Cookest
Backend APIs

Environment Variables

All configuration variables for the Cookest Food API and App API

Environment Variables

Copy .env.example to .env and fill in the required values.

cp .env.example .env

Food API

VariableDefaultDescription
FOOD_DATABASE_URLDATABASE_URL fallbackPostgreSQL connection string for the Food API
FOOD_HOST0.0.0.0Bind address
FOOD_PORT8081HTTP port
FOOD_CORS_ORIGIN*Allowed CORS origin

App API

VariableDefaultDescription
APP_DATABASE_URLDATABASE_URL fallbackPostgreSQL connection string for the App API
JWT_SECRETrequiredJWT signing key — minimum 32 characters
HOST127.0.0.1Bind address
PORT8080HTTP port
CORS_ORIGINhttp://localhost:3000Allowed CORS origin
JWT_ACCESS_EXPIRY_SECONDS900Access token TTL (15 minutes)
JWT_REFRESH_EXPIRY_SECONDS604800Refresh token TTL (7 days)
OLLAMA_URLhttp://localhost:11434Ollama API base URL
OLLAMA_MODELllama3.1:8bPrimary Ollama model for chat and recipe generation
PDF_UPLOAD_DIR./cookest_pdfsWritable directory for uploaded PDFs
STRIPE_WEBHOOK_SECREToptionalStripe webhook signing secret (whsec_...)
FOOD_API_URLhttp://localhost:8081Food API base URL
FOOD_API_KEYoptionalAPI key used for Food API write requests
IMAGE_GEN_URLrequired for image genURL of the Python image-gen microservice
IMAGE_GEN_TOKENoptionalBearer token for image-gen service (added server-side)
RESEND_API_KEYoptionalResend email API key
RESEND_FROM_EMAILnoreply@m.cookest.appFrom address for outbound email

Security notes

Never commit your .env file. The .gitignore already excludes it. In production, inject secrets via environment variables or a secrets manager — never via a committed file.

  • FOOD_DATABASE_URL and APP_DATABASE_URL can both fall back to DATABASE_URL for local monolith-style runs
  • JWT_SECRET must be at least 32 characters of random data (openssl rand -hex 32)
  • STRIPE_WEBHOOK_SECRET starts with whsec_ — obtain from the Stripe dashboard
  • Use dedicated database users for the Food API and App API in production

Getting Started

Running the Cookest Food API and App API locally

Authentication

App API JWT-based auth flow — login, refresh, and protected endpoints

On this page

Environment VariablesFood APIApp APISecurity notes