_URL

  • Description: Backend API base URL

  • Format: https://your-backend.railway.app

  • Example: https://your-backend.railway.app

  • Usage: API request base URL

Optional Variables

VITE_LOGIN_URL

  • Description: Custom login endpoint URL

  • Format: https://your-backend.railway.app/app/login

  • Example: https://fg-api-server.railway.app/app/login

  • Usage: Override default login URL

VITE_REGISTER_URL

  • Description: Custom register endpoint URL

  • Format: https://your-backend.railway.app/app/register

  • Example: https://fg-api-server.railway.app/app/register

  • Usage: Override default register URL

VITE_REFRESH_URL

  • Description: Custom refresh endpoint URL

  • Format: https://your-backend.railway.app/app/refresh

  • Example: https://fg-api-server.railway.app/app/refresh

  • Usage: Override default refresh URL

Environment Setup

Development Setup

Create a .env file in your server directory:

bash
# Server .env file
NODE_ENV=development
DATABASE_URL=postgresql://postgres:password@localhost:5432/fg_api_dev
JWT_SECRET=your-development-jwt-secret
REFRESH_TOKEN_SECRET=your-development-refresh-secret
REGISTRATION_APPROVAL_CODE=DEV123
CLOUDFLARE_PAGES_URL=http://localhost:5173

Create a .env file in your client directory:

bash
# Client .env file
VITE_BASE_URL=http://localhost:3000

Production Setup

Railway (Backend)

Set environment variables in Railway dashboard:

bash
NODE_ENV=production
DATABASE_URL=postgresql://user:password@host.railway.app:5432/database
JWT_SECRET=your-production-jwt-secret-very-strong
REFRESH_TOKEN_SECRET=your-production-refresh-secret-very-strong
REGISTRATION_APPROVAL_CODE=PROD123
CLOUDFLARE_PAGES_URL=https://your-frontend.pages.dev

Cloudflare Pages (Frontend)

Set environment variables in Cloudflare Pages dashboard:

bash
VITE_BASE_URL=https://your-backend.railway.app

Security Best Practices

Secret Generation

Generate Strong Secrets

bash
# Generate JWT secret
openssl rand -base64 32

# Generate refresh token secret
openssl rand -base64 32

# Generate approval code
openssl rand -hex 16

Secret Requirements

  • Length: At least 32 characters

  • Complexity: Mix of letters, numbers, and symbols

  • Uniqueness: Different secrets for different environments

  • Rotation: Change secrets regularly

Environment Security

Never Commit Secrets

bash
# Add to .gitignore
.env
.env.local
.env.production
server/.env
client/.env

Use Different Secrets

  • Development: Use simple, memorable secrets

  • Production: Use strong, random secrets

  • Testing: Use dedicated test secrets

Configuration Examples

Complete Development Setup

Server Configuration

bash
# server/.env
NODE_ENV=development
DATABASE_URL=postgresql://postgres:password@localhost:5432/fg_api_dev
JWT_SECRET=dev-jwt-secret-key-12345
REFRESH_TOKEN_SECRET=dev-refresh-secret-key-67890
REGISTRATION_APPROVAL_CODE=DEV123
CLOUDFLARE_PAGES_URL=http://localhost:5173

Client Configuration

bash
# client/.env
VITE_BASE_URL=http://localhost:3000

Complete Production Setup

Railway Configuration

bash
NODE_ENV=production
DATABASE_URL=postgresql://user:password@host.railway.app:5432/database
JWT_SECRET=prod-jwt-secret-very-strong-and-secure-12345
REFRESH_TOKEN_SECRET=prod-refresh-secret-very-strong-and-secure-67890
REGISTRATION_APPROVAL_CODE=PROD123
CLOUDFLARE_PAGES_URL=https://your-frontend.pages.dev

Cloudflare Pages Configuration

bash
VITE_BASE_URL=https://your-backend.railway.app

Troubleshooting

Common Issues

Environment Variables Not Loading

  • Check variable names (case-sensitive)

  • Verify file location (.env in correct directory)

  • Restart development server after changes

CORS Errors

  • Verify CLOUDFLARE_PAGES_URL is set correctly

  • Check frontend URL matches backend CORS configuration

  • Ensure URLs include protocol (https://)

Database Connection Errors

  • Verify DATABASE_URL format

  • Check database credentials

  • Ensure database is running and accessible

Authentication Errors

  • Verify JWT_SECRET and REFRESH_TOKEN_SECRET are set

  • Check secret strength and uniqueness

  • Ensure secrets are different between environments

Validation

Check Environment Variables

javascript
// Server-side validation
const requiredVars = [
  'NODE_ENV',
  'DATABASE_URL',
  'JWT_SECRET',
  'REFRESH_TOKEN_SECRET',
  'REGISTRATION_APPROVAL_CODE'
];

requiredVars.forEach(varName => {
  if (!process.env[varName]) {
    throw new Error(`Missing required environment variable: ${varName}`);
  }
});

Test Configuration

bash
# Test database connection
npm run setup

# Test authentication
curl -X POST https://your-api.com/app/login \
  -H "Content-Type: application/json" \
  -d '{"email":"test@example.com","password":"password"}'

Getting Help

Documentation

  • Check this environment variables guide

  • Review deployment documentation

  • Look at security best practices

Support

  • Contact support through the platform

  • Check error logs for specific issues

  • Verify environment variable configuration