Skip to main content

Overview

The Crypto Shop Backend requires several environment variables to be configured before running. Copy .env.example to .env and configure the values according to your environment. 
cp .env.example .env

Required Variables

Database Configuration

MONGODB_URI

MONGODB_URI
string
required
MongoDB connection string for database access
Format: 
mongodb://[username:password@]host[:port]/database[?options]
Examples: 
# Local MongoDB
MONGODB_URI=mongodb://localhost:27017/crypto-shop

# MongoDB Atlas
MONGODB_URI=mongodb+srv://username:[email protected]/crypto-shop?retryWrites=true&w=majority

# Self-hosted with authentication
MONGODB_URI=mongodb://admin:[email protected]:27017/crypto-shop?authSource=admin
Production Recommendations:
  • Use MongoDB Atlas or a managed MongoDB service
  • Enable authentication and encryption
  • Use connection pooling
  • Configure replica sets for high availability

Application Configuration

NODE_ENV

NODE_ENV
string
default:"development"
Node.js environment mode
Possible Values:
  • development - Development mode with verbose logging
  • production - Production mode with optimizations
  • test - Test mode for running tests
NODE_ENV=production
Always set NODE_ENV=production in production environments to enable security features and performance optimizations.

PORT

PORT
number
default:"3000"
Port number for the Express server
PORT=3000

TRON Network Configuration

TRON_NETWORK

TRON_NETWORK
string
required
TRON blockchain network endpoint URL
Available Networks: 
# Nile Testnet (for development/testing)
TRON_NETWORK=https://nile.trongrid.io

# Mainnet (for production)
TRON_NETWORK=https://api.trongrid.io

# Shasta Testnet (alternative testnet)
TRON_NETWORK=https://api.shasta.trongrid.io
Use testnet for development and testing. Only switch to mainnet when deploying to production.

MERCHANT_WALLET_ADDRESS

MERCHANT_WALLET_ADDRESS
string
required
TRON wallet address to receive payments
MERCHANT_WALLET_ADDRESS=TYourMerchantWalletAddress123456789
Format: TRON addresses start with ‘T’ and are 34 characters long.
Alternatively, the system will use the wallet address of the first admin user if this variable is not set.

JWT Authentication

ACCESS_TOKEN_SECRET

ACCESS_TOKEN_SECRET
string
required
Secret key for signing access tokens (JWT)
Requirements:
  • Minimum 32 characters
  • Use cryptographically secure random string
  • Keep secret and never commit to version control
ACCESS_TOKEN_SECRET=your_very_secure_random_string_min_32_chars_for_access_tokens
Generate secure secret: 
# Using OpenSSL
openssl rand -base64 48

# Using Node.js
node -e "console.log(require('crypto').randomBytes(48).toString('base64'))"

REFRESH_TOKEN_SECRET

REFRESH_TOKEN_SECRET
string
required
Secret key for signing refresh tokens (JWT)
Requirements:
  • Minimum 32 characters
  • Must be different from ACCESS_TOKEN_SECRET
  • Use cryptographically secure random string
REFRESH_TOKEN_SECRET=another_very_secure_random_string_min_32_chars_for_refresh_tokens
Never use the same secret for access and refresh tokens. Generate separate secure secrets for each.

CORS Configuration

CLIENT_URL

CLIENT_URL
string
required
Frontend application URL for CORS configuration
# Development
CLIENT_URL=http://localhost:3000

# Production
CLIENT_URL=https://shop.yourdomain.com

FRONTEND_URL

FRONTEND_URL
string
Alternative frontend URL (optional, for additional CORS origin)
FRONTEND_URL=http://localhost:5173
Configure both CLIENT_URL and FRONTEND_URL if you have multiple frontend origins that need to access the API.

Optional Variables

Rate Limiting

While not explicitly defined in .env.example, you may want to add these: 
# Maximum requests per window
RATE_LIMIT_MAX=100

# Time window in milliseconds (15 minutes)
RATE_LIMIT_WINDOW=900000

Logging

# Log level (error, warn, info, debug)
LOG_LEVEL=info

# Log directory
LOG_DIR=./logs

Environment-Specific Configurations

Development Environment

MONGODB_URI=mongodb://localhost:27017/crypto-shop
NODE_ENV=development
PORT=3000
TRON_NETWORK=https://nile.trongrid.io
ACCESS_TOKEN_SECRET=dev_access_token_secret_min_32_chars_here
REFRESH_TOKEN_SECRET=dev_refresh_token_secret_min_32_chars_here
CLIENT_URL=http://localhost:3000
FRONTEND_URL=http://localhost:5173
MERCHANT_WALLET_ADDRESS=TTestnetWalletAddress123456789

Production Environment

MONGODB_URI=mongodb+srv://username:[email protected]/crypto-shop?retryWrites=true&w=majority
NODE_ENV=production
PORT=3000
TRON_NETWORK=https://api.trongrid.io
ACCESS_TOKEN_SECRET=<secure-48-char-random-string>
REFRESH_TOKEN_SECRET=<different-secure-48-char-random-string>
CLIENT_URL=https://shop.yourdomain.com
FRONTEND_URL=https://app.yourdomain.com
MERCHANT_WALLET_ADDRESS=TMainnetWalletAddress123456789

Security Best Practices

Never Commit Secrets

Add .env to .gitignore to prevent committing sensitive data

Use Strong Secrets

Generate secrets with at least 48 bytes of entropy

Rotate Regularly

Change JWT secrets periodically and after security incidents

Environment Isolation

Use different secrets for development, staging, and production

Validation

The application performs basic validation on startup:
  • Checks for required environment variables
  • Validates MongoDB connection
  • Verifies TRON network connectivity
  • Ensures JWT secrets are configured
If any critical variables are missing, the application will fail to start with a descriptive error message.

Troubleshooting

”MONGODB_URI is not defined”

Ensure you have created a .env file and configured MONGODB_URI.

”Cannot connect to TRON network”

Verify TRON_NETWORK URL is correct and accessible from your server.

”JWT secret too short”

Generate longer secrets (minimum 32 characters) for ACCESS_TOKEN_SECRET and REFRESH_TOKEN_SECRET.

CORS Errors

Ensure CLIENT_URL matches exactly with your frontend origin (including protocol and port).

Build docs developers (and LLMs) love

Get started for freeTalk to us