ApiSquare is configured entirely through environment variables — there are no config files to edit. In development, place them in aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/shadownrx/apisquare/llms.txt
Use this file to discover all available pages before exploring further.
.env.local file at the project root (Next.js loads this automatically). In production, add them via the Vercel dashboard under Settings → Environment Variables, or with the Vercel CLI using vercel env add. The sections below document every variable the application reads, grouped by subsystem.
Telegram Bot (Required)
The bot token issued by @BotFather when you create a new Telegram bot. It follows the format
123456789:ABCDefGhIJKlmNoPQRstuVWXyz. This token is required for the webhook handler at POST /api/webhook to receive incoming updates and send replies back to users. Without it, the bot cannot communicate with Telegram at all.Admin Authentication (Required)
The username accepted by the admin login form at
/login. Defaults to admin if not set. Change this to a less guessable value in any internet-facing deployment.The password for the admin account. ApiSquare supports two formats:The script prints the hash and a ready-to-paste
- Bcrypt hash — if the value starts with
$2b$or$2a$, the login handler usesbcrypt.compareto verify the submitted password against the stored hash. This is the recommended approach. - Plaintext — if the value does not start with a bcrypt prefix, a direct string comparison is used. Acceptable for local development only.
ADMIN_PASSWORD= line. Paste the result directly into your .env.local or Vercel environment variables.After 5 consecutive failed login attempts from the same IP address, the login endpoint returns HTTP 429 and blocks further attempts for 15 minutes.Vercel KV / Redis (Required in production)
The HTTPS REST endpoint for your Vercel KV (Upstash Redis) store. It looks like
https://<name>-<region>.upstash.io. Found in the Vercel dashboard under Storage → your KV database → .env.local.ApiSquare uses this store for:- Conversation state keys (
conv:<chatId>) - Reservation records (
reserva:<professional>:<date>:<time>andreserva:id:<id>) - Per-user reservation lists (
user:<chatId>:reservas) - Rate-limit counters (
ratelimit:user:<chatId>andratelimit:login:<ip>) - Update deduplication keys (
processed:update:<updateId>) - Admin session tokens (
session:<token>)
The authentication token for the Vercel KV REST API. Passed as the
token field to @vercel/kv’s createClient. Found alongside KV_REST_API_URL in the Vercel dashboard.If either KV_REST_API_URL or KV_REST_API_TOKEN is missing, the application automatically falls back to in-memory storage using JavaScript Map and Set objects. This fallback is intentional for local development — all data is lost on process restart and multiple Vercel serverless instances will not share state. Always configure KV credentials in production.Google Calendar (Optional)
The full JSON content of a Google service account key file, provided as a single-line string. Used by the Calendar API integration to authenticate as a service account and create calendar events when appointments are confirmed. Example format:If this variable is not set, Google Calendar sync is disabled and appointments are only stored in Vercel KV.
The ID of the Google Calendar to which confirmed appointments should be written. Defaults to
primary (the calendar owner’s default calendar) when not specified. You can find a calendar’s ID in Google Calendar under Settings → [Calendar name] → Calendar ID.The OAuth 2.0 client ID from the Google Cloud Console. This variable is only read by the standalone helper script
scripts/get-google-refresh-token.js — it is not used anywhere in the main application. Run that script once, offline, to obtain a refresh token when setting up OAuth-based calendar access. If you authenticate with a service account (GOOGLE_SERVICE_ACCOUNT_KEY), you do not need this variable at all.GOOGLE_CLIENT_ID is not required in your Vercel environment or .env.local for the app to function. It is only needed locally when running the one-time OAuth helper script.The OAuth 2.0 client secret paired with
GOOGLE_CLIENT_ID. Like GOOGLE_CLIENT_ID, this variable is only read by scripts/get-google-refresh-token.js and is not referenced anywhere in the main application. Do not add it to your production Vercel environment unless you specifically need to re-run the OAuth helper script.Runtime
The Node.js runtime environment. Set to
production automatically by Vercel during deployment builds. ApiSquare uses this value to control the secure flag on the admin_session cookie — the flag is enabled only when NODE_ENV === 'production', ensuring the cookie is transmitted exclusively over HTTPS in production while remaining accessible over plain HTTP during local development.