> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shipfastai.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Environment variables reference for Shipfastai

> Reference for every Shipfastai environment variable: app settings, database, JWT auth, Stripe billing, email, OAuth providers, Redis, and rate limiting.

Shipfastai reads all configuration from a `.env` file at the root of your product directory. Copy `.env.example` to `.env` and fill in your values before starting the application. Variables marked as required must be set or the backend will refuse to start.

<AccordionGroup>
  <Accordion title="Application">
    | Variable       | Required | Example                 | Description                                                          |
    | -------------- | -------- | ----------------------- | -------------------------------------------------------------------- |
    | `APP_NAME`     | No       | `Shipfastai`            | Display name used in logs and emails. Defaults to `Shipfastai`.      |
    | `APP_ENV`      | No       | `development`           | Runtime environment. Use `production` for deployed apps.             |
    | `DEBUG`        | No       | `true`                  | Enables verbose error responses. Set to `false` in production.       |
    | `FRONTEND_URL` | No       | `http://localhost:3000` | Base URL of your Next.js frontend. Used to build email links.        |
    | `BACKEND_URL`  | No       | `http://localhost:8000` | Base URL of your FastAPI backend. Used to build OAuth redirect URIs. |
    | `CORS_ORIGINS` | No       | `http://localhost:3000` | Comma-separated list of allowed origins for CORS.                    |
    | `LOG_LEVEL`    | No       | `INFO`                  | Logging level: `DEBUG`, `INFO`, `WARNING`, `ERROR`.                  |
    | `LOG_FORMAT`   | No       | `text`                  | Log format: `text` or `json`.                                        |
  </Accordion>

  <Accordion title="Database">
    | Variable                | Required | Example                                                    | Description                                                              |
    | ----------------------- | -------- | ---------------------------------------------------------- | ------------------------------------------------------------------------ |
    | `DATABASE_URL`          | Yes      | `postgresql://postgres:postgres@localhost:5432/Shipfastai` | Full PostgreSQL connection string.                                       |
    | `DATABASE_POOL_SIZE`    | No       | `5`                                                        | Number of persistent connections kept open. Defaults to `5`.             |
    | `DATABASE_MAX_OVERFLOW` | No       | `10`                                                       | Extra connections allowed beyond `DATABASE_POOL_SIZE`. Defaults to `10`. |
  </Accordion>

  <Accordion title="Authentication">
    | Variable                            | Required | Example                 | Description                                                                 |
    | ----------------------------------- | -------- | ----------------------- | --------------------------------------------------------------------------- |
    | `JWT_SECRET`                        | Yes      | `your-super-secret-key` | Secret key used to sign JWT tokens. Use a long random string in production. |
    | `JWT_ALGORITHM`                     | No       | `HS256`                 | Signing algorithm for JWT. Defaults to `HS256`.                             |
    | `JWT_ACCESS_TOKEN_EXPIRE_MINUTES`   | No       | `30`                    | Lifetime of an access token in minutes. Defaults to `30`.                   |
    | `JWT_REFRESH_TOKEN_EXPIRE_DAYS`     | No       | `7`                     | Lifetime of a refresh token in days. Defaults to `7`.                       |
    | `VERIFICATION_TOKEN_EXPIRE_HOURS`   | No       | `24`                    | How long an email verification link stays valid. Defaults to `24`.          |
    | `PASSWORD_RESET_TOKEN_EXPIRE_HOURS` | No       | `1`                     | How long a password reset link stays valid. Defaults to `1`.                |
  </Accordion>

  <Accordion title="Stripe">
    | Variable                  | Required | Example       | Description                                                     |
    | ------------------------- | -------- | ------------- | --------------------------------------------------------------- |
    | `STRIPE_SECRET_KEY`       | Yes      | `sk_test_xxx` | Your Stripe secret key. Use `sk_test_` keys during development. |
    | `STRIPE_PUBLISHABLE_KEY`  | Yes      | `pk_test_xxx` | Your Stripe publishable key. Sent to the frontend.              |
    | `STRIPE_WEBHOOK_SECRET`   | Yes      | `whsec_xxx`   | Signing secret for verifying incoming Stripe webhook events.    |
    | `STRIPE_PRICE_ID_MONTHLY` | No       | `price_xxx`   | Stripe price ID for your monthly subscription plan.             |
    | `STRIPE_PRICE_ID_YEARLY`  | No       | `price_xxx`   | Stripe price ID for your yearly subscription plan.              |
  </Accordion>

  <Accordion title="Email">
    | Variable         | Required | Example                  | Description                                                                         |
    | ---------------- | -------- | ------------------------ | ----------------------------------------------------------------------------------- |
    | `RESEND_API_KEY` | No       | `re_xxx`                 | API key from Resend. If omitted, email sending is disabled and a warning is logged. |
    | `FROM_EMAIL`     | No       | `noreply@yourdomain.com` | Sender address for all transactional emails.                                        |
  </Accordion>

  <Accordion title="OAuth">
    | Variable               | Required | Example                                 | Description                                                      |
    | ---------------------- | -------- | --------------------------------------- | ---------------------------------------------------------------- |
    | `GOOGLE_CLIENT_ID`     | No       | `1234567890.apps.googleusercontent.com` | Google OAuth client ID. Leave empty to disable Google login.     |
    | `GOOGLE_CLIENT_SECRET` | No       | `GOCSPX-xxx`                            | Google OAuth client secret.                                      |
    | `GITHUB_CLIENT_ID`     | No       | `Ov23liXXXXXX`                          | GitHub OAuth App client ID. Leave empty to disable GitHub login. |
    | `GITHUB_CLIENT_SECRET` | No       | `abc123xxx`                             | GitHub OAuth App client secret.                                  |
  </Accordion>

  <Accordion title="Redis">
    | Variable    | Required | Example                  | Description                                                                                              |
    | ----------- | -------- | ------------------------ | -------------------------------------------------------------------------------------------------------- |
    | `REDIS_URL` | No       | `redis://localhost:6379` | Connection URL for Redis. Used for caching and rate limiting. Docker Compose starts Redis automatically. |
  </Accordion>

  <Accordion title="Rate limiting">
    | Variable              | Required | Example | Description                                                       |
    | --------------------- | -------- | ------- | ----------------------------------------------------------------- |
    | `RATE_LIMIT_REQUESTS` | No       | `100`   | Maximum number of requests allowed per window. Defaults to `100`. |
    | `RATE_LIMIT_WINDOW`   | No       | `60`    | Duration of the rate limit window in seconds. Defaults to `60`.   |
  </Accordion>

  <Accordion title="Frontend (Next.js)">
    These variables are prefixed with `NEXT_PUBLIC_` and are bundled into the browser at build time.

    | Variable                              | Required | Example                 | Description                                                         |
    | ------------------------------------- | -------- | ----------------------- | ------------------------------------------------------------------- |
    | `NEXT_PUBLIC_API_URL`                 | No       | `http://localhost:8000` | Base URL of the backend API, used by the frontend to make requests. |
    | `NEXT_PUBLIC_STRIPE_PRICE_ID_MONTHLY` | No       | `price_xxx`             | Stripe monthly price ID exposed to the frontend for checkout.       |
    | `NEXT_PUBLIC_STRIPE_PRICE_ID_YEARLY`  | No       | `price_xxx`             | Stripe yearly price ID exposed to the frontend for checkout.        |
  </Accordion>
</AccordionGroup>

## Complete .env.example

The following is the full `.env.example` from the basic product tier. Copy it to `.env` and replace placeholder values with your own.

```bash .env theme={null}
# ============================================================
# Shipfastai Environment Configuration
# ============================================================
# Copy this file to .env and fill in your values
# ============================================================

# Application
APP_NAME=Shipfastai
APP_ENV=development
DEBUG=true
FRONTEND_URL=http://localhost:3000
BACKEND_URL=http://localhost:8000

# Database
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/Shipfastai
DATABASE_POOL_SIZE=5
DATABASE_MAX_OVERFLOW=10

# JWT Authentication
JWT_SECRET=your-super-secret-jwt-key-change-in-production
JWT_ALGORITHM=HS256
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
JWT_REFRESH_TOKEN_EXPIRE_DAYS=7

# Token expiry
VERIFICATION_TOKEN_EXPIRE_HOURS=24
PASSWORD_RESET_TOKEN_EXPIRE_HOURS=1

# OAuth - Google
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

# OAuth - GitHub
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

# Stripe
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_PUBLISHABLE_KEY=pk_test_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
STRIPE_PRICE_ID_MONTHLY=price_xxx
STRIPE_PRICE_ID_YEARLY=price_xxx

# Email (Resend)
RESEND_API_KEY=
FROM_EMAIL=noreply@yourdomain.com

# Redis (optional, for caching)
REDIS_URL=redis://localhost:6379

# Sentry (optional, for error tracking)
SENTRY_DSN=

# Rate Limiting
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60

# CORS
CORS_ORIGINS=http://localhost:3000

# Logging
LOG_LEVEL=INFO
LOG_FORMAT=text

# Frontend env vars (Next.js)
NEXT_PUBLIC_API_URL=http://localhost:8000
NEXT_PUBLIC_STRIPE_PRICE_ID_MONTHLY=price_xxx
NEXT_PUBLIC_STRIPE_PRICE_ID_YEARLY=price_xxx
```
