Environment variables reference for Shipfastai

Shipfastai reads all configuration from a .env file at the root of your product directory. Copy .env.example to .env and fill in your values before starting the application. Variables marked as required must be set or the backend will refuse to start.

Application

Variable	Required	Example	Description
`APP_NAME`	No	`Shipfastai`	Display name used in logs and emails. Defaults to `Shipfastai`.
`APP_ENV`	No	`development`	Runtime environment. Use `production` for deployed apps.
`DEBUG`	No	`true`	Enables verbose error responses. Set to `false` in production.
`FRONTEND_URL`	No	`http://localhost:3000`	Base URL of your Next.js frontend. Used to build email links.
`BACKEND_URL`	No	`http://localhost:8000`	Base URL of your FastAPI backend. Used to build OAuth redirect URIs.
`CORS_ORIGINS`	No	`http://localhost:3000`	Comma-separated list of allowed origins for CORS.
`LOG_LEVEL`	No	`INFO`	Logging level: `DEBUG`, `INFO`, `WARNING`, `ERROR`.
`LOG_FORMAT`	No	`text`	Log format: `text` or `json`.

Database

Variable	Required	Example	Description
`DATABASE_URL`	Yes	`postgresql://postgres:postgres@localhost:5432/Shipfastai`	Full PostgreSQL connection string.
`DATABASE_POOL_SIZE`	No	`5`	Number of persistent connections kept open. Defaults to `5`.
`DATABASE_MAX_OVERFLOW`	No	`10`	Extra connections allowed beyond `DATABASE_POOL_SIZE`. Defaults to `10`.

Authentication

Variable	Required	Example	Description
`JWT_SECRET`	Yes	`your-super-secret-key`	Secret key used to sign JWT tokens. Use a long random string in production.
`JWT_ALGORITHM`	No	`HS256`	Signing algorithm for JWT. Defaults to `HS256`.
`JWT_ACCESS_TOKEN_EXPIRE_MINUTES`	No	`30`	Lifetime of an access token in minutes. Defaults to `30`.
`JWT_REFRESH_TOKEN_EXPIRE_DAYS`	No	`7`	Lifetime of a refresh token in days. Defaults to `7`.
`VERIFICATION_TOKEN_EXPIRE_HOURS`	No	`24`	How long an email verification link stays valid. Defaults to `24`.
`PASSWORD_RESET_TOKEN_EXPIRE_HOURS`	No	`1`	How long a password reset link stays valid. Defaults to `1`.

Stripe

Variable	Required	Example	Description
`STRIPE_SECRET_KEY`	Yes	`sk_test_xxx`	Your Stripe secret key. Use `sk_test_` keys during development.
`STRIPE_PUBLISHABLE_KEY`	Yes	`pk_test_xxx`	Your Stripe publishable key. Sent to the frontend.
`STRIPE_WEBHOOK_SECRET`	Yes	`whsec_xxx`	Signing secret for verifying incoming Stripe webhook events.
`STRIPE_PRICE_ID_MONTHLY`	No	`price_xxx`	Stripe price ID for your monthly subscription plan.
`STRIPE_PRICE_ID_YEARLY`	No	`price_xxx`	Stripe price ID for your yearly subscription plan.

Variable	Required	Example	Description
`RESEND_API_KEY`	No	`re_xxx`	API key from Resend. If omitted, email sending is disabled and a warning is logged.
`FROM_EMAIL`	No	`noreply@yourdomain.com`	Sender address for all transactional emails.

OAuth

Variable	Required	Example	Description
`GOOGLE_CLIENT_ID`	No	`1234567890.apps.googleusercontent.com`	Google OAuth client ID. Leave empty to disable Google login.
`GOOGLE_CLIENT_SECRET`	No	`GOCSPX-xxx`	Google OAuth client secret.
`GITHUB_CLIENT_ID`	No	`Ov23liXXXXXX`	GitHub OAuth App client ID. Leave empty to disable GitHub login.
`GITHUB_CLIENT_SECRET`	No	`abc123xxx`	GitHub OAuth App client secret.

Redis

Variable	Required	Example	Description
`REDIS_URL`	No	`redis://localhost:6379`	Connection URL for Redis. Used for caching and rate limiting. Docker Compose starts Redis automatically.

Rate limiting

Variable	Required	Example	Description
`RATE_LIMIT_REQUESTS`	No	`100`	Maximum number of requests allowed per window. Defaults to `100`.
`RATE_LIMIT_WINDOW`	No	`60`	Duration of the rate limit window in seconds. Defaults to `60`.

Frontend (Next.js)

These variables are prefixed with NEXT_PUBLIC_ and are bundled into the browser at build time.

Variable	Required	Example	Description
`NEXT_PUBLIC_API_URL`	No	`http://localhost:8000`	Base URL of the backend API, used by the frontend to make requests.
`NEXT_PUBLIC_STRIPE_PRICE_ID_MONTHLY`	No	`price_xxx`	Stripe monthly price ID exposed to the frontend for checkout.
`NEXT_PUBLIC_STRIPE_PRICE_ID_YEARLY`	No	`price_xxx`	Stripe yearly price ID exposed to the frontend for checkout.

Complete .env.example

The following is the full .env.example from the basic product tier. Copy it to .env and replace placeholder values with your own.

.env

# ============================================================
# Shipfastai Environment Configuration
# ============================================================
# Copy this file to .env and fill in your values
# ============================================================

# Application
APP_NAME=Shipfastai
APP_ENV=development
DEBUG=true
FRONTEND_URL=http://localhost:3000
BACKEND_URL=http://localhost:8000

# Database
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/Shipfastai
DATABASE_POOL_SIZE=5
DATABASE_MAX_OVERFLOW=10

# JWT Authentication
JWT_SECRET=your-super-secret-jwt-key-change-in-production
JWT_ALGORITHM=HS256
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
JWT_REFRESH_TOKEN_EXPIRE_DAYS=7

# Token expiry
VERIFICATION_TOKEN_EXPIRE_HOURS=24
PASSWORD_RESET_TOKEN_EXPIRE_HOURS=1

# OAuth - Google
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

# OAuth - GitHub
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

# Stripe
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_PUBLISHABLE_KEY=pk_test_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
STRIPE_PRICE_ID_MONTHLY=price_xxx
STRIPE_PRICE_ID_YEARLY=price_xxx

# Email (Resend)
RESEND_API_KEY=
FROM_EMAIL=noreply@yourdomain.com

# Redis (optional, for caching)
REDIS_URL=redis://localhost:6379

# Sentry (optional, for error tracking)
SENTRY_DSN=

# Rate Limiting
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60

# CORS
CORS_ORIGINS=http://localhost:3000

# Logging
LOG_LEVEL=INFO
LOG_FORMAT=text

# Frontend env vars (Next.js)
NEXT_PUBLIC_API_URL=http://localhost:8000
NEXT_PUBLIC_STRIPE_PRICE_ID_MONTHLY=price_xxx
NEXT_PUBLIC_STRIPE_PRICE_ID_YEARLY=price_xxx

Multi-tenancy and tenant isolation

Database setup and connection configuration

Documentation Index

​Complete .env.example

Complete .env.example