Database
Environment Variables
Every secret the app reads. Required ones break the build; optional ones gracefully disable a feature.
Required
| Variable | Used by | Notes |
|---|---|---|
| NEXT_PUBLIC_SUPABASE_URL | Browser + server | Project URL. |
| NEXT_PUBLIC_SUPABASE_ANON_KEY | Browser + server | Public — safe to ship to client. |
| SUPABASE_SERVICE_ROLE_KEY | Server-only | Bypasses RLS. NEVER expose to the browser. Used in admin routes and the invite flow. |
Google stack
| Variable | Used by |
|---|---|
| GOOGLE_CLIENT_ID | OAuth flow (/api/auth/google) |
| GOOGLE_CLIENT_SECRET | OAuth flow |
| GOOGLE_REDIRECT_URI | Must match the URI registered in Google Cloud Console (e.g. http://localhost:3000/api/auth/google/callback) |
| GOOGLE_API_KEY | PageSpeed Insights, Places API (GBP reviews) |
| GOOGLE_ADS_DEVELOPER_TOKEN | Google Ads route |
| GOOGLE_ADS_LOGIN_CUSTOMER_ID | Google Ads — sets login-customer-id header (our MCC ID) |
GoHighLevel
| Variable | Used by |
|---|---|
| GHL_API_KEY | Agency API key. Reads every sub-account. |
| GHL_AGENCY_ID | Optional — used for agency-level GHL endpoints. |
Meta
| Variable | Used by |
|---|---|
| META_APP_ID | Meta OAuth flow |
| META_APP_SECRET | Meta OAuth + token exchange |
n8n / external
| Variable | Used by |
|---|---|
| N8N_WEBHOOK_SECRET | Bearer auth on POST /api/metrics/external |
Optional
| Variable | Effect when missing |
|---|---|
| OPENAI_API_KEY | AI Insights panel features stay disabled. Reserved for future agent integration. |
| SLACK_WEBHOOK_URL | Submit Request notifications stop posting to Slack. |
Service role key handling
SUPABASE_SERVICE_ROLE_KEY bypasses RLS entirely. It must:- Never be prefixed with
NEXT_PUBLIC_. - Never appear in a
'use client'file. - Never be logged to console in production.
- Be rotated immediately if leaked.
How env vars are loaded
Next.js loads .env.local for development, .env.production.local for production builds, then falls back to .env. We do not check any of these into git. .env.example is the only env file in the repo — keep it up to date when you add a new variable.