API Runtime Configuration Reference
All variables are read from .env in the Nx workspace root. Load order: dotenv/config in main.ts runs first.
API Server
Source: apps/api/src/main.ts
| Variable | Required | Default | Notes |
|---|---|---|---|
PORT | ❌ | 3000 | HTTP listen port |
- Global prefix:
/api - CORS origin:
https://td.traitor.app - CORS credentials:
true - Allowed headers:
Content-Type,Authorization,Accept,Origin
Better Auth
Source: libs/api/auth/src/lib/auth.config.ts
| Variable | Required | Notes |
|---|---|---|
BETTER_AUTH_SECRET | ✅ | Signing secret for tokens |
BETTER_AUTH_URL | ✅ | Base URL used in generated links (e.g. http://localhost:3000) |
Trusted origins for callback URLs in local development:
http://localhost:4200http://127.0.0.1:4200
Common Mistake
INCORRECT: BETTER_AUTH_URL=http://localhost:4200 — this points at the frontend.
CORRECT: BETTER_AUTH_URL=http://localhost:3000 — must point at the API.
MySQL
Source: libs/api/db/src/lib/mysql.config.ts
| Variable | Required | Default | Notes |
|---|---|---|---|
MYSQL_USER | ✅ | — | |
MYSQL_PASSWORD | ✅ | — | |
MYSQL_DB | ✅ | — | |
MYSQL_HOST | ❌ | localhost:3306 | Format: host:port |
SMTP
Source: libs/api/mail/src/lib/mail.service.ts and auth.config.ts
| Variable | Required | Default | Notes |
|---|---|---|---|
SMTP_HOST | ✅ | — | |
SMTP_PORT | ❌ | 25 | |
SMTP_SECURE | ❌ | false | 'true' enables TLS |
SMTP_USER | ❌ | — | Omit for anonymous relay |
SMTP_PASS | ❌ | — | Required with SMTP_USER |
SMTP_FROM | ✅ | — | Sender address |
Callback URL Trust Rules
The ProfileService validates every callbackURL field before persisting a pending change.
| Rule | Error when violated |
|---|---|
| Must be present | 400 Bad Request |
| Must be a valid absolute URL | 400 Bad Request |
| Origin must be in the trusted list | 400 Bad Request |