Appearance
ENV Reference
Every external dependency is configured by environment variable. The repo ships .env.example at the root; copy it to .env and fill in production values before ./service.sh start.
Core
NODE_BIN= # optional: dir with the node + pnpm to use
PORT=4200 # backend HTTP listener
API_PREFIX=/api/v1
BASE_URL=https://app.sosyabot.com # public backend URL (used in OAuth callbacks)
FRONTEND_URL=https://app.sosyabot.com
LANDING_URL=https://sosyabot.com
CORS_ORIGINS= # comma-separated list (or "*" — discouraged)
JWT_SECRET= # required
JWT_EXPIRES_IN=7d
SESSION_SECRET= # required
WORKER_CONCURRENCY=4 # BullMQ worker concurrencyStorage
MONGODB_URL=mongodb://... # required; password URL-encoded
REDIS_URL=redis://... # required; backs BullMQSMTP
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_FROM=Sosyabot <noreply@your-domain>OTP signup will not work without SMTP. See SMTP.
Social platforms
| Platform | Keys |
|---|---|
| X (Twitter) | TWITTER_CLIENT_ID, TWITTER_CLIENT_SECRET |
| Instagram + Facebook (shared Meta app) | FACEBOOK_APP_ID, FACEBOOK_APP_SECRET |
LINKEDIN_CLIENT_ID, LINKEDIN_CLIENT_SECRET | |
| TikTok | TIKTOK_CLIENT_KEY, TIKTOK_CLIENT_SECRET |
| Threads | THREADS_APP_ID, THREADS_APP_SECRET |
| Bluesky | BLUESKY_SERVICE_URL (default https://bsky.social) |
| Mastodon | MASTODON_INSTANCE_URL, MASTODON_CLIENT_KEY, MASTODON_CLIENT_SECRET |
PINTEREST_APP_ID, PINTEREST_APP_SECRET | |
| YouTube | YOUTUBE_CLIENT_ID, YOUTUBE_CLIENT_SECRET |
REDDIT_CLIENT_ID, REDDIT_CLIENT_SECRET, REDDIT_USER_AGENT | |
| Discord | DISCORD_CLIENT_ID, DISCORD_CLIENT_SECRET, DISCORD_BOT_TOKEN |
| Slack | SLACK_CLIENT_ID, SLACK_CLIENT_SECRET, SLACK_SIGNING_SECRET |
| Listmonk | LISTMONK_BASE_URL, LISTMONK_API_KEY (or LISTMONK_USERNAME + LISTMONK_PASSWORD) |
Telegram has no global ENV — bot tokens are user-supplied at connect time. See Connections.
Sign-in OAuth (Google / GitHub)
LOGIN_GOOGLE_CLIENT_ID=
LOGIN_GOOGLE_CLIENT_SECRET=
LOGIN_GITHUB_CLIENT_ID=
LOGIN_GITHUB_CLIENT_SECRET=Optional. When configured they enable "Continue with Google / GitHub" on the auth pages.
AI providers
QEVRON_API_BASE_URL=
QEVRON_API_KEY=
OPENAI_API_KEY=
STABILITY_API_KEY=
FAL_API_KEY=
RUNWAY_API_KEY=
AI_VIDEO_PROVIDER=fal # fal | runwayBilling
BILLING_PROVIDER=stripe # stripe | iyzico | paytr
STRIPE_SECRET_KEY=
STRIPE_PUBLISHABLE_KEY=
STRIPE_WEBHOOK_SECRET= # required for webhook signature verification
IYZICO_API_KEY=
IYZICO_SECRET_KEY=
IYZICO_BASE_URL=https://sandbox-api.iyzipay.com
PAYTR_MERCHANT_ID=
PAYTR_MERCHANT_KEY=
PAYTR_MERCHANT_SALT=
PAYTR_TEST_MODE=1 # 1 sandbox, 0 liveShort links
SHORT_LINK_BASE_URL=https://sosya.bot # base for /s/<slug> redirectsFrontend Vite vars (read at build time, baked into the bundle)
VITE_APP_URL=https://app.sosyabot.com
VITE_DOCS_URL=https://docs.sosyabot.com
VITE_BACKEND_URL=https://app.sosyabot.com
VITE_API_URL=https://app.sosyabot.com/api/v1
VITE_DEMO_EMAIL=
VITE_CONTACT_SALES_EMAIL=
VITE_CONTACT_SUPPORT_EMAIL=
VITE_CONTACT_PRESS_EMAIL=
VITE_CONTACT_DPO_EMAIL=
VITE_CALENDLY_URL=
VITE_CONTACT_OFFICE_ADDRESS=Landing site
LANDING_DEV_PORT=3001
LANDING_PORT=4201
LANDING_ALLOWED_HOSTS= # comma-separated list for `vite preview`Docs site
DOCS_PORT=4202
DOCS_HOST=127.0.0.1
DOCS_BASE_URL=https://docs.sosyabot.com
DOCS_DEV_PORT=3002Visual audit (optional)
AUDIT_URL=
AUDIT_USER=
AUDIT_PASS=
AUDIT_TAG=baselineUsed only by pnpm --filter sosyabot-frontend audit:visual.
No silent defaults for secrets
Per CLAUDE.md, missing required keys must fail fast at boot. The backend does not synthesize defaults for any token, key, or password — if it's missing, you'll see an explicit error in the API log.