Skip to content
Ablebase Docs

Environment Variables

API (packages/api/.env)

Section titled “API (packages/api/.env)”

Required

Section titled “Required”
VariableDescription
DATABASE_URLPostgreSQL connection string, e.g. postgresql://user:pass@localhost:5432/ablebase.
BETTER_AUTH_SECRETSecret used to sign auth tokens. Generate with openssl rand -base64 32.
BETTER_AUTH_URLMust be the web origin (e.g. http://localhost:5173), not the API’s own port. Auth callbacks and session cookies are issued against this URL.

Server

Section titled “Server”
VariableDefaultDescription
PORT3001Port the API listens on.
HOST0.0.0.0Bind address.
CLIENT_ORIGINhttp://localhost:4813Comma-separated list of allowed CORS origins.
TRUST_PROXYSet to "true" when running behind a reverse proxy to get accurate client IPs for rate limiting.
SKIP_MIGRATIONSSet to "1" to skip automatic migrations at startup.
UPLOAD_DIR./uploadsFilesystem path for storing uploaded profile pictures and org logos. Must be a persistent volume in containerized deployments.

Registration

Section titled “Registration”
VariableDefaultDescription
ALLOW_SIGNUPfalseSet to "true" to allow new email/password account registration.

GitHub OAuth

Section titled “GitHub OAuth”
VariableDescription
GITHUB_CLIENT_IDGitHub OAuth App client ID.
GITHUB_CLIENT_SECRETGitHub OAuth App client secret.

The OAuth callback URL must be <BETTER_AUTH_URL>/api/auth/callback/github.

Error tracking

Section titled “Error tracking”
VariableDescription
SENTRY_DSNSentry DSN for server-side error tracking. Optional.

Feature flags

Section titled “Feature flags”
VariableDescription
FLAGSMITH_ENVIRONMENT_KEYServer-side Flagsmith environment key (secret — do not expose to clients). Optional.

Testing / CI

Section titled “Testing / CI”
VariableDescription
CISet to any truthy value to disable the global rate limiter during test runs.
PLAYWRIGHTSame effect as CI. Used to disable rate limiting during Playwright end-to-end tests.

Railway

Section titled “Railway”
VariableDescription
RAILWAY_SERVICE__ABLEBASE_WEB_URLInjected automatically by Railway. Ablebase trusts this domain as a CORS and auth origin. No manual configuration needed.

Web (packages/web)

Section titled “Web (packages/web)”
VariableDescription
VITE_FLAGSMITH_ENVIRONMENT_IDClient-side Flagsmith environment ID. Safe to ship to the browser. Optional.