If you’re self-hosting Typebot, sponsoring
me is a great way to give back to
the community and to contribute to the long-term sustainability of the
project. It also comes with some perks like priority support and private
workshops. ❤️
General
| Parameter | Default | Description |
|---|---|---|
| DATABASE_URL * | The database URL | |
| ENCRYPTION_SECRET * | A 256-bit key used to encrypt sensitive data. It is strongly recommended to generate a new one. The secret should be the same between builder and viewer. | |
| NEXTAUTH_URL * | The builder base URL. Should be the publicly accessible URL (i.e. https://typebot.domain.com) | |
| NEXT_PUBLIC_VIEWER_URL * | The viewer base URL. Should be the publicly accessible URL (i.e. https://bot.domain.com) | |
| ADMIN_EMAIL | The email that will get an UNLIMITED plan on user creation. The associated user will be able to bypass database rules. You can provide multiple emails separated by a comma without spaces. | |
| DEFAULT_WORKSPACE_PLAN | FREE | Default workspace plan on user creation or when a user creates a new workspace. Possible values are FREE, STARTER, PRO, LIFETIME, UNLIMITED. The default plan for admin user is UNLIMITED |
| DISABLE_SIGNUP | false | Disable new user sign ups. Invited users are still able to sign up. |
| NEXT_PUBLIC_ONBOARDING_TYPEBOT_ID | Typebot ID used for the onboarding. Onboarding page is skipped if not provided. | |
| DEBUG | false | If enabled, the server will print valuable logs to debug config issues. |
| NEXT_PUBLIC_BOT_FILE_UPLOAD_MAX_SIZE | Limits the size of each file that can be uploaded in the bots (i.e. Set 10 to limit the file upload to 10MB) | |
| CHAT_API_TIMEOUT | The chat API execution timeout (in ms). It limits the chat API exection time. Useful to avoid getting stuck into an unwanted infinite loop. Note that it does not apply to known long-running blocks like OpenAI or else. |
Email (Auth, notifications)
Used for sending email notifications and authentication| Parameter | Default | Description |
|---|---|---|
| SMTP_USERNAME | SMTP username | |
| SMTP_PASSWORD | SMTP password | |
| SMTP_HOST | SMTP host. (i.e. smtp.host.com) | |
| SMTP_PORT | 25 | SMTP port |
| NEXT_PUBLIC_SMTP_FROM | From name and email (i.e. 'Typebot Notifications' <[email protected]>) | |
| SMTP_SECURE | false | If true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false |
| SMTP_IGNORE_TLS | undefined | If true and SMTP_SECURE is false then TLS is not used while connecting to server even if server supports STARTTLS extension. |
| SMTP_AUTH_DISABLED | false | To disable the authentication by email but still use the provided config for notifications |
Google Auth
Requirements
Requirements
- Head over the Credentials tab: https://console.developers.google.com/apis/credentials
-
Create a OAuth client ID. This will be your
GOOGLE_AUTH_CLIENT_IDandGOOGLE_AUTH_CLIENT_SECRETMake sure to set the following scopes:userinfo.emailThe “Authorized redirect URIs” used when creating the credentials must include your full domain and end in the callback path:- For production:
- https://<YOUR_DOMAIN>/api/auth/callback/google
- For development:
- For production:
| Parameter | Default | Description |
|---|---|---|
| GOOGLE_AUTH_CLIENT_ID | The Client ID from the Google API Console | |
| GOOGLE_AUTH_CLIENT_SECRET | The Client secret from the Google API Console |
Google Sheets
Requirements
Requirements
- Enable the following APIs in the Google Cloud Console: Google Sheets API, Google Picker API
- Head over the Credentials tab: https://console.developers.google.com/apis/credentials
-
Create an API key. This will be your
NEXT_PUBLIC_GOOGLE_SHEETS_API_KEY -
Create a OAuth client ID. This will be your
GOOGLE_SHEETS_CLIENT_IDandGOOGLE_SHEETS_CLIENT_SECRETMake sure to set the following scopes located in your OAuth Consent Screen:spreadsheets,drive.filehttps://developers.google.com/identity/protocols/oauth2/scopes The “Authorized redirect URIs” used when creating the credentials must include your full domain and end in the callback path:- For production:
- https://<YOUR_DOMAIN>/api/credentials/google-sheets/callback
- For development:
- For production:
- To avoid having to always reconnect a Google Sheets credentials every 7 days, you need to promote your OAuth client to production (https://developers.google.com/nest/device-access/reference/errors/authorization#refresh_token_keeps_expiring)
| Parameter | Default | Description |
|---|---|---|
| GOOGLE_SHEETS_CLIENT_ID | The Client ID from the Google API Console | |
| GOOGLE_SHEETS_CLIENT_SECRET | The Client secret from the Google API Console | |
| NEXT_PUBLIC_GOOGLE_SHEETS_API_KEY | The API Key from the Google API Console |
Gmail
Requirements
Requirements
- Enable the following APIs in the Google Cloud Console: Google Sheets API, Google Picker API
- Head over the Credentials tab: https://console.developers.google.com/apis/credentials
-
Create a OAuth client ID. This will be your
GMAIL_CLIENT_IDandGMAIL_CLIENT_SECRETMake sure to set the following scopes located in your OAuth Consent Screen:gmail.send,gmail.labels,userinfo.profile,userinfo.emailhttps://developers.google.com/identity/protocols/oauth2/scopes The “Authorized redirect URIs” used when creating the credentials must include your full domain and end in the callback path:- For production:
- https://<YOUR_DOMAIN>/oauth/redirect
- For development:
- For production:
- To avoid having to always reconnect credentials every 7 days, you need to promote your OAuth client to production (https://developers.google.com/nest/device-access/reference/errors/authorization#refresh_token_keeps_expiring)
| Parameter | Default | Description |
|---|---|---|
| GMAIL_CLIENT_ID | The Client ID from the Google API Console | |
| GMAIL_CLIENT_SECRET | The Client secret from the Google API Console |
Google Fonts
Used authentication in the builder and for the Google Sheets integration step.Requirements
Requirements
- Enable the following API in the Google Cloud Console: Web Fonts Developer API
- Head over the Credentials tab: https://console.developers.google.com/apis/credentials
-
Create an API key with access to the Web Fonts Developer API. This will be your
NEXT_PUBLIC_GOOGLE_FONTS_API_KEY
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_GOOGLE_FONTS_API_KEY | The API Key from the Google API Console |
GitHub (Auth)
Used for authenticating with GitHub. By default, it uses the credentials of a Typebot-dev app. You can create your own GitHub OAuth app here. The Authorization callback URL should be$NEXTAUTH_URL/api/auth/callback/github
| Parameter | Default | Description |
|---|---|---|
| GITHUB_CLIENT_ID | Application client ID. Also used to check if it is enabled in the front-end | |
| GITHUB_CLIENT_SECRET | Application secret |
GitLab (Auth)
Used for authenticating with GitLab. Follow the official GitLab guide for creating OAuth2 applications here. The Authorization callback URL should be$NEXTAUTH_URL/api/auth/callback/gitlab
| Parameter | Default | Description |
|---|---|---|
| GITLAB_CLIENT_ID | Application client ID. Also used to check if it is enabled in the front-end | |
| GITLAB_CLIENT_SECRET | Application secret | |
| GITLAB_BASE_URL | https://gitlab.com | Base URL of the GitLab instance |
| GITLAB_REQUIRED_GROUPS | Comma-separated list of groups the user has to be a direct member of, e.g. foo,bar | |
| GITLAB_NAME | GitLab | Name of the GitLab instance, used for the SSO Login Button |
Facebook (Auth)
You can create your own Facebook OAuth app here. The Authorization callback URL should be$NEXTAUTH_URL/api/auth/callback/facebook
| Parameter | Default | Description |
|---|---|---|
| FACEBOOK_CLIENT_ID | Application client ID. Also used to check if it is enabled in the front-end | |
| FACEBOOK_CLIENT_SECRET | Application secret |
Azure AD (Auth)
If you are using Azure Active Directory for the authentication you can set the following environment variables. The Authorization callback URL should be$NEXTAUTH_URL/api/auth/callback/azure-ad
| Parameter | Default | Description |
|---|---|---|
| AZURE_AD_CLIENT_ID | Application client ID | |
| AZURE_AD_CLIENT_SECRET | Application client secret. Can be obtained from Azure Portal. | |
| AZURE_AD_TENANT_ID | Azure Tenant ID |
Keycloak (Auth)
Used for authenticating with Keycloak. Follow the official Keycloak guide for creating OAuth2 applications here.| Parameter | Default | Description |
|---|---|---|
| KEYCLOAK_CLIENT_ID | Application client ID. | |
| KEYCLOAK_CLIENT_SECRET | Application secret | |
| KEYCLOAK_REALM | Your Keycloak Realm | |
| KEYCLOAK_BASE_URL | Base URL of the Keycloak instance |
Custom OAuth Provider (Auth)
Your provider needs to support the OpenID Connect standards.| Parameter | Default | Description |
|---|---|---|
| CUSTOM_OAUTH_CLIENT_ID * | OAuth client ID. | |
| CUSTOM_OAUTH_CLIENT_SECRET * | OAuth client secret. | |
| CUSTOM_OAUTH_ISSUER * | OAuth issuer URL (i.e. https://auth.domain.com/openid) | |
| CUSTOM_OAUTH_NAME | Custom OAuth | Provider name. Will be displayed in the sign in form. |
| CUSTOM_OAUTH_WELL_KNOWN_URL | CUSTOM_OAUTH_ISSUER/.well-known/openid-configuration | Provider .well-known URL |
| CUSTOM_OAUTH_USER_ID_PATH | id | Used to map the id from the user info object |
| CUSTOM_OAUTH_USER_NAME_PATH | name | Used to map the name from the user info object |
| CUSTOM_OAUTH_USER_EMAIL_PATH | Used to map the email from the user info object | |
| CUSTOM_OAUTH_USER_IMAGE_PATH | image | Used to map the image from the user info object |
| CUSTOM_OAUTH_SCOPE | openid profile email | OAuth scope |
*_PATH parameters, you can use dot notation to access nested properties (i.e. account.name).
The Authorization callback URL should be: $NEXTAUTH_URL/api/auth/callback/custom-oauth
S3 Storage (Media uploads)
Used for uploading images, videos, etc… It can be any S3 compatible object storage service (Minio, Digital Oceans Space, AWS S3…)| Parameter | Default | Description |
|---|---|---|
| S3_ACCESS_KEY | S3 access key. Also used to check if upload feature is enabled | |
| S3_SECRET_KEY | S3 secret key. | |
| S3_BUCKET | typebot | Name of the bucket where assets will be uploaded in. |
| S3_PORT | S3 Host port number | |
| S3_ENDPOINT | S3 endpoint (i.e. s3.domain.com). | |
| S3_SSL | true | Use SSL when establishing the connection. |
| S3_REGION | S3 region. | |
| S3_PUBLIC_CUSTOM_DOMAIN | If the final URL that is used to read public files is different from S3_ENDPOINT |
s3.<S3_REGION>.amazonaws.com
In order to function properly, your S3 bucket must be configured. Make sure to read through the S3 configuration doc.
Giphy (GIF picker)
Used to search for GIF. You can create a Giphy app here| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_GIPHY_API_KEY | Giphy API key |
Unsplash (image picker)
Used to search for images. You can create an Unsplash app here| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_UNSPLASH_APP_NAME | Unsplash App name | |
| NEXT_PUBLIC_UNSPLASH_ACCESS_KEY | Unsplash API key |
Pexels (video picker)
Used to search for videos. You can create a Pexels app here| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_PEXELS_API_KEY | Pexels API key |
Tolgee (i18n contribution dev tool)
If you’d like to join contribute to Typebot’s translation join the Discord
server and ask for an access to Tolgee in the
#contributors
channel.
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_TOLGEE_API_KEY | Your Tolgee API key | |
| NEXT_PUBLIC_TOLGEE_API_URL | https://tolgee.server.baptistearno.com | The Tolgee API base URL |
WhatsApp (Preview)
In order to be able to test your bot on WhatsApp from the Preview drawer, you need to set up a WhatsApp business app.Requirements
Requirements
1. Create a WhatsApp Meta app
2. Get the System User token
- Go to your System users page and create a new system user that has access to the related.
- Token expiration:
Never - Available Permissions:
whatsapp_business_messaging,whatsapp_business_management
- The generated token will be used as
META_SYSTEM_USER_TOKENin your viewer configuration. - Click on
Add assets. UnderApps, look for your app, select it and checkManage app
3. Get the phone number ID
-
Go to your WhatsApp Dev Console
-
Add your phone number by clicking on the
Add phone numberbutton. -
Select the newly created phone number in the
Fromdropdown list and you will see right below the associatedPhone number IDThis will be used asWHATSAPP_PREVIEW_FROM_PHONE_NUMBER_IDin your viewer configuration.
4. Set up the webhook
- Head over to
Quickstart > Configuration. Edit the webhook URL to$NEXTAUTH_URL/api/v1/whatsapp/preview/webhook. Set the Verify token to$ENCRYPTION_SECRETand click onVerify and save. - Add the
messageswebhook field.
5. Set up the message template
- Head over to
Messaging > Message Templatesand click onCreate Template - Select the
Utilitycategory - Give it a name that corresponds to your
WHATSAPP_PREVIEW_TEMPLATE_NAMEconfiguration. - Select the language that corresponds to your
WHATSAPP_PREVIEW_TEMPLATE_LANGconfiguration. - You can format it as you’d like. The user will just have to send a message to start the preview.
| Parameter | Default | Description |
|---|---|---|
| META_SYSTEM_USER_TOKEN | The system user token used to send WhatsApp messages | |
| WHATSAPP_PREVIEW_FROM_PHONE_NUMBER_ID | The phone number ID from which the message will be sent | |
| WHATSAPP_PREVIEW_TEMPLATE_NAME | The preview start template message name | |
| WHATSAPP_PREVIEW_TEMPLATE_LANG | en_US | The preview start template message name |
| WHATSAPP_CLOUD_API_URL | https://graph.facebook.com | The WhatsApp Cloud API base URL |
| WHATSAPP_INTERACTIVE_GROUP_SIZE | 3 | The array size of items to send to API on choice input. You can’t choose a number higher than 3 if you are using the official cloud API URL. |
Redis
In Typebot, Redis is optional and is used to:- Rate limit the sign in requests based on user IP
- Enable multiple media upload on WhatsApp
| Parameter | Default | Description |
|---|---|---|
| REDIS_URL | The database URL. i.e. redis://<username>:<password>@<host>:<port> |
PartyKit
PartyKit is optional and is used to make the webhook block work. The PartyKit configuration is located inpackages/partykit folder. You can deploy the server into production using bun deploy. You can find more information about PartyKit deployment in their official documentation.
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_PARTYKIT_HOST | PartyKit host. i.e. partykit.typebot.io |
Others
The related environment variables are listed here but you are probably not interested in these if you self-host Typebot.Vercel (custom domains)
Vercel (custom domains)
| Parameter | Default | Description |
|---|---|---|
| VERCEL_TOKEN | Vercel API token | |
| NEXT_PUBLIC_VERCEL_VIEWER_PROJECT_NAME | The name of the viewer project in Vercel | |
| VERCEL_TEAM_ID | Vercel team ID that contains the viewer project |
Telemetry
Telemetry
| Parameter | Default | Description |
|---|---|---|
| MESSAGE_WEBHOOK_URL | Webhook URL called to receive important system messages | |
| USER_CREATED_WEBHOOK_URL | Webhook URL called whenever a new user is created |
PostHog
PostHog
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_POSTHOG_KEY | PostHog API Key | |
| POSTHOG_API_HOST | https://eu.posthog.com | PostHog API Host |
| POSTHOG_PERSONAL_API_KEY | PostHog personal API Key | |
| POSTHOG_PROJECT_ID | PostHog project ID |
System labels
System labels
| Parameter | Default | Description |
|---|---|---|
| NEXT_PUBLIC_VIEWER_404_TITLE | 404 | |
| NEXT_PUBLIC_VIEWER_404_SUBTITLE | The bot you’re looking for doesn’t exist |