Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/fredy-rizo/ecommerce-delivery/llms.txt

Use this file to discover all available pages before exploring further.

The Ecommerce Delivery API reads every runtime value — server port, signing secrets, database credentials, cloud storage keys, and email credentials — from environment variables. These are loaded at startup via dotenv, so no configuration is hard-coded in the application. Before starting the server for the first time you must create a .env file in the project root and populate it with the values described below.

Creating your .env file

Copy the provided template and then fill in your own values: 
cp example.env .env
The template ships with every key present but all values blank, so the server will not start until you supply them.

Environment variable reference

Server

PORT
number
required
The port the Express HTTP server listens on. Choose any available port; 3000 and 4000 are common development values.

Authentication

SECRET
string
required
The secret string used by jsonwebtoken to sign and verify JWT access tokens. This value is also the fallback used by config.js when the variable is absent, so it must be overridden in every real environment.
In production, SECRET must be a long, cryptographically random string — treat it like a password. A short or predictable value allows attackers to forge valid tokens. Generate one with node -e "console.log(require('crypto').randomBytes(64).toString('hex'))".

Database

MONGODB_URL
string
required
The full MongoDB connection string passed directly to Mongoose’s connect() call. See Database for the expected format and Atlas setup instructions.

Google Cloud Storage

NAMEGOOGLECLOUD
string
required
The name of the Google Cloud Storage bucket where product images, user avatars, and payment proof images are stored. The bucket must already exist and be accessible with the service-account credentials bundled in the project.

Google OAuth

CLIENT_ID
string
required
The OAuth 2.0 Client ID for your Google Cloud project. Used together with CLIENT_SECRET to authenticate OAuth-based flows.
CLIENT_SECRET
string
required
The OAuth 2.0 Client Secret for your Google Cloud project. Keep this value out of version control.
CLIENT_URL
string
required
The base URL of the front-end client application. The API uses this value when constructing links that are sent to users, for example in account verification and password-recovery email templates.

Email (Nodemailer)

USER_EMAIL
string
required
The Gmail address used as the SMTP sender by Nodemailer. This address appears in the from field of account-verification and password-recovery emails.
PASS_EMAIL
string
required
The SMTP password (or Google App Password) for USER_EMAIL. Because the API uses Gmail’s service transport, a standard Google account password may not work if 2-Step Verification is enabled — create a dedicated App Password instead.

Complete example.env

PORT=
SECRET=
MONGODB_URL=

# Google Storage
NAMEGOOGLECLOUD=
CLIENT_ID=
CLIENT_SECRET=
CLIENT_URL=

# Email
USER_EMAIL=
PASS_EMAIL=

How configuration is loaded

src/config.js imports dotenv and re-exports every variable as a typed object with safe empty-string defaults, making it straightforward to import a single config object anywhere in the codebase instead of calling process.env directly: 
import { config } from "dotenv";
config();

export default {
  PORT: process.env.PORT || "",
  SECRET: process.env.SECRET || "contra, token",
  MONGODB_URL: process.env.MONGODB_URL || "",
  NAMEGOOGLECLOUD: process.env.NAMEGOOGLECLOUD || "",
  CLIENT_ID: process.env.CLIENT_ID || "",
  CLIENT_SECRET: process.env.CLIENT_SECRET || "",
  CLIENT_URL: process.env.CLIENT_URL || "",
  USER_EMAIL: process.env.USER_EMAIL || "",
  PASS_EMAIL: process.env.PASS_EMAIL || "",
};
Never commit your .env file to version control. Ensure .env is listed in your .gitignore before making your first commit.

Build docs developers (and LLMs) love

Get started for freeTalk to us