Skip to main content
Scira requires various API keys and configuration settings through environment variables. This guide provides a complete reference of all available environment variables.
Copy .env.example to .env.local (for development) or .env (for production) and configure the required variables.

AI API Keys

API keys for AI model providers. At minimum, you need OpenAI and Anthropic.
XAI_API_KEY
string
xAI API key for Grok models (Grok 3, Grok 4, Grok Code)Get your key: console.x.ai
OPENAI_API_KEY
string
required
OpenAI API key for GPT modelsGet your key: platform.openai.com/api-keys
ANTHROPIC_API_KEY
string
required
Anthropic API key for Claude models (Haiku, Sonnet, Opus)Get your key: console.anthropic.com
GROQ_API_KEY
string
Groq API key for fast inferenceGet your key: console.groq.com
GOOGLE_GENERATIVE_AI_API_KEY
string
Google API key for Gemini models (Gemini 2.5 Flash, Gemini 2.5 Pro, Gemini 3)Get your key: makersuite.google.com/app/apikey

Development & Sandbox

DAYTONA_API_KEY
string
Daytona API key for code execution sandboxEnables the code interpreter tool for executing Python code in a sandboxed environment.Get your key: daytona.io

Database & Storage

DATABASE_URL
string
required
PostgreSQL database connection URLFormat: postgresql://user:password@host:port/databaseExample: postgresql://postgres:password@localhost:5432/sciraFor production, use a managed PostgreSQL service like:
REDIS_URL
string
required
Redis connection URL for serverless caching and rate limitingFormat: redis://default:password@host:portRecommended: Upstash Redis for serverless Redis
BLOB_READ_WRITE_TOKEN
string
Vercel Blob storage token for file uploadsRequired for storing uploaded files (PDFs, images, etc.) and extreme search artifacts.Get your token: vercel.com/storage/blob

Authentication

BETTER_AUTH_SECRET
string
required
Secret key for Better Auth session encryptionGenerate a secure random string:
openssl rand -base64 32
Keep this secret secure. Never commit it to version control or expose it publicly.

GitHub OAuth

GITHUB_CLIENT_ID
string
GitHub OAuth application client IDCreate an OAuth app: github.com/settings/developersSet callback URL to: https://yourdomain.com/api/auth/callback/github
GITHUB_CLIENT_SECRET
string
GitHub OAuth application client secret

Google OAuth

GOOGLE_CLIENT_ID
string
Google OAuth 2.0 client IDCreate OAuth credentials: console.cloud.google.com/apis/credentialsSet authorized redirect URI to: https://yourdomain.com/api/auth/callback/google
GOOGLE_CLIENT_SECRET
string
Google OAuth 2.0 client secret

Twitter/X OAuth

TWITTER_CLIENT_ID
string
Twitter/X OAuth 2.0 client IDCreate an app: developer.twitter.com/en/portal/projects-and-appsSet callback URL to: https://yourdomain.com/api/auth/callback/twitter
TWITTER_CLIENT_SECRET
string
Twitter/X OAuth 2.0 client secret

Search & Web APIs

TAVILY_API_KEY
string
Tavily API key for web search and financial newsGet your key: tavily.com
EXA_API_KEY
string
required
Exa API key for AI-powered web search, academic search, and content retrievalRequired for: Web search featureGet your key: exa.ai
FIRECRAWL_API_KEY
string
Firecrawl API key for web scraping with structured extractionGet your key: firecrawl.dev
SUPADATA_API_KEY
string
Supadata API key for YouTube search, transcripts, and social media contentGet your key: supadata.ai

Media & Entertainment

TMDB_API_KEY
string
The Movie Database (TMDB) API key for movie and TV show dataGet your key: themoviedb.org/settings/api
YT_ENDPOINT
string
YouTube endpoint for video search and transcript extraction
ELEVENLABS_API_KEY
string
ElevenLabs API key for voice synthesis (Pro feature)Get your key: elevenlabs.io

Maps & Location

GOOGLE_MAPS_API_KEY
string
Google Maps API key for geocoding and place discoveryEnable APIs: Maps JavaScript API, Geocoding API, Places APIGet your key: console.cloud.google.com/google/maps-apis
MAPBOX_ACCESS_TOKEN
string
Mapbox access token for map renderingGet your token: mapbox.com/account/access-tokens
TRIPADVISOR_API_KEY
string
TripAdvisor API key for location and travel dataGet your key: tripadvisor.com/developers

Weather & Aviation

OPENWEATHER_API_KEY
string
OpenWeatherMap API key for weather data and forecastsGet your key: openweathermap.org/api
AVIATION_STACK_API_KEY
string
Aviation Stack API key for flight trackingGet your key: aviationstack.com

Memory & MCP

SUPERMEMORY_API_KEY
string
Supermemory API key for memory management and connector search (Pro feature)Enables searching connected Google Drive, Notion, and OneDrive.Get your key: supermemory.ai
SMITHERY_API_KEY
string
Smithery API key for Model Context Protocol (MCP) integrationGet your key: smithery.ai

Cron & Security

CRON_SECRET
string
Secret key for authenticating cron job requestsUsed by Lookouts (scheduled research agents) to authenticate scheduled executions.Generate a secure random string:
openssl rand -base64 32

Subscription & Payments

POLAR_ACCESS_TOKEN
string
Polar API access token for subscription managementGet your token: polar.sh
POLAR_WEBHOOK_SECRET
string
Polar webhook secret for verifying webhook signatures
NEXT_PUBLIC_STARTER_TIER
string
Product ID for Starter subscription tier (Polar)
NEXT_PUBLIC_STARTER_SLUG
string
Product slug for Starter subscription tier (Polar)
DODO_PAYMENTS_API_KEY
string
Dodo Payments API key for premium subscription managementGet your key: dodopayments.com
DODO_PAYMENTS_WEBHOOK_SECRET
string
Dodo Payments webhook secret for verifying webhook signatures
NEXT_PUBLIC_PREMIUM_TIER
string
Product ID for Premium subscription tier (Dodo Payments)
NEXT_PUBLIC_PREMIUM_SLUG
string
Product slug for Premium subscription tier (Dodo Payments)

Client-side Environment Variables

These variables are exposed to the browser with the NEXT_PUBLIC_ prefix.
Only use NEXT_PUBLIC_ prefix for non-sensitive data that can be safely exposed to clients.
NEXT_PUBLIC_MAPBOX_TOKEN
string
Public Mapbox token for client-side map renderingGet your token: mapbox.com/account/access-tokens
NEXT_PUBLIC_GOOGLE_MAPS_API_KEY
string
Public Google Maps API key for client-side maps
NEXT_PUBLIC_POSTHOG_KEY
string
PostHog project API key for analyticsGet your key: posthog.com
NEXT_PUBLIC_POSTHOG_HOST
string
PostHog API host URLDefault: https://app.posthog.com
NEXT_PUBLIC_SCIRA_PUBLIC_API_KEY
string
Public API key for Scira client features
SCIRA_API_KEY
string
Server-side Scira API key for internal API authentication

Environment File Examples

Development (.env.local)

# Minimal configuration for local development
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
EXA_API_KEY=...

DATABASE_URL=postgresql://postgres:password@localhost:5432/scira
REDIS_URL=redis://localhost:6379

BETTER_AUTH_SECRET=your-generated-secret-here

# Optional: Add more API keys as needed

Production (.env)

# Production environment configuration
NODE_ENV=production

# Required AI providers
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
EXA_API_KEY=...

# Database (use managed PostgreSQL)
DATABASE_URL=postgresql://user:pass@host:5432/db?sslmode=require
REDIS_URL=rediss://default:pass@host:6379

# Authentication
BETTER_AUTH_SECRET=your-secure-production-secret

# OAuth providers (configure all you want to support)
GITHUB_CLIENT_ID=...
GITHUB_CLIENT_SECRET=...
GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_SECRET=...

# Storage
BLOB_READ_WRITE_TOKEN=...

# Add all other API keys for features you want to enable

Security Best Practices

Never commit environment files to version control!Ensure .env, .env.local, and .env.production are in your .gitignore.

Use strong secrets

Generate secrets with openssl rand -base64 32

Rotate regularly

Rotate API keys and secrets periodically

Limit permissions

Use API keys with minimal required permissions

Monitor usage

Track API usage to detect unauthorized access

Validation

Scira validates environment variables at build time using @t3-oss/env-nextjs. Missing required variables will cause build failures with helpful error messages.

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us