Skip to main content
Cal.com is configured primarily through environment variables defined in a .env file. This guide documents all available configuration options.

Quick Setup

  1. Copy the example environment file:
cp .env.example .env
  1. Generate required secrets:
# NextAuth secret (32 bytes)
openssl rand -base64 32

# Encryption key (24 bytes for AES256)
openssl rand -base64 24

# VAPID keys for push notifications
npx web-push generate-vapid-keys
  1. Configure essential variables in .env

Essential Configuration

Database

DATABASE_URL
string
required
PostgreSQL connection string with credentials. Used by the application and connection poolers.
DATABASE_URL="postgresql://postgres:password@localhost:5432/calendso"
DATABASE_DIRECT_URL
string
required
Direct PostgreSQL connection for migrations. Use the same as DATABASE_URL if not using a connection pooler like PgBouncer.
DATABASE_DIRECT_URL="postgresql://postgres:password@localhost:5432/calendso"
INSIGHTS_DATABASE_URL
string
Optional separate database for analytics and insights data.
PGSSLMODE
string
default:"prefer"
SSL mode for PostgreSQL connection. Use no-verify for self-signed certificates (Heroku, etc.).
PGSSLMODE="no-verify"

Application URLs

NEXT_PUBLIC_WEBAPP_URL
string
required
Base URL where your Cal.com instance is hosted. Must include protocol.
NEXT_PUBLIC_WEBAPP_URL="https://cal.yourdomain.com"
For organizations feature, use app subdomain: http://app.cal.local:3000
NEXT_PUBLIC_WEBSITE_URL
string
Marketing website URL. Defaults to NEXT_PUBLIC_WEBAPP_URL.
NEXT_PUBLIC_WEBSITE_URL="https://yourdomain.com"
NEXT_PUBLIC_EMBED_LIB_URL
string
URL for Cal.com embed library.
NEXT_PUBLIC_EMBED_LIB_URL="http://localhost:3000/embed/embed.js"

Authentication (NextAuth)

NEXTAUTH_URL
string
required
Full URL to NextAuth API endpoint. Required for Vercel deployments.
NEXTAUTH_URL="https://cal.yourdomain.com"
NEXTAUTH_SECRET
string
required
Secret for encrypting session cookies. Generate with openssl rand -base64 32.
NEXTAUTH_SECRET="your-generated-secret-here"
NEXTAUTH_COOKIE_DOMAIN
string
Domain for cross-domain cookie authentication.
NEXTAUTH_COOKIE_DOMAIN=".yourdomain.com"

Encryption

CALENDSO_ENCRYPTION_KEY
string
required
32-byte key for AES256 encryption. Generate with openssl rand -base64 24.
CALENDSO_ENCRYPTION_KEY="your-24-character-key"
CALCOM_APP_CREDENTIAL_ENCRYPTION_KEY
string
24-byte key for app credential encryption in credential sync.
CALCOM_APP_CREDENTIAL_ENCRYPTION_KEY="$(openssl rand -base64 24)"
CALCOM_SERVICE_ACCOUNT_ENCRYPTION_KEY
string
24-byte key for service account encryption.
CALCOM_SERVICE_ACCOUNT_ENCRYPTION_KEY="$(openssl rand -base64 24)"

Security

Content Security Policy

CSP_POLICY
string
Enable Content Security Policy. Set to non-strict for enhanced security.
CSP_POLICY="non-strict"
Strict CSP enables on login pages; report-only mode on SSR pages

Rate Limiting

UNKEY_ROOT_KEY
string
Root key from Unkey for rate limiting. Optional but recommended for production.Requires permissions: ratelimit.create_namespace and ratelimit.limit

Allowed Hostnames

ALLOWED_HOSTNAMES
string
JSON array of allowed hostnames for the application.
ALLOWED_HOSTNAMES='"cal.com","cal.dev","localhost:3000"'
RESERVED_SUBDOMAINS
string
Reserved organization subdomain names.
RESERVED_SUBDOMAINS='"app","auth","docs","api","www"'

Email Configuration

SMTP Settings

EMAIL_FROM
string
required
Sender email address for all outgoing emails.
EMAIL_FROM="[email protected]"
EMAIL_FROM_NAME
string
Display name for sender.
EMAIL_FROM_NAME="Cal.com"
EMAIL_SERVER_HOST
string
required
SMTP server hostname.
# Gmail
EMAIL_SERVER_HOST="smtp.gmail.com"

# Office 365
EMAIL_SERVER_HOST="smtp.office365.com"

# Local development (Mailhog)
EMAIL_SERVER_HOST="localhost"
EMAIL_SERVER_PORT
number
required
SMTP server port.
EMAIL_SERVER_PORT=587  # TLS
EMAIL_SERVER_PORT=465  # SSL (Gmail)
EMAIL_SERVER_PORT=1025 # Mailhog (development)
EMAIL_SERVER_USER
string
SMTP authentication username.
EMAIL_SERVER_PASSWORD
string
SMTP authentication password or app-specific password.

SendGrid

SENDGRID_API_KEY
string
SendGrid API key for transactional emails and reminders.
SENDGRID_API_KEY="SG.xxxxxxxxxxxx"
SENDGRID_EMAIL
string
Verified sender email in SendGrid.
SENDGRID_EMAIL="[email protected]"
NEXT_PUBLIC_SENDGRID_SENDER_NAME
string
Display name for SendGrid emails.
NEXT_PUBLIC_SENDGRID_SENDER_NAME="Cal.com Notifications"

Resend

RESEND_API_KEY
string
Resend API key for transactional emails (alternative to SendGrid).
RESEND_API_KEY="re_xxxxxxxxxxxx"

License & Enterprise

CALCOM_LICENSE_KEY
string
Enterprise license key. Required for enterprise features.
CALCOM_LICENSE_KEY="your-license-key"
CAL_SIGNATURE_TOKEN
string
Signature token for Cal.com License API authentication.
CALCOM_PRIVATE_API_ROUTE
string
default:"https://goblin.cal.com"
Route to Cal.com License API.

Integrations

Google Calendar

GOOGLE_API_CREDENTIALS
json
Google OAuth credentials JSON for Calendar and Meet integration.
GOOGLE_API_CREDENTIALS='{"web":{"client_id":"...","client_secret":"..."}}'
See Obtaining Google API Credentials for setup instructions.
GOOGLE_LOGIN_ENABLED
boolean
default:"false"
Enable “Sign in with Google”.
GOOGLE_LOGIN_ENABLED=true
Configure as Internal app to prevent unauthorized access
GOOGLE_CALENDAR_API_KEY
string
Google Calendar API key for holidays feature.
GOOGLE_WEBHOOK_TOKEN
string
Token to verify incoming webhooks from Google Calendar.
GOOGLE_WEBHOOK_URL
string
Override URL for Google Calendar webhooks. Defaults to NEXT_PUBLIC_WEBAPP_URL.

Microsoft 365

MS_GRAPH_CLIENT_ID
string
Microsoft Graph Application (client) ID.
MS_GRAPH_CLIENT_SECRET
string
Microsoft Graph client secret.
MICROSOFT_WEBHOOK_TOKEN
string
Token to verify incoming webhooks from Microsoft Calendar.
MICROSOFT_WEBHOOK_URL
string
Override URL for Microsoft Calendar webhooks.

Zoom

ZOOM_CLIENT_ID
string
Zoom OAuth client ID.
ZOOM_CLIENT_SECRET
string
Zoom OAuth client secret.

Daily.co Video

DAILY_API_KEY
string
Daily.co API key for video conferencing.
DAILY_SCALE_PLAN
boolean
default:"false"
Enable Daily Scale Plan features (recording, etc.).
DAILY_SCALE_PLAN=true

Stripe

STRIPE_PRIVATE_KEY
string
Stripe secret key for payment processing.
STRIPE_CLIENT_ID
string
Stripe client ID for Connect.
STRIPE_WEBHOOK_SECRET
string
Stripe webhook signing secret.
STRIPE_WEBHOOK_SECRET_APPS
string
Stripe webhook secret for app store integrations.

SMS & WhatsApp

Twilio

TWILIO_SID
string
Twilio Account SID.
TWILIO_TOKEN
string
Twilio Auth Token.
TWILIO_MESSAGING_SID
string
Twilio Messaging Service SID.
TWILIO_PHONE_NUMBER
string
Twilio phone number for SMS.
TWILIO_PHONE_NUMBER="+1234567890"
TWILIO_WHATSAPP_PHONE_NUMBER
string
Twilio WhatsApp-enabled phone number.
TWILIO_WHATSAPP_PHONE_NUMBER="whatsapp:+1234567890"
NEXT_PUBLIC_SENDER_ID
string
SMS sender ID (max 11 characters, letters, numbers, and spaces only).
TWILIO_VERIFY_SID
string
Twilio Verify Service SID for phone verification.

Push Notifications

NEXT_PUBLIC_VAPID_PUBLIC_KEY
string
required
VAPID public key for browser push notifications.Generate with: npx web-push generate-vapid-keys
NEXT_PUBLIC_VAPID_PUBLIC_KEY="BKxxx..."
VAPID_PRIVATE_KEY
string
required
VAPID private key for push notifications.
VAPID_PRIVATE_KEY="xxx..."

Branding & Customization

NEXT_PUBLIC_APP_NAME
string
default:"Cal.com"
Application name displayed throughout the UI.
NEXT_PUBLIC_APP_NAME="Your Company Scheduler"
NEXT_PUBLIC_SUPPORT_MAIL_ADDRESS
string
default:"[email protected]"
Support email address.
NEXT_PUBLIC_SUPPORT_MAIL_ADDRESS="[email protected]"
NEXT_PUBLIC_COMPANY_NAME
string
default:"Cal.com, Inc."
Company name for legal pages.
NEXT_PUBLIC_COMPANY_NAME="Your Company, Inc."
NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL
string
URL to your privacy policy.
NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL="https://yourdomain.com/privacy"
NEXT_PUBLIC_WEBSITE_TERMS_URL
string
URL to your terms of service.
NEXT_PUBLIC_WEBSITE_TERMS_URL="https://yourdomain.com/terms"
NEXT_PUBLIC_DISABLE_SIGNUP
boolean
default:"false"
Disable new user signups.
NEXT_PUBLIC_DISABLE_SIGNUP=true

Analytics & Monitoring

Telemetry

CALCOM_TELEMETRY_DISABLED
boolean
default:"false"
Disable anonymous usage analytics.
CALCOM_TELEMETRY_DISABLED=1

Sentry

NEXT_PUBLIC_SENTRY_DSN
string
Sentry DSN for error tracking.
NEXT_PUBLIC_SENTRY_DSN="https://[email protected]/xxx"
SENTRY_ORG
string
Sentry organization slug.
SENTRY_PROJECT
string
Sentry project name.
SENTRY_AUTH_TOKEN
string
Sentry authentication token for releases.

PostHog

NEXT_PUBLIC_POSTHOG_KEY
string
PostHog project API key.
NEXT_PUBLIC_POSTHOG_HOST
string
PostHog instance URL.
NEXT_PUBLIC_POSTHOG_HOST="https://app.posthog.com"

Logging

NEXT_PUBLIC_LOGGER_LEVEL
number
Logging verbosity level:
  • 0: silly & upwards
  • 1: trace & upwards
  • 2: debug & upwards
  • 3: info & upwards (recommended)
  • 4: warn & upwards
  • 5: error & fatal
  • 6: fatal only
NEXT_PUBLIC_LOGGER_LEVEL=3

Organizations (Enterprise)

ORGANIZATIONS_ENABLED
boolean
default:"false"
Enable organizations feature (requires full domain setup).
ORGANIZATIONS_ENABLED=true
NEXT_PUBLIC_WEBAPP_URL="http://app.cal.local:3000"
NEXT_PUBLIC_SINGLE_ORG_SLUG
string
Serve only one organization’s booking pages.
NEXT_PUBLIC_SINGLE_ORG_SLUG="your-org"
ORGANIZATIONS_AUTOLINK
boolean
default:"false"
Auto-link external signups to organizations by email domain.
NEXT_PUBLIC_ORGANIZATIONS_MIN_SELF_SERVE_SEATS
number
default:"30"
Minimum seats for self-serve organizations.

Vercel Domain Management

PROJECT_ID_VERCEL
string
Vercel project ID for subdomain management.
TEAM_ID_VERCEL
string
Vercel team ID.
AUTH_BEARER_TOKEN_VERCEL
string
Vercel API token for domain management.

Cloudflare DNS Management

CLOUDFLARE_DNS
boolean
default:"false"
Use Cloudflare for DNS management.
CLOUDFLARE_DNS=1
AUTH_BEARER_TOKEN_CLOUDFLARE
string
Cloudflare API token with Zone Edit permissions.
CLOUDFLARE_ZONE_ID
string
Cloudflare Zone ID for your domain.
CLOUDFLARE_VERCEL_CNAME
string
default:"cname.vercel-dns.com"
CNAME target for Vercel domains.

SAML SSO (Enterprise)

SAML_DATABASE_URL
string
Separate PostgreSQL database for SAML data.
SAML_DATABASE_URL="postgresql://user:pass@host:5432/cal-saml"
SAML_ADMINS
string
Comma-separated list of admin emails.
SAML_ADMINS="[email protected],[email protected]"
SAML_CLIENT_SECRET_VERIFIER
string
Random secret for OAuth 2.0 SAML flow.

API V2

NEXT_PUBLIC_API_V2_URL
string
URL for Cal.com Platform API v2.
NEXT_PUBLIC_API_V2_URL="http://localhost:5555/api/v2"
API_PORT
number
default:"80"
Port for API v2 service.
API_PORT=5555
API_URL
string
Full URL to API v2 service.
WEB_APP_URL
string
Web application URL for API callbacks.
API_KEY_PREFIX
string
default:"cal_"
Prefix for API keys.
API_KEY_PREFIX="cal_"

Cron Jobs

CRON_API_KEY
string
required
API key for authenticating cron job requests.
CRON_API_KEY="$(openssl rand -hex 16)"
CRON_ENABLE_APP_SYNC
boolean
default:"false"
Auto-sync app metadata from config files.
CRON_ENABLE_APP_SYNC=true

Redis

REDIS_URL
string
Redis connection string for caching and queues.
REDIS_URL="redis://localhost:6379"
REDIS_PORT
number
default:"6379"
Redis port (used in docker-compose).

Performance & Optimization

NODE_OPTIONS
string
Node.js runtime options.
NODE_OPTIONS="--max-old-space-size=16384"
MAX_OLD_SPACE_SIZE
number
default:"6144"
Memory limit for build process (in MB).
DATABASE_CHUNK_SIZE
number
Batch size for database operations.
TZ
string
default:"UTC"
Process timezone. Always use UTC.
TZ=UTC

Development & Testing

NODE_ENV
string
Node environment.
NODE_ENV="production"  # or "development"
NEXT_PUBLIC_IS_E2E
boolean
default:"false"
Enable E2E testing mode.
NEXT_PUBLIC_IS_E2E=1
E2E_TEST_MAILHOG_ENABLED
boolean
default:"false"
Enable Mailhog for email testing.
E2E_TEST_MAILHOG_ENABLED=1

Example Configurations

Minimal Production Setup

# Database
DATABASE_URL="postgresql://user:[email protected]:5432/calendso"
DATABASE_DIRECT_URL="postgresql://user:[email protected]:5432/calendso"

# URLs
NEXT_PUBLIC_WEBAPP_URL="https://cal.yourdomain.com"
NEXTAUTH_URL="https://cal.yourdomain.com"

# Secrets (generate these!)
NEXTAUTH_SECRET="generated-with-openssl-rand"
CALENDSO_ENCRYPTION_KEY="generated-24-byte-key"
CRON_API_KEY="generated-cron-key"

# VAPID (generate with npx web-push generate-vapid-keys)
NEXT_PUBLIC_VAPID_PUBLIC_KEY="your-public-key"
VAPID_PRIVATE_KEY="your-private-key"

# Email
EMAIL_FROM="[email protected]"
SENDGRID_API_KEY="SG.xxxxx"
SENDGRID_EMAIL="[email protected]"

# Disable telemetry
CALCOM_TELEMETRY_DISABLED=1

Docker Compose Setup

# Docker-managed services
DATABASE_URL="postgresql://unicorn_user:magical_password@database:5432/calendso"
REDIS_URL="redis://redis:6379"

# Application
NEXT_PUBLIC_WEBAPP_URL="http://localhost:3000"
NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="secret-for-dev"
CALENDSO_ENCRYPTION_KEY="encryption-key-for-dev"

# VAPID keys
NEXT_PUBLIC_VAPID_PUBLIC_KEY="your-public-key"
VAPID_PRIVATE_KEY="your-private-key"

# Email (development with Mailhog)
EMAIL_SERVER_HOST="localhost"
EMAIL_SERVER_PORT=1025
EMAIL_FROM="[email protected]"

Enterprise with Organizations

# Enable organizations
ORGANIZATIONS_ENABLED=true
NEXT_PUBLIC_WEBAPP_URL="https://app.yourcompany.com"

# License
CALCOM_LICENSE_KEY="your-enterprise-license"
CAL_SIGNATURE_TOKEN="your-signature-token"

# SAML SSO
SAML_DATABASE_URL="postgresql://user:pass@host:5432/cal-saml"
SAML_ADMINS="[email protected]"

# Domain management (Cloudflare)
CLOUDFLARE_DNS=1
AUTH_BEARER_TOKEN_CLOUDFLARE="your-api-token"
CLOUDFLARE_ZONE_ID="your-zone-id"

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us