The NuestraVoz API reads all runtime configuration from environment variables stored inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Renzo717/Aula-Virtual-Universidad-Radiolocucion/llms.txt
Use this file to discover all available pages before exploring further.
apps/api/.env. There is no separate frontend .env file — the Astro frontend proxies all /api requests to the Express backend, so only the API needs environment configuration. This page documents every variable, its default value, and what breaks if it is missing or wrong.
Complete .env file
apps/api/.env
apps/api/.env.example to apps/api/.env and fill in your actual Supabase credentials before starting the API.
Variable Reference
The full URL of your Supabase project, e.g.
https://abcdefghijkl.supabase.co. Found in Project Settings → API → Project URL in the Supabase dashboard. The API uses this to initialise both the admin client (service role) and ephemeral user-scoped clients.The
service_role secret key for your Supabase project. Found in Project Settings → API → Project API Keys → service_role. This key grants full unrestricted access to your database and must never be exposed client-side. The API uses it for all database operations.The TCP port on which the Express API listens. Defaults to
3001 if not set. In production you can bind to any available port and configure your reverse proxy accordingly.Runtime environment flag. Set to
production in live deployments. When not production, the config.isDev flag is true, which disables the secure flag on session cookies (allowing HTTP during local development). All other behavior is identical.The exact origin the API allows cross-origin requests from — the frontend URL. In development this is
http://localhost:4321. In production set this to your Astro deployment URL, e.g. https://campus.nuestravoz.edu. Must match the Origin header sent by the browser exactly (no trailing slash).The name of the session cookie set by
POST /api/auth/login. Defaults to nv_session. The middleware reads this cookie on every request to authenticate the user. Change it only if you have a reason to namespace cookies (e.g. multiple deployments on the same domain).How configuration is loaded
The API loads variables via thedotenv package at startup (import 'dotenv/config' in apps/api/src/lib/config.ts). The config object is then imported by the server entry point and all route modules:
apps/api/src/lib/config.ts
SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are read directly in apps/api/src/lib/supabase.ts and not exposed through the config object.
Local vs production settings
| Variable | Local development | Production |
|---|---|---|
SUPABASE_URL | Cloud or local Supabase instance | Your Supabase cloud project URL |
SUPABASE_SERVICE_ROLE_KEY | Obtained from Supabase dashboard | Same — never changes per environment unless you use separate projects |
PORT | 3001 | Any available port |
NODE_ENV | development | production |
CORS_ORIGIN | http://localhost:4321 | Your production frontend URL |
SESSION_COOKIE_NAME | nv_session | nv_session (or your preferred name) |