Environment Variables
Each application in the Siyahfy platform requires its own set of environment variables. This page documents every variable used across all apps. Never commit real secrets to version control — use .env.local files (which are git-ignored) for sensitive values.
app.siyahfy.com (Vendor Dashboard)
File: app.siyahfy.com/.env.local
| Variable | Required | Description |
|---|---|---|
WEBSITE_NAME | Yes | Display name for the platform (e.g., Siyahfy) |
ADMINURL | Yes | URL of the backend API server |
DOCS_WEBSITE_NAME | No | Display name for the documentation site |
FRONTEND_URL | Yes | Public-facing URL of the vendor dashboard |
COMPANY_EMAIL | Yes | Contact email shown to users |
BACKBLAZE_URL | Yes | Backblaze B2 public bucket URL for file storage |
PG_USER | Yes | PostgreSQL database username |
PG_HOST | Yes | PostgreSQL database host |
PG_DATABASE | Yes | PostgreSQL database name |
PG_PASSWORD | Yes | PostgreSQL database password |
PG_PORT | Yes | PostgreSQL database port (default: 5432) |
NEXT_PUBLIC_APP_URL | Yes | Public URL of the vendor dashboard (client-side) |
NEXT_PUBLIC_COOKIE_DOMAIN | Yes | Cookie domain scope (e.g., .siyahfy.com for cross-subdomain auth) |
NEXT_PUBLIC_STORE_URL | Yes | Public URL of the storefront app |
NEXT_PUBLIC_GOOGLE_CLIENT_ID | Yes | Google OAuth client ID for social login |
NEXT_PUBLIC_EDITOR_URL | Yes | Public URL of the theme editor |
NEXT_PUBLIC_STUDIO_URL | Yes | Public URL of the developer studio |
RAZORPAY_KEY_ID | Yes | Razorpay test/sandbox API key |
LIVE_RAZORPAY_KEY_ID | Yes | Razorpay live/production API key |
FREE_TRIAL_DAYS | Yes | Number of free trial days for new signups |
backend.siyahfy.com (Backend API)
File: backend.siyahfy.com/.env
Core Settings
| Variable | Required | Description |
|---|---|---|
PORT | Yes | Port the backend server listens on (default: 3003) |
SECRET_KEY | Yes | JWT signing secret for authentication tokens |
DB_SECRET_KEY | Yes | Encryption key for sensitive data stored in the database |
BACKEND_URL | Yes | Public URL of the backend API |
FREE_TRIAL_DAYS | Yes | Number of free trial days for new vendor accounts |
Database
| Variable | Required | Description |
|---|---|---|
DB_USER | Yes | PostgreSQL database username |
DB_HOST | Yes | PostgreSQL database host |
DB_DATABASE | Yes | PostgreSQL database name |
DB_PASSWORD | Yes | PostgreSQL database password |
DB_PORT | Yes | PostgreSQL database port (default: 5432) |
REDIS_URL | No | Redis connection URL for caching and sessions (e.g., redis://localhost:6379) |
Google Services
| Variable | Required | Description |
|---|---|---|
GOOGLE_CLIENT_ID | Yes | Google OAuth client ID for social login |
GOOGLE_PLACES_API_KEY | No | Google Places API key for address autocomplete |
GEMINI_API_KEY | No | Google Gemini API key for AI-powered features |
WhatsApp Integration
| Variable | Required | Description |
|---|---|---|
WHATSAPP_TOKEN | No | WhatsApp Business API access token |
WHATSAPP_BUSINESS_ID | No | WhatsApp Business account ID |
Backblaze B2 Storage
| Variable | Required | Description |
|---|---|---|
BACKBLAZE_KEY_ID | Yes | Backblaze B2 application key ID |
BACKBLAZE_APP_KEY | Yes | Backblaze B2 application key secret |
BACKBLAZE_BUCKET_NAME | Yes | Backblaze B2 bucket name for file uploads |
BACKBLAZE_PRODUCTS_FOLDER | Yes | Folder prefix for product images in the bucket |
BACKBLAZE_REGION | Yes | Backblaze B2 region (e.g., us-east-005) |
BACKBLAZE_BUCKET_ID | Yes | Backblaze B2 bucket identifier |
Cloudflare R2 Storage
| Variable | Required | Description |
|---|---|---|
CLOUDFLARE_ACCOUNT_ID | No | Cloudflare account ID for R2 storage |
CLOUDFLARE_ACCESS_KEY_ID | No | Cloudflare R2 access key ID |
CLOUDFLARE_SECRET_ACCESS_KEY | No | Cloudflare R2 secret access key |
CLOUDFLARE_BUCKET_NAME | No | Cloudflare R2 bucket name |
R2_PUBLIC_URL | No | Public URL for Cloudflare R2 assets |
Payment Gateway
| Variable | Required | Description |
|---|---|---|
RAZORPAY_KEY_ID | Yes | Razorpay test/sandbox API key ID |
RAZORPAY_SECRET_KEY | Yes | Razorpay test/sandbox secret key |
LIVE_RAZORPAY_KEY_ID | Yes | Razorpay production API key ID |
LIVE_RAZORPAY_KEY_SECRET | Yes | Razorpay production secret key |
CLIENT_ID | No | Cashfree payment gateway client ID |
CLIENT_SECRET | No | Cashfree payment gateway client secret |
| Variable | Required | Description |
|---|---|---|
MAIL_HOST | Yes | SMTP server host (e.g., smtp.gmail.com) |
MAIL_PORT | Yes | SMTP server port (e.g., 587 for TLS) |
MAIL_USERNAME | Yes | SMTP authentication email address |
MAIL_PASSWORD | Yes | SMTP authentication password or app password |
WonEstop Integration
| Variable | Required | Description |
|---|---|---|
WONESTOP_API_URL | No | WonEstop shipping API base URL |
WONESTOP_API_TOKEN | No | WonEstop API authentication token |
WONESTOP_ORDER_TEMPLATE_ID | No | WonEstop order notification template ID |
editor.siyahfy.com (Theme Editor)
File: editor.siyahfy.com/.env.local
| Variable | Required | Description |
|---|---|---|
NEXT_PUBLIC_BACKEND_URL | Yes | Backend API URL for editor API calls |
NEXT_PUBLIC_APP_URL | Yes | Vendor dashboard URL for cross-app navigation |
studio.siyahfy.com (Developer Studio)
File: studio.siyahfy.com/.env.local
| Variable | Required | Description |
|---|---|---|
ADMINURL | Yes | Backend API URL for studio API calls |
NEXT_PUBLIC_API_URL | Yes | Public API URL for client-side requests |
NEXT_PUBLIC_THEME_URL | Yes | Theme preview/store URL |
siyahfy.com (Marketing Website)
File: siyahfy.com/.env.local
| Variable | Required | Description |
|---|---|---|
NEXT_PUBLIC_APP_DOMAIN | Yes | Public URL of the marketing site |
NEXT_PUBLIC_APP_NAME | Yes | Application display name |
NEXT_PUBLIC_GOOGLE_CLIENT_ID | Yes | Google OAuth client ID for social login |
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY | Yes | Clerk authentication publishable key |
CLERK_SECRET_KEY | Yes | Clerk authentication secret key (server-side only) |
BACKEND | Yes | Backend API URL for server-side calls |
NEXT_PUBLIC_LOCALE | Yes | Default locale/URL for the main app |
NEXT_PUBLIC_FREE_TRIAL_DAYS | Yes | Free trial duration displayed on pricing pages |
siyahfy-theme-2502 (Default Store Theme)
File: siyahfy-theme-2502/.env.local
| Variable | Required | Description |
|---|---|---|
NEXT_PUBLIC_BACKEND_URL | Yes | Backend API URL for storefront data fetching |
Environment-Specific Values
Development (Local)
# All apps typically point to localhost
BACKEND_URL=http://localhost:3003
NEXT_PUBLIC_APP_URL=http://localhost:3003
NEXT_PUBLIC_STORE_URL=http://localhost:3002
NEXT_PUBLIC_EDITOR_URL=http://localhost:3001
NEXT_PUBLIC_STUDIO_URL=http://localhost:3012Production
# All apps point to their production subdomains
BACKEND_URL=https://backend.siyahfy.com
NEXT_PUBLIC_APP_URL=https://app.siyahfy.com
NEXT_PUBLIC_STORE_URL=https://store.siyahfy.com
NEXT_PUBLIC_EDITOR_URL=https://editor.siyahfy.com
NEXT_PUBLIC_STUDIO_URL=https://studio.siyahfy.comSecurity Notes
- Always use strong, unique values for
SECRET_KEYandDB_SECRET_KEYin production - Use app-specific passwords for
MAIL_PASSWORD(never your primary email password) - Rotate API keys and tokens periodically
- Never expose server-side secrets in
NEXT_PUBLIC_prefixed variables - Set
NEXT_PUBLIC_COOKIE_DOMAINto.siyahfy.comin production for cross-subdomain session sharing