Skip to main content

Overview

Tresa Contafy API requires several environment variables to function properly. This guide covers all required and optional configuration settings.

Required Variables

Server Configuration

NODE_ENV
string
required
Environment mode: development, production, or test
NODE_ENV=production
PORT
number
default:"3001"
Port number for the API server
PORT=3001

Database Configuration

DATABASE_URL
string
required
PostgreSQL connection string with the format:
DATABASE_URL=postgresql://username:password@host:port/database
For Railway deployments, SSL is automatically enabled when the URL contains railway.app or rlwy.net

JWT Authentication

JWT_SECRET
string
required
Secret key for signing access tokens (expires in 15 minutes)
JWT_SECRET=your-secure-secret-key
Generate a strong random secret using: openssl rand -base64 32
JWT_REFRESH_SECRET
string
required
Secret key for signing refresh tokens (expires in 7 days)
JWT_REFRESH_SECRET=your-secure-refresh-secret-key

Email Service (Brevo)

BREVO_API_KEY
string
required
API key for Brevo (formerly Sendinblue) email service
BREVO_API_KEY=your-brevo-api-key
BREVO_FROM_EMAIL
string
required
Sender email address for transactional emails
BREVO_FROM_EMAIL=[email protected]
BREVO_FROM_NAME
string
default:"Tresa Contafy"
Sender name for transactional emails
BREVO_FROM_NAME=Tresa Contafy

Application URL

APP_URL
string
required
Base URL of your frontend application (used for email verification links)
APP_URL=https://yourdomain.com

Optional Variables

CORS Configuration

FRONTEND_URL
string
Frontend URL for CORS configuration (overrides APP_URL for CORS)
FRONTEND_URL=https://app.yourdomain.com
If neither FRONTEND_URL nor APP_URL is set in production, CORS will be disabled for security

Rate Limiting

API_RATE_LIMIT_MAX
number
default:"1000 (production) / 2000 (development)"
Maximum requests per 15-minute window per IP address
API_RATE_LIMIT_MAX=1000

Logging

LOG_LEVEL
string
default:"info (production) / debug (development)"
Logging level: fatal, error, warn, info, debug, or trace
LOG_LEVEL=info

Example Configuration

# Server
NODE_ENV=development
PORT=3001

# Database
DATABASE_URL=postgresql://user:password@localhost:5432/tresa_contafy

# JWT
JWT_SECRET=dev-secret-key-change-in-production
JWT_REFRESH_SECRET=dev-refresh-secret-key-change-in-production

# Email (Brevo)
BREVO_API_KEY=your-brevo-api-key
BREVO_FROM_EMAIL=noreply@localhost
BREVO_FROM_NAME=Tresa Contafy Dev

# App URL
APP_URL=http://localhost:3000

Security Best Practices

1

Generate Strong Secrets

Use cryptographically secure random strings for JWT secrets:
openssl rand -base64 32
2

Never Commit Secrets

Add .env to .gitignore and use environment-specific configuration management
3

Use Different Secrets Per Environment

Production, staging, and development should have unique JWT secrets
4

Enable SSL in Production

Ensure DATABASE_URL uses SSL for production databases (automatic for Railway)

Next Steps

Database Setup

Configure PostgreSQL database

Run Migrations

Initialize database schema

Build docs developers (and LLMs) love

Get started for freeTalk to us