Builder configuration
General
| Parameter | Default | Description |
|---|---|---|
| DATABASE_URL | postgresql://postgres:typebot@db:5432/typebot | The database URL |
| ENCRYPTION_SECRET | SgVkYp2s5v8y/B?E(H+MbQeThWmZq4t6 | A 256-bit key used to encrypt sensitive data. It is strongly recommended to generate a new one. The secret should be the same between builder and viewer. |
| ADMIN_EMAIL | -- | The email that will get a "Pro" plan on user creation |
| NEXTAUTH_URL | http://localhost:3000 | The builder base URL. Should be the publicly accessible URL (i.e. https://typebot.domain.com) |
| NEXT_PUBLIC_VIEWER_URL | http://localhost:3001 | The viewer base URL. Should be the publicly accessible URL (i.e. https://bot.domain.com) |
| NEXTAUTH_URL_INTERNAL | -- | The internal builder base URL. You have to set it only when NEXTAUTH_URL isn't publicly accessible |
| DISABLE_SIGNUP | false | To disable new sign ups but still be able to sign in with existing users or admin email |
Email (Auth, notifications)
Used for sending email notifications and authentication
| Parameter | Default | Description |
|---|---|---|
| SMTP_USERNAME | -- | SMTP username |
| SMTP_PASSWORD | -- | SMTP password |
| SMTP_HOST | -- | SMTP host. (i.e. smtp.host.com) |
| SMTP_PORT | 25 | SMTP port |
| NEXT_PUBLIC_SMTP_FROM | - | From name and email (i.e. 'Typebot Notifications' <notifications@host.com>) |
| SMTP_SECURE | false | If true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false |
| SMTP_AUTH_DISABLED | false | To disable the authentication by email but still use the provided config for notifications |
Google (Auth, Sheets, Fonts)
Used authentication in the builder and for the Google Sheets integration step. Make sure to set the required scopes (userinfo.email, spreadsheets, drive.readonly) in your console
The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/google
| Parameter | Default | Description |
|---|---|---|
| GOOGLE_CLIENT_ID | -- | The Client ID from the Google API Console |
| GOOGLE_CLIENT_SECRET | -- | The Client secret from the Google API Console |
Used for Google Fonts (Optional):
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_GOOGLE_API_KEY | -- | The API Key from the Google API Console |
Configuration
https://console.developers.google.com/apis/credentials
The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path. For example,
- For production: https://{YOUR_DOMAIN}/api/auth/callback/google
- For development: http://localhost:3000/api/auth/callback/google
GitHub (Auth)
Used for authenticating with GitHub. By default, it uses the credentials of a Typebot-dev app.
You can create your own GitHub OAuth app here. The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/github
| Parameter | Default | Description |
|---|---|---|
| GITHUB_CLIENT_ID | -- | Application client ID. Also used to check if it is enabled in the front-end |
| GITHUB_CLIENT_SECRET | -- | Application secret |
GitLab (Auth)
Used for authenticating with GitLab.
Follow the official GitLab guide for creating OAuth2 applications here.
The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/gitlab
| Parameter | Default | Description |
|---|---|---|
| GITLAB_CLIENT_ID | -- | Application client ID. Also used to check if it is enabled in the front-end |
| GITLAB_CLIENT_SECRET | -- | Application secret |
| GITLAB_BASE_URL | https://gitlab.com | Base URL of the GitLab instance |
| GITLAB_REQUIRED_GROUPS | -- | Comma-separated list of groups the user has to be a direct member of, e.g. foo,bar |
| GITLAB_NAME | GitLab | Name of the GitLab instance, used for the SSO Login Button |
Facebook (Auth)
You can create your own Facebook OAuth app here.
The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/facebook
| Parameter | Default | Description |
|---|---|---|
| FACEBOOK_CLIENT_ID | -- | Application client ID. Also used to check if it is enabled in the front-end |
| FACEBOOK_CLIENT_SECRET | -- | Application secret |
Azure AD (Auth)
If you are using Azure Active Directory for the authentication you can set the following environment variables.
The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/azure-ad
| Parameter | Default | Description |
|---|---|---|
| AZURE_AD_CLIENT_ID | -- | Application client ID |
| AZURE_AD_CLIENT_SECRET | -- | Application client secret. Can be obtained from Azure Portal. |
| AZURE_AD_TENANT_ID | -- | Azure Tenant ID |
S3 Storage (Media uploads)
Used for uploading images, videos, etc... It can be any S3 compatible object storage service (Minio, Digital Oceans Space, AWS S3...)
| Parameter | Default | Description |
|---|---|---|
| S3_ACCESS_KEY | -- | S3 access key. Also used to check if upload feature is enabled |
| S3_SECRET_KEY | -- | S3 secret key. |
| S3_BUCKET | typebot | Name of the bucket where assets will be uploaded in. |
| S3_PORT | -- | S3 Host port number |
| S3_ENDPOINT | -- | S3 endpoint (i.e. s3.domain.com). |
| S3_SSL | true | Use SSL when establishing the connection. |
| S3_REGION | -- | S3 region. |
Note that for AWS S3, your endpoint is usually: s3.<S3_REGION>.amazonaws.com
Your bucket must have the following policy that tells S3 to allow public read when an object is located under the public folder:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<BUCKET_NAME>/public/*"
}
]
}
You also need to configure CORS so that an object can be uploaded from the browser:
[
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["PUT", "POST"],
"AllowedOrigins": ["*"],
"ExposeHeaders": ["ETag"]
}
]
Giphy (GIF picker)
Used to search for GIF. You can create a Giphy app here
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_GIPHY_API_KEY | -- | Giphy API key |
Others
Show
The official Typebot managed service uses other services such as Stripe for processing payments, Sentry for tracking bugs and Sleekplan for user feedbacks.
The related environment variables are listed here but you are probably not interested in these if you self-host Typebot.
Stripe
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_STRIPE_PUBLIC_KEY | -- | Stripe public key |
| STRIPE_SECRET_KEY | -- | Stripe secret key |
| STRIPE_PRO_PRICE_ID | -- | Pro plan price id |
| STRIPE_STARTER_PRICE_ID | -- | Starter plan price id |
| STRIPE_ADDITIONAL_CHATS_PRICE_ID | -- | Additional chats price id |
| STRIPE_ADDITIONAL_STORAGE_PRICE_ID | -- | Additional storage price id |
| STRIPE_WEBHOOK_SECRET | -- | Stripe Webhook secret |
Sentry
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_SENTRY_DSN | -- | Sentry DSN |
| SENTRY_AUTH_TOKEN | -- | Used to upload sourcemaps on app build |
| SENTRY_PROJECT | -- | Sentry project name |
| SENTRY_ORG | -- | Sentry organization name |
These can also be added to the viewer environment
Vercel (custom domains)
| Parameter | Default | Description |
|---|---|---|
| VERCEL_TOKEN | -- | Vercel API token |
| VERCEL_VIEWER_PROJECT_NAME | -- | The name of the viewer project in Vercel |
| VERCEL_TEAM_ID | -- | Vercel team ID that contains the viewer project |
Sleekplan
| Parameter | Default | Description |
|---|---|---|
| SLEEKPLAN_SSO_KEY | -- | Sleekplan SSO key used to automatically authenticate a user in Sleekplan |
Internal Webhooks
| Parameter | Default | Description |
|---|---|---|
| USER_CREATED_WEBHOOK_URL | -- | Webhook URL called whenever a new user is created (used for importing a new SendGrid contact) |
If you're self-hosting Typebot, sponsoring me is a great way to give back to the community and to contribute to the long-term sustainability of the project.
Thank you for supporting independent creators of Free Open Source Software!