Environment Variables

Right Events uses both Next.js runtime variables and Convex-side variables.

Rules of thumb

Variables used from app/, components/, and lib/ usually live in .env.local.
Variables used from convex/ are typically configured in the Convex dashboard.
Public client-side values must use the NEXT_PUBLIC_ prefix.

Core web and Convex

Variable	Purpose
`NEXT_PUBLIC_CONVEX_URL`	Required by the React client and several server routes to talk to Convex.
`CONVEX_SITE_URL`	Required for Convex HTTP health checks and auth setup.
`NEXT_PUBLIC_CONVEX_SITE_URL`	Fallback used by some health/auth paths.
`SITE_URL`	Canonical app URL used in emails and auth flows.
`NEXT_PUBLIC_APP_URL`	Optional public app URL fallback for links and templates.
`NEXT_PUBLIC_BASE_URL`	Base URL used by some SEO and metadata paths.

Authentication

Variable	Purpose
`AUTH_RESEND_KEY`	Primary Resend API key for OTP and magic link email auth.
`RESEND_API_KEY`	Fallback to `AUTH_RESEND_KEY`.
`AUTH_RESEND_FROM`	Sender address for auth emails.
`RESEND_FROM_EMAIL`	Fallback sender address.
`GOOGLE_CLIENT_ID` / `GOOGLE_CLIENT_SECRET`	Google OAuth login.
`AUTH_GOOGLE_ID` / `AUTH_GOOGLE_SECRET`	Alternative Google OAuth variable names accepted by the auth layer.
`APPLE_CLIENT_ID` / `APPLE_CLIENT_SECRET`	Apple OAuth login when using a prebuilt client secret.
`APPLE_TEAM_ID`, `APPLE_KEY_ID`, `APPLE_PRIVATE_KEY`	Apple OAuth JWT-based configuration.
`AUTH_APPLE_ID`, `AUTH_APPLE_SECRET`, `AUTH_APPLE_TEAM_ID`, `AUTH_APPLE_KEY_ID`, `AUTH_APPLE_PRIVATE_KEY`	Alternative Apple auth variable names accepted by the auth layer.

Payments

Variable	Purpose
`PAYSTACK_SECRET_KEY` / `PAYSTACK_PUBLIC_KEY`	Paystack checkout and payment settings.
`FLUTTERWAVE_SECRET_KEY` / `FLUTTERWAVE_PUBLIC_KEY`	Flutterwave checkout and payment settings.
`STRIPE_SECRET_KEY`	Stripe server-side checkout creation.
`NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY`	Stripe public settings surfaced to the frontend.

AI and content generation

Variable	Purpose
`GEMINI_API_KEY`	Gemini-backed AI endpoints in `app/api/ai/*`.
`OPENROUTER_API_KEY`	OpenRouter-backed generation and moderation flows in Convex.
`OPENROUTER_TEXT_MODEL`	Default text model fallback.
`OPENROUTER_VISION_MODEL`	Default vision model fallback.
`OPENROUTER_IMAGE_MODEL`	Default image model fallback.
`OPENROUTER_IMAGE_SIZE`	Default generated image size.

Email, notifications, and messaging

Variable	Purpose
`UNSUBSCRIBE_SECRET`	Notification unsubscribe token signing fallback.
`APP_SECRET`	Secondary fallback for unsubscribe token signing.
`NEXT_PUBLIC_TRACKING_URL`	Tracking URL used by marketing links.
`ZAVU_API_KEY`	SMS or WhatsApp provider integration in marketing and support flows.
`ZAVU_BASE_URL`	Optional Zavu base URL override.
`ZAVU_SMS_SENDER`	SMS sender identifier.
`ZAVU_WHATSAPP_SENDER`	WhatsApp sender identifier.

Mobile gateway and backend proxy

Variable	Purpose
`BACKEND_URL`	Base URL for the FastAPI backend.
`MOBILE_BACKEND_URL`	Fallback backend URL for the mobile proxy.
`MOBILE_BACKEND_API_KEY`	Legacy static gateway key accepted by `/api/mobile/backend/*`.
`MOBILE_BACKEND_ALLOWED_ORIGINS`	CSV allow-list for CORS on the mobile gateway.
`MOBILE_BACKEND_ALLOWED_PREFIXES`	CSV allow-list for proxied backend paths.
`MOBILE_BACKEND_TIMEOUT_MS`	Backend request timeout for mobile proxy routes.
`MOBILE_GATEWAY_KEYS_CACHE_TTL_MS`	TTL for cached database-managed mobile API keys.
`MOBILE_API_KEY`	Used by the mobile client, not the server.
`MOBILE_API_BASE_URL`	Base URL consumed by `mobile/api/RightEventsApiClient.ts`.

Health and release operations

Variable	Purpose
`HEALTHCHECK_TIMEOUT_MS`	Timeout for `/api/health` downstream checks.
`DEPLOYMENT_INGEST_TOKEN`	Auth token for `/railway/deployments/ingest`.
`ENABLE_RUNTIME_DEPLOYMENT_INGEST`	Enables release ingestion on startup if post-deploy hooks are unavailable.
`RELEASE_VERSION`	Explicit release version override.
`RELEASE_SEMVER_BUMP` / `RELEASE_BUMP`	Semver bump hint for automated release ingestion.
`RELEASE_VERSION_MODE`	Versioning mode override used by deployment ingest helpers.
`DP_HUB_CRON_TOKEN`	Protects Convex cron-style HTTP routes for DP maintenance.

Railway and CI metadata

These are not always set manually, but the app consumes them when present:

RAILWAY_ENVIRONMENT_NAME
RAILWAY_ENVIRONMENT
RAILWAY_PROJECT_ID
RAILWAY_SERVICE_ID
RAILWAY_ENVIRONMENT_ID
RAILWAY_DEPLOYMENT_ID
RAILWAY_DEPLOYMENT_URL
RAILWAY_GIT_COMMIT_SHA
RAILWAY_GIT_BRANCH
RAILWAY_GIT_COMMIT_MESSAGE
RAILWAY_GIT_COMMITTER
GITHUB_SHA
GITHUB_REF_NAME
GITHUB_ACTOR
CI_COMMIT_SHA
CI_COMMIT_BRANCH

Wallet pass backend

These are used by the FastAPI wallet pass service:

APPLE_TEAM_ID
APPLE_PASS_TYPE_ID
APPLE_PASS_CERT
APPLE_PASS_KEY
GOOGLE_WALLET_ISSUER_ID
GOOGLE_WALLET_KEY_FILE

Recommended first-pass `.env.local`

NEXT_PUBLIC_CONVEX_URL=https://your-project.convex.cloud
CONVEX_SITE_URL=https://your-project.convex.site
SITE_URL=http://localhost:3000
AUTH_RESEND_KEY=re_xxx
AUTH_RESEND_FROM="Right Events <hello@example.com>"
BACKEND_URL=http://127.0.0.1:8001

Add payment, AI, and mobile gateway variables only when you need those flows.

Rules of thumb​

Core web and Convex​

Authentication​

Payments​

AI and content generation​

Email, notifications, and messaging​

Mobile gateway and backend proxy​

Health and release operations​

Railway and CI metadata​

Wallet pass backend​

Recommended first-pass .env.local​