Quikko’s Go backend loads all configuration from environment variables at startup. CopyDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Andr21Da16/Quikko/llms.txt
Use this file to discover all available pages before exploring further.
server/.env.example to server/.env for local development. In production, set variables in your hosting environment — no .env file is required.
server/.env.example
Server
HTTP port the Go server listens on.
Runtime environment. Accepted values:
development or production. Controls
logging format and behavior — use production for all deployed environments.Public base URL used to build the short URLs returned to clients. In
production this should be your short-link domain, e.g.
https://sho.rt.Next.js frontend URL. When a redirect fails (link not found or inactive), the
backend redirects to this URL instead of returning raw JSON, so users see a
branded error page.
Comma-separated CORS allowlist. Specify explicit origins — never use
*.
Example: https://app.yourdomain.com or
https://app.yourdomain.com,https://www.yourdomain.com.MongoDB
MongoDB connection string. Required — the server will not start without this
value. Example:
mongodb+srv://user:pass@cluster.mongodb.net for MongoDB
Atlas or mongodb://localhost:27017 for a local instance.Name of the MongoDB database Quikko will use for users and URLs.
Redis
Redis server address in
host:port format. Redis is used as the redirect
cache and for all rate-limiting counters.Redis authentication password. Leave empty when Redis requires no
authentication (the default for local development).
Redis logical database index (0–15). Useful for isolating Quikko data when
the Redis instance is shared with other applications.
InfluxDB
InfluxDB 2.x instance URL. Used to write and query time-series click event
data that powers the analytics dashboard.
InfluxDB API token. Not enforced at startup, but analytics writes will fail
without a valid token — always set this in any environment where click
tracking is needed. Must match the token configured during InfluxDB
initialisation. In the Docker Compose setup this corresponds to
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN.InfluxDB organization name. Must match the organisation created during
InfluxDB initialisation.
InfluxDB bucket where click events are stored. Each redirect writes an
asynchronous data point to this bucket.
JWT
Secret key used to sign and verify JSON Web Tokens. Required — use a long,
random string in production (see tip below). Never reuse this value across
environments.
Lifetime of short-lived access tokens. Accepts duration strings suffixed with
s, m, h, or d (e.g. 30s, 15m, 1h, 1d). The d suffix for
days is handled by a custom parser — it is not a standard Go duration unit.Lifetime of long-lived refresh tokens. Accepts the same duration strings as
JWT_ACCESS_TOKEN_TTL — including the d suffix for days (e.g. 7d, 30d).GeoIP
Timeout in seconds for outbound GeoIP lookups made to
ipapi.co. Each lookup runs asynchronously in a goroutine
during a redirect so it never blocks the response. Results are cached in Redis
for 48 hours. Reduce this value on high-latency networks.
Rate Limiting
Maximum number of redirect requests (
GET /:code) allowed per second per IP
address. Protects the most frequently called endpoint against abuse.Maximum number of URL creation requests allowed per minute per authenticated
user.
Maximum number of registration attempts allowed per minute per IP address.
Guards against automated account creation.
Maximum number of login attempts allowed per minute per IP address. This
counter is intentionally separate from the registration counter because the
login endpoint is the most sensitive to password brute-force attacks.
Plans
Maximum number of simultaneously active short URLs allowed for Free plan
users. Pro plan users have no limit. Increase or decrease this value to
adjust your platform’s free tier without redeploying.