Skip to main content
This reference documents all configuration options for the four Iqra AI services. Each service uses an appsettings.json file for configuration.
Some configuration blocks must be identical across all services (marked as “SHARED”). Mismatched values will cause communication failures between services.

Configuration files

Each service has its own configuration file:
  • ProjectIqraFrontend/appsettings.json - Dashboard and API
  • ProjectIqraBackendProxy/appsettings.json - Load balancer and SIP gateway
  • ProjectIqraBackendApp/appsettings.json - Core agent engine
  • IqraBackgroundProcessor/appsettings.json - Async processing
Example files are provided as appsettings.json.example in each directory.

Frontend configuration

URL

{
  "URL": "https://app.iqra.bot"
}
Purpose: The public URL where the dashboard is hosted (without trailing slash). Used for:
  • Email links (password resets, invitations)
  • Webhook URL generation
  • OAuth redirects

Hardware

{
  "Hardware": {
    "NetworkInterfaceName": "eth0"
  }
}
NetworkInterfaceName
string
required
The OS-level name of the network interface for RTP audio (UDP) binding.How to find:
  • Linux: ip addr (e.g., eth0, ens5, ens160)
  • Windows: ipconfig (e.g., "Ethernet", "vEthernet (WSL)")

S3 Storage

{
  "S3Storage": {
    "DefaultStorageRegionId": "us-east-1"
  }
}
DefaultStorageRegionId
string
required
The Region ID where default assets are stored. This must match a Region created in the Admin Dashboard under Infrastructure → Regions.Used for:
  • Logo uploads
  • Call recordings
  • Document uploads for knowledge bases

Redis (SHARED)

{
  "RedisDatabase": {
    "Endpoint": "localhost:6379",
    "Password": ""
  }
}
This configuration must be identical across Frontend, Proxy, Backend, and Processor.
Endpoint
string
required
Redis connection endpoint in host:port format.
Password
string
Redis authentication password. Leave empty ("") if no password is set.

MongoDB (SHARED)

{
  "MongoDatabase": {
    "ConnectionString": "mongodb://localhost:27017"
  }
}
This configuration must be identical across all services.
ConnectionString
string
required
MongoDB connection string. Supports:
  • Standalone: mongodb://localhost:27017
  • Replica set: mongodb://host1:27017,host2:27017,host3:27017/?replicaSet=rs0
  • Authentication: mongodb://username:password@host:27017/dbname

Milvus (SHARED)

{
  "Milvus": {
    "Endpoint": "http://localhost:9091",
    "Database": "iqra",
    "Username": "root",
    "Password": "Milvus",
    "ExpiryCheckIntervalSeconds": 300,
    "CollectionStaleTimeoutMinutes": 30
  }
}
This configuration must be identical across Frontend, Backend, and Processor.
Endpoint
string
required
HTTP URL for the Milvus vector database. Usually port 19530 (gRPC) or 9091 (HTTP).
Database
string
required
Database name inside Milvus to store embeddings.
Username
string
required
Milvus authentication username (default: root).
Password
string
required
Milvus authentication password (default: Milvus).
ExpiryCheckIntervalSeconds
integer
How often (in seconds) to check for expired vector collections. Default: 300 (5 minutes).
CollectionStaleTimeoutMinutes
integer
Time (in minutes) before an unused collection is unloaded from memory. Default: 30.

Unstructured

{
  "Unstructured": {
    "EndPoint": "http://localhost:8741",
    "ApiKey": "<your_api_key>"
  }
}
EndPoint
string
required
URL for the Unstructured.io ETL service used for parsing documents (PDFs, DOCX, etc.) for knowledge bases.Options:
  • Self-hosted Docker container: http://localhost:8741
  • Unstructured SaaS: https://api.unstructured.io
ApiKey
string
API key for Unstructured service (required for SaaS version or secured containers).

Mail SMTP

{
  "MailSMTP": {
    "Host": "smtp.sendgrid.net",
    "Port": 587,
    "Username": "apikey",
    "Password": "SG.xxxxx",
    "FromEmail": "[email protected]",
    "FromName": "Iqra AI"
  }
}
Host
string
required
SMTP server hostname (e.g., smtp.sendgrid.net, smtp.gmail.com, smtp.mailgun.org).
Port
integer
required
SMTP port. Common values:
  • 587 - STARTTLS (recommended)
  • 465 - SSL
  • 25 - Unencrypted (not recommended)
Username
string
required
SMTP authentication username.
Password
string
required
SMTP authentication password or API key.
FromEmail
string
required
Email address for the “From” field in system emails.
FromName
string
required
Display name for system emails.

Integrations (SHARED)

{
  "Integrations": {
    "EncryptionKey": "<32-character-aes-key>"
  }
}
This key must be identical across all services. Losing this key makes encrypted data unrecoverable.
EncryptionKey
string
required
A 32-character AES key used to encrypt/decrypt third-party API keys stored in MongoDB (OpenAI, Twilio, ElevenLabs, etc.).Generate with:
openssl rand -base64 32

User API Keys (SHARED)

{
  "UserApiKeys": {
    "ApiKeyEncryptionKey": "<api-key-encryption-key>",
    "PayloadEncryptionKey": "<payload-encryption-key>"
  }
}
These keys must be identical across all services.
ApiKeyEncryptionKey
string
required
Encrypts platform API keys issued to users.Generate with:
openssl rand -base64 32
PayloadEncryptionKey
string
required
Encrypts the payload/claims within API tokens.Generate with:
openssl rand -base64 32

User

{
  "User": {
    "EmailHashPepper": "<random-string>"
  }
}
EmailHashPepper
string
required
A secret string appended to email addresses before hashing for secure lookups.Generate with:
openssl rand -base64 16

Forwarded Headers

{
  "ForwardedHeaders": {
    "KnownProxies": [
      "127.0.0.1"
    ]
  }
}
KnownProxies
array
List of trusted proxy IP addresses that define X-Forwarded-For headers (e.g., Nginx, Cloudflare).Example:
"KnownProxies": [
  "127.0.0.1",
  "10.0.0.1",
  "192.168.1.1"
]

Backend Proxy configuration

Proxy

{
  "Proxy": {
    "Id": "<server-uuid>",
    "RegionId": "us-east-1",
    "ApiKey": "<cluster-api-secret>",
    "OutboundProcessing": {
      "PollingIntervalSeconds": 5,
      "DbFetchBatchSize": 1000,
      "ProcessingBatchSize": 70,
      "ScheduleWindowMinutes": 1
    }
  }
}
Id
string
required
Unique UUID for this Proxy instance, obtained from Admin Dashboard → Infrastructure → Servers.
RegionId
string
required
Region identifier (e.g., us-east-1, eu-central) that this proxy serves.
ApiKey
string
required
Cluster handshake token. Must match the “API Secret” entered in the Admin Dashboard when registering this server.
OutboundProcessing.PollingIntervalSeconds
integer
How often (in seconds) the proxy checks for pending outbound calls. Default: 5.
OutboundProcessing.DbFetchBatchSize
integer
Maximum number of queued calls to fetch from database per polling cycle. Default: 1000.
OutboundProcessing.ProcessingBatchSize
integer
Number of calls to process concurrently within one batch. Default: 70.
OutboundProcessing.ScheduleWindowMinutes
integer
Lookahead window (in minutes) for scheduled calls. Default: 1.

CORS

{
  "Cors": {
    "AllowedOrigins": [
      "https://app.iqra.bot"
    ]
  }
}
AllowedOrigins
array
required
List of URLs allowed to make browser-based requests (WebRTC signaling). Include your Frontend dashboard URL.

Backend App configuration

Server

{
  "Server": {
    "Id": "<server-uuid>",
    "RegionId": "us-east-1",
    "ExpectedMaxConcurrentCalls": 25,
    "ApiKey": "<cluster-api-secret>",
    "WebhookTokenSecret": "<webhook-signing-key>"
  }
}
Id
string
required
Unique UUID obtained from Admin Dashboard → Infrastructure → Servers.
RegionId
string
required
Region identifier this server belongs to.
ExpectedMaxConcurrentCalls
integer
required
Maximum number of simultaneous calls before the Proxy stops routing new traffic to this server.
ApiKey
string
required
Cluster handshake token matching the Admin Dashboard configuration.
WebhookTokenSecret
string
required
Random string used to sign webhook payloads for security verification.Generate with:
openssl rand -base64 32

Hardware

{
  "Hardware": {
    "NetworkInterfaceName": "eth0",
    "MaxNetworkDownloadMbps": 200,
    "MaxNetworkUploadMbps": 50
  }
}
NetworkInterfaceName
string
required
OS-level network interface name for RTP audio binding. See Frontend Hardware for details.
MaxNetworkDownloadMbps
integer
Estimated download bandwidth available (used for capacity planning). Default: 200.
MaxNetworkUploadMbps
integer
Estimated upload bandwidth available (used for capacity planning). Default: 50.

Local Redis (Backend App only)

{
  "LocalRedisDatabase": {
    "ConnectionString": "127.0.0.1:6379",
    "TTSAudioCacheIndex": 14
  }
}
The Backend App requires a separate local Redis instance running on the same machine for L1 TTS audio caching to minimize latency.
ConnectionString
string
required
Local Redis connection (should be 127.0.0.1 for best performance).
TTSAudioCacheIndex
integer
Redis database index for TTS cache. Default: 14.

Background Processor configuration

Security

{
  "Security": {
    "ApiKey": "<api-key>"
  }
}
ApiKey
string
required
Cluster handshake token matching the Admin Dashboard configuration.

S3 Storage

{
  "S3Storage": {
    "DefaultStorageRegionId": "us-east-1"
  }
}
DefaultStorageRegionId
string
required
Must match the DefaultStorageRegionId in the Frontend configuration.

Shared configuration blocks

These sections must be identical across all services:

RedisDatabase

Connection to shared Redis instance

MongoDatabase

Connection to MongoDB

Milvus

Vector database configuration

Integrations

Encryption key for third-party API keys

Environment-specific configuration

Development

{
  "Logging": {
    "LogLevel": {
      "Default": "Debug",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Production

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning",
      "Microsoft.EntityFrameworkCore": "Warning"
    }
  },
  "AllowedHosts": "app.yourdomain.com"
}

Security best practices

1

Use strong encryption keys

Generate all encryption keys with openssl rand -base64 32. Never use predictable strings.
2

Rotate keys periodically

Plan for key rotation. Store old keys for decrypting legacy data.
3

Secure configuration files

Set file permissions to 600 (owner read/write only):
chmod 600 appsettings.json
4

Use environment variables for secrets

Override sensitive settings with environment variables:
export MongoDatabase__ConnectionString="mongodb://..."
export Integrations__EncryptionKey="..."
5

Never commit secrets to Git

Add appsettings.json to .gitignore. Only commit appsettings.json.example.

Configuration validation

Validate your configuration before deploying: 
# Check configuration syntax
dotnet run --project ProjectIqraFrontend --configuration Release --dry-run

# Verify database connections
mongo --eval "db.adminCommand('ping')" $MONGODB_URI
redis-cli -h localhost -p 6379 ping

Troubleshooting

Services can’t connect to databases

Symptoms: MongoConnectionException or timeout errorsSolutions:
  • Verify connection string format
  • Check MongoDB is running: sudo systemctl status mongod
  • Test connection: mongo mongodb://localhost:27017
  • Ensure firewall allows port 27017
Symptoms: RedisConnectionException or NOAUTH errorsSolutions:
  • Verify Redis is running: sudo systemctl status redis
  • Test connection: redis-cli ping
  • Check password if authentication is enabled
  • Ensure firewall allows port 6379
Symptoms: MilvusException or timeout errorsSolutions:
  • Verify Milvus is running: docker ps | grep milvus
  • Check endpoint URL (HTTP port is usually 9091, not 19530)
  • Test connection: curl http://localhost:9091/health
  • Verify username/password if authentication is enabled

Encryption key mismatch

Symptoms: CryptographicException or “invalid padding” errors Cause: The Integrations.EncryptionKey differs between services. Solution: Ensure the exact same key is used in all four appsettings.json files.

Network interface not found

Symptoms: NetworkInterfaceNotFoundException or “No such device” Solution:
  • Linux: Run ip addr and use the exact interface name (e.g., eth0)
  • Windows: Run ipconfig and use the exact adapter name (e.g., "Ethernet")
  • Ensure the interface is active and has an IP address

Next steps

Self-hosting guide

Complete installation walkthrough

System requirements

Hardware and dependency specifications

Build docs developers (and LLMs) love

Get started for freeTalk to us