The API validates its environment at startup. A missing required variable or an invalid value (for example a non-numeric PORT) causes the process to exit immediately with an error naming the offending variable, rather than failing later at runtime.
| Variable |
Description |
DATABASE_URL |
PostgreSQL connection string, e.g. postgresql://user:pass@localhost:5432/ablebase. |
BETTER_AUTH_SECRET |
Secret used to sign auth tokens. Generate with openssl rand -base64 32. |
BETTER_AUTH_URL |
Must be the web origin (e.g. http://localhost:5173), not the API’s own port. Auth callbacks and session cookies are issued against this URL. |
BETTER_AUTH_URL is listed as required because any real deployment needs it for correct auth callbacks and cookies. The app will still boot without it (useful for local/test runs), but set it for anything beyond local development.
| Variable |
Default |
Description |
PORT |
3001 |
Port the API listens on. |
HOST |
0.0.0.0 |
Bind address. |
CLIENT_ORIGIN |
http://localhost:4813 |
Comma-separated list of allowed CORS origins. |
TRUST_PROXY |
— |
Set to "true" when running behind a reverse proxy to get accurate client IPs for rate limiting. |
SKIP_MIGRATIONS |
— |
Set to "1" to skip automatic migrations at startup. |
UPLOAD_DIR |
./uploads |
Filesystem path for storing uploaded profile pictures, org logos, and cached integration logos. Must be a persistent volume in containerized deployments. |
| Variable |
Default |
Description |
ALLOW_SIGNUP |
false |
Set to "true" to allow new email/password account registration. |
These credentials power GitHub social login and are separate from the GitHub App used for integrations (below).
| Variable |
Description |
GITHUB_CLIENT_ID |
GitHub OAuth App client ID. |
GITHUB_CLIENT_SECRET |
GitHub OAuth App client secret. |
The OAuth callback URL must be <BETTER_AUTH_URL>/api/auth/callback/github.
Credentials for the Integrations feature — linking repositories and importing issues. These are separate from the sign-in credentials above. All are optional: when any is missing, the GitHub integration is disabled and the app still boots. See Integrations.
| Variable |
Description |
GITHUB_APP_ID |
GitHub App ID. |
GITHUB_APP_PRIVATE_KEY |
GitHub App private key (PEM). In env files, encode newlines as \n. |
GITHUB_APP_CLIENT_ID |
GitHub App client ID. |
GITHUB_APP_CLIENT_SECRET |
GitHub App client secret. |
GITHUB_APP_WEBHOOK_SECRET |
Secret used to verify inbound GitHub webhooks. Must match the webhook secret configured on the GitHub App. |
GITHUB_APP_SLUG |
The GitHub App’s URL slug (used to build install links). |
Point the GitHub App’s webhook URL at <host>/api/integrations/github/webhooks and subscribe to the Issues, Installation, and Installation repositories events. See GitHub App (integrations) for the full setup.
OAuth client credentials for connecting a Linear workspace via the Integrations feature. Both are optional: when either is missing, the Linear integration is disabled and the app still boots. See Integrations.
| Variable |
Description |
LINEAR_CLIENT_ID |
Linear OAuth application client ID. |
LINEAR_CLIENT_SECRET |
Linear OAuth application client secret. |
The OAuth redirect URI registered in the Linear application must be <web-origin>/integrations/linear/setup.
| Variable |
Description |
SENTRY_DSN |
Sentry DSN for server-side error tracking. Optional. |
SENTRY_RELEASE |
Release identifier attached to Sentry events for this deployment. Optional. |
| Variable |
Description |
FLAGSMITH_ENVIRONMENT_KEY |
Server-side Flagsmith environment key (secret — do not expose to clients). Optional. |
| Variable |
Description |
CI |
Set to any truthy value to disable the global rate limiter during test runs. |
PLAYWRIGHT |
Same effect as CI. Used to disable rate limiting during Playwright end-to-end tests. |
| Variable |
Description |
RAILWAY_SERVICE__ABLEBASE_WEB_URL |
Injected automatically by Railway. Ablebase trusts this domain as a CORS and auth origin. No manual configuration needed. |
| Variable |
Description |
VITE_FLAGSMITH_ENVIRONMENT_ID |
Client-side Flagsmith environment ID. Safe to ship to the browser. Optional. |