Environment Variables¶
Backend¶
Required¶
| Variable | Description |
|---|---|
DATABASE_URL |
PostgreSQL connection string |
JWT_SECRET |
JWT signing key (min 32 characters) - REQUIRED in production |
JWT Configuration¶
| Variable | Default | Description |
|---|---|---|
JWT_ALGORITHM |
HS256 |
JWT signing algorithm |
ACCESS_TOKEN_EXPIRE_MINUTES |
15 |
Access token expiration |
REFRESH_TOKEN_EXPIRE_DAYS |
7 |
Refresh token expiration |
Database Configuration¶
| Variable | Default | Description |
|---|---|---|
POSTGRES_USER |
user |
PostgreSQL username |
POSTGRES_PASSWORD |
pass |
PostgreSQL password |
POSTGRES_HOST |
localhost |
PostgreSQL host |
POSTGRES_PORT |
5432 |
PostgreSQL port |
POSTGRES_DB |
db |
PostgreSQL database name |
Server Configuration¶
| Variable | Default | Description |
|---|---|---|
PORT |
8000 |
Server port |
HOST |
0.0.0.0 |
Server host |
APP_BASE_URL |
https://your-domain.com |
Base URL for the application |
ENVIRONMENT |
development |
development or production |
LOG_LEVEL |
INFO |
Logging level |
Security Configuration¶
| Variable | Default | Description |
|---|---|---|
ALLOWED_HOSTS |
localhost,api.saas-courier.com |
Allowed hosts |
CORS_ORIGINS |
http://localhost:3000,http://localhost:8550 |
Allowed CORS origins |
ACCOUNT_LOCKOUT_MAX_ATTEMPTS |
5 |
Max failed login attempts |
ACCOUNT_LOCKOUT_MINUTES |
15 |
Account lockout duration |
Redis Configuration¶
| Variable | Default | Description |
|---|---|---|
REDIS_HOST |
localhost |
Redis host |
REDIS_PORT |
6379 |
Redis port |
REDIS_URL |
redis://localhost:6379 |
Redis connection URL |
Rate Limiting¶
| Variable | Default | Description |
|---|---|---|
RATE_LIMIT_LOGIN |
1000/minute |
Rate limit for login endpoint |
RATE_LIMIT_REGISTER |
1000/minute |
Rate limit for register endpoint |
RATE_LIMIT_REFRESH |
1000/minute |
Rate limit for token refresh |
RATE_LIMIT_EMAIL_VERIFY |
1000/minute |
Rate limit for email verification |
RATE_LIMIT_PASSWORD_RESET |
1000/minute |
Rate limit for password reset |
RATE_LIMIT_DEFAULT |
1000/minute |
Default rate limit |
RATE_LIMIT_TRACKING |
60/minute |
Rate limit for public tracking |
OAuth Authentication¶
Google OAuth¶
| Variable | Description |
|---|---|
GOOGLE_CLIENT_ID |
Google OAuth client ID |
GOOGLE_CLIENT_SECRET |
Google OAuth client secret |
GOOGLE_AUTH_URL |
https://accounts.google.com/o/oauth2/v2/auth |
GOOGLE_TOKEN_URL |
https://oauth2.googleapis.com/token |
GOOGLE_USER_INFO_URL |
https://oauth2.googleapis.com/oauth2/v3/userinfo |
GOOGLE_SCOPE |
openid email profile |
GitHub OAuth¶
| Variable | Description |
|---|---|
GITHUB_CLIENT_ID |
GitHub OAuth client ID |
GITHUB_CLIENT_SECRET |
GitHub OAuth client secret |
GITHUB_AUTH_URL |
https://github.com/login/oauth/authorize |
GITHUB_TOKEN_URL |
https://github.com/login/oauth/access_token |
GITHUB_USER_INFO_URL |
https://api.github.com/user |
GITHUB_SCOPE |
read:user user:email |
Facebook OAuth (Phase 2)¶
| Variable | Description |
|---|---|
FACEBOOK_CLIENT_ID |
Facebook OAuth client ID |
FACEBOOK_CLIENT_SECRET |
Facebook OAuth client secret |
FACEBOOK_AUTH_URL |
https://www.facebook.com/v18.0/dialog/oauth |
FACEBOOK_TOKEN_URL |
https://graph.facebook.com/v18.0/oauth/access_token |
FACEBOOK_USER_INFO_URL |
https://graph.facebook.com/v18.0/me |
FACEBOOK_SCOPE |
email,public_profile |
Apple Sign-In (Phase 3)¶
| Variable | Description |
|---|---|
APPLE_CLIENT_ID |
Apple OAuth client ID |
APPLE_TEAM_ID |
Apple developer team ID |
APPLE_KEY_ID |
Apple private key ID |
APPLE_PRIVATE_KEY |
Apple private key (P8 format) |
OAuth Configuration¶
| Variable | Default | Description |
|---|---|---|
OAUTH_REDIRECT_BASE_URL |
https://api.saas-courier.com |
OAuth redirect base URL |
Email Configuration¶
Email Provider Selection¶
| Variable | Default | Description |
|---|---|---|
EMAIL_PROVIDER |
MOCK |
Email provider: MOCK, RESEND, SENDGRID, SES |
EMAIL_FROM_NAME |
SaaS Courier |
Default sender name |
EMAIL_FROM_EMAIL |
noreply@saas-courier.com |
Default sender email |
Resend¶
| Variable | Description |
|---|---|
RESEND_API_KEY |
Resend.com API key |
RESEND_FROM_EMAIL |
Default sender email |
SendGrid¶
| Variable | Description |
|---|---|
SENDGRID_API_KEY |
SendGrid API key |
SENDGRID_FROM_EMAIL |
Default sender email |
AWS SES¶
| Variable | Default | Description |
|---|---|---|
AWS_ACCESS_KEY_ID |
- | AWS access key ID |
AWS_SECRET_ACCESS_KEY |
- | AWS secret access key |
AWS_REGION |
us-east-1 |
AWS region |
AWS_SES_FROM_EMAIL |
- | SES sender email |
SMTP¶
| Variable | Default | Description |
|---|---|---|
SMTP_HOST |
- | SMTP server hostname |
SMTP_PORT |
587 |
SMTP port (587=STARTTLS, 465=SSL) |
SMTP_USER |
- | Authentication username |
SMTP_PASSWORD |
- | Authentication password |
SMTP_FROM_EMAIL |
- | Default sender email |
SMTP_FROM_NAME |
SaaS Courier |
Default sender name |
SMTP_USE_TLS |
true |
Use STARTTLS |
SMTP_USE_SSL |
false |
Use SSL/TLS |
Flight APIs¶
AeroDataBox (Webhook-based Real-time)¶
| Variable | Default | Description |
|---|---|---|
AERODATABOX_API_KEY |
- | RapidAPI key for AeroDataBox |
AERODATABOX_API_HOST |
aerodatabox.p.rapidapi.com |
API host |
AERODATABOX_WEBHOOK_URL |
https://api.saas-courier.com/api/v1/flights/webhook |
Webhook URL |
AERODATABOX_WEBHOOK_SECRET |
- | Secret for webhook validation |
AERODATABOX_CREDIT_ALERT_THRESHOLD |
100 |
Alert when credits < threshold |
Aviationstack (Legacy - Polling)¶
| Variable | Description |
|---|---|
AVIASTACK_API_KEY |
Aviationstack API key (legacy, consider migrating to AeroDataBox) |
Notifications¶
Push Notifications (Firebase Cloud Messaging)¶
| Variable | Default | Description |
|---|---|---|
FCM_SERVER_KEY |
- | Firebase Cloud Messaging server key |
FCM_CREDIT_ALERT_THRESHOLD |
100 |
Alert when FCM credits < threshold |
Notification Provider¶
| Variable | Default | Description |
|---|---|---|
NOTIFICATION_PROVIDER |
whatsapp_cloud |
Provider: whatsapp_cloud |
SMS_FALLBACK_ENABLED |
false |
Enable SMS fallback |
WhatsApp Cloud API¶
| Variable | Description |
|---|---|
WHATSAPP_ACCESS_TOKEN |
WhatsApp Cloud API access token |
WHATSAPP_PHONE_NUMBER_ID |
Phone number ID from Facebook Developer Console |
WHATSAPP_WABA_ID |
WhatsApp Business Account ID |
WHATSAPP_VERIFIED_NUMBER |
Verified phone number |
WHATSAPP_API_VERSION |
v18.0 |
WHATSAPP_GRAPH_URL |
https://graph.facebook.com |
WHATSAPP_VERIFY_TOKEN |
- |
WHATSAPP_WEBHOOK_PATH |
/whatsapp/webhook |
WHATSAPP_NOTIFICATION_TEMPLATE |
hello_world |
WHATSAPP_TEMPLATE_LANGUAGE |
en_US |
Frontend¶
| Variable | Default | Description |
|---|---|---|
API_BASE_URL |
http://localhost:8080 |
Backend API URL |
WS_BASE_URL |
ws://localhost:8080 |
WebSocket URL |
SESSION_TIMEOUT_MINUTES |
15 |
Session timeout |
REFRESH_BEFORE_EXPIRY_MINUTES |
2 |
Auto-refresh window |
ENCRYPT_TOKENS |
true |
Encrypt tokens in storage |
REQUIRE_HTTPS_IN_PRODUCTION |
true |
Block HTTP in production |
Multi-Domain Configuration¶
| Variable | Default | Description |
|---|---|---|
DEFAULT_DOMAIN |
saas-courier.com |
Default domain |
API_DOMAIN |
api.saas-courier.com |
API subdomain |
TRACKING_SUBDOMAIN_PREFIX |
tracking |
Tracking page subdomain prefix |
Token Encryption (Optional)¶
| Variable | Description |
|---|---|
TOKEN_ENCRYPTION_KEY |
256-bit key for Fernet encryption |
MACHINE_ID |
Unique machine identifier |
APP_SECRET |
Additional entropy for key derivation |