Skip to content
GitHub

Environment variables

Environment variables are key value pairs that are used to configure how your Rafiki instance will run within your infrastructure and integrate with your systems.

Each environment variable name is uppercase, followed by an equal sign and the value of the variable.

Environment variable example

WEBHOOKS_URL=http://my-business/webhooks

The environment variable in the example above specifies the HTTP endpoint at which you want your Rafiki instance to send you notifications of webhook events.

To run Rafiki you must set the environment variables for the backend, auth and frontend services where listed as required below.

Backend

VariableHelm Value NameDefaultDescription
ADMIN_PORTbackend.port.admin3001Admin API GraphQL Server port
AUTH_SERVER_GRANT_URLundefinedendpoint on the Open Payments Auth Server to request a grant
AUTH_SERVER_INTROSPECTION_URLundefinedendpoint on the Open Payments Auth Server to introspect an access token
AUTO_PEERING_SERVER_PORT3005If auto-peering is enabled, its server will use this port
CONNECTOR_PORTbackend.port.connector3002port of the ILP connector for for sending packets over ILP over HTTP
DATABASE_URLbackend.postgresql.host, backend.postgresql.port, backend.postgresql.username, backend.postgresql.database, backend.postgresql.passwordpostgresql://postgres:password@localhost:5432/developmentPostgres database URL of database storing the resource data; For Helm, these components are provided individually.
ENABLE_AUTO_PEERINGfalseFlag to enable auto peering. View documentation.
ENABLE_SPSP_PAYMENT_POINTERStrueenables SPSP route
EXCHANGE_RATES_LIFETIMEbackend.lifetime.exchangeRate15_000time in milliseconds the exchange rates provided by the ASE via the EXCHANGE_RATES_URL are valid for
EXCHANGE_RATES_URLbackend.serviceUrls.EXCHANGE_RATES_URLundefinedendpoint on the Account Servicing Entity to request exchange rates
GRAPHQL_IDEMPOTENCY_KEY_TTL_MSbackend.idempotencyTTL86400000TTL in milliseconds for idempotencyKey on GraphQL mutations (Admin API). Default: 24hrs
GRAPHQL_IDEMPOTENCY_KEY_LOCK_MS2000TTL in milliseconds for idempotencyKey concurrency lock on GraphQL mutations (Admin API)
ILP_ADDRESSbackend.ilp.addressundefinedILP address of this Rafiki instance
ILP_CONNECTOR_URLundefinedThe ILP connector address where ILP packets are received. Communicated during auto-peering
INCOMING_PAYMENT_EXPIRY_MAX_MS2592000000Maximum milliseconds into the future incoming payments expiry can be set to on creation. Default: 30 days
INCOMING_PAYMENT_WORKERSbackend.workers.incomingPayment1number of workers processing incoming payment requests
INCOMING_PAYMENT_WORKER_IDLEbackend.workerIdle200time in milliseconds that INCOMING_PAYMENT_WORKERS will wait until they check an empty incoming payment request queue again
INSTANCE_NAMEundefinedthis Rafiki instance’s name used to communicate for auto-peering
KEY_IDbackend.key.idundefinedthis Rafiki instance’s client key id
LOG_LEVELbackend.logLevelinfoPino Log Level
NODE_ENVbackend.nodeEnvdevelopmentnode environment, development, test, or production
OPEN_PAYMENTS_PORTbackend.port.openPayments3003port of the Open Payments resource server port
OPEN_PAYMENTS_URLbackend.serviceUrls.OPEN_PAYMENTS_URLundefinedpublic endpoint of this Open Payments Resource Server
OUTGOING_PAYMENT_WORKERSbackend.workers.outgoingPayment4number of workers processing outgoing payment requests
OUTGOING_PAYMENT_WORKER_IDLEbackend.workerIdle200time in milliseconds that OUTGOING_PAYMENT_WORKERS will wait until they check an empty outgoing payment request queue again
PRIVATE_KEY_FILEbackend.key.fileundefinedthe path to this Rafiki instance’s client private key
QUOTE_LIFESPANbackend.lifetime.quote5 * 60_000time in milliseconds an Open Payments quote is valid for
REDIS_TLS_CA_FILE_PATHbackend.redis.tlsCaFile''Redis TLS config
REDIS_TLS_CERT_FILE_PATHbackend.redis.tlsCertFile''Redis TLS config
REDIS_TLS_KEY_FILE_PATHbackend.redis.tlsKeyFile''Redis TLS config
REDIS_URLbackend.redis.host, backend.redis.portredis://127.0.0.1:6379Redis URL of database handling ILP packet data URL; For Helm, these components are provided individually.
SIGNATURE_SECRETbackend.quoteSignatureSecretundefinedsecret to generate request header signatures for webhook event requests
SIGNATURE_VERSION1version number to generate request header signatures for webhook event requests
SLIPPAGEbackend.ilp.slippage0.01accepted ILP rate fluctuation, default 1%
STREAM_SECRETbackend.ilp.streamSecretundefinedseed secret to generate shared STREAM secrets
TIGERBEETLE_CLUSTER_ID0Tigerbeetle cluster ID picked by the system that starts the TigerBeetle cluster to create a Tigerbeetle client
TIGERBEETLE_REPLICA_ADDRESSES3004Tigerbeetle replica addresses for all replicas in the cluster, which are comma separated IP addresses/ports, to create a Tigerbeetle client
TRUST_PROXYfalseflag to use X-Forwarded-Proto header to determine if connections is secure
USE_TIGERBEETLEtrueflag - use TigerBeetle or Postgres for accounting
WALLET_ADDRESS_DEACTIVATION_PAYMENT_GRACE_PERIOD_MS86400000time in milliseconds into the future to set expiration of open incoming payments when deactivating wallet address. Default: 1 days
WALLET_ADDRESS_LOOKUP_TIMEOUT_MS1500time in milliseconds the ASE has to create a missing wallet address until timeout
WALLET_ADDRESS_POLLING_FREQUENCY_MS100frequency of polling while waiting for ASE to create a missing wallet address
WALLET_ADDRESS_URLbackend.serviceUrls.WALLET_ADDRESS_URLhttp://127.0.0.1:3001/.well-known/paythis Rafiki instance’s internal wallet address
WALLET_ADDRESS_WORKERSbackend.workers.walletAddress1number of workers processing wallet address requests
WALLET_ADDRESS_WORKER_IDLEbackend.workerIdle200time in milliseconds that WALLET_ADDRESS_WORKERS will wait until they check an empty wallet address request queue again
WEBHOOK_MAX_RETRYbackend.webhookMaxRetry10maximum number of times Rafiki backend retries sending a certain webhook event to the configured WEBHOOK_URL
WEBHOOK_TIMEOUTbackend.lifetime.webhook2000milliseconds
WEBHOOK_URLbackend.serviceUrls.WEBHOOK_URLundefinedendpoint on the Account Servicing Entity that consumes webhook events
WEBHOOK_WORKERSbackend.workers.webhook1number of workers processing webhook events
WEBHOOK_WORKER_IDLEbackend.workerIdle200time in milliseconds that WEBHOOK_WORKERS will wait until they check an empty webhook event queue again
WITHDRAWAL_THROTTLE_DELAYbackend.withdrawalThrottleDelayundefineddelay in liquidity withdrawal processing
ENABLE_MANUAL_MIGRATIONSbackend.enableManualMigrationsfalseWhen set to true, user needs to run database manually with command npm run knex -- migrate:latest --env production

Auth

VariableHelm Value NameDefaultDescription
ACCESS_TOKEN_DELETION_DAYSauth.accessToken.deletionDays30days until expired or revoked access tokens are deleted
ACCESS_TOKEN_EXPIRY_SECONDSauth.accessToken.expirySeconds10 * 60expiry time in seconds for access tokens (default: 10 minutes)
ADMIN_PORTauth.port.admin3003Admin API GraphQL Server port
AUTH_DATABASE_URLauth.postgresql.host, auth.postgresql.port, auth.postgresql.username, auth.postgresql.database, auth.postgresql.passwordpostgresql://postgres:password@localhost:5432/auth_developmentPostgres database URL of database storing the grant data; For Helm, these components are provided individually.
AUTH_PORTauth.port.auth3006port of this Open Payments Auth Server
AUTH_SERVER_URLPublic endpoint for this Rafiki instance’s public Open Payment routes.
COOKIE_KEYauth.cookieKeykoa KeyGrip key that is used to sign cookies for an interaction session
DATABASE_CLEANUP_WORKERSauth.workers.cleanup1number of workers processing expired or revoked access tokens
IDENTITY_SERVER_URLauth.identityServer.domainendpoint of the identity server controlled by the Account Servicing Entity
IDENTITY_SERVER_SECRETauth.identityServer.secretAPI key to fetch the identity server endpoint
INCOMING_PAYMENT_INTERACTIONauth.interaction.incomingPaymentfalseflag - incoming payments grant requests are interactive or not
INTERACTION_EXPIRY_SECONDSauth.interactionExpirySeconds600time in seconds for which a user can interact with a grant request
INTERACTION_PORTauth.port.interaction3009Port number for the interaction APIs
INTROSPECTION_PORTauth.port.introspection3007port of this Open Payments Auth - Token Introspection Server
LIST_ALL_ACCESS_INTERACTIONtrueSpecify whether grant requests including a list-all action should require interaction. In these requests, the client asks to list resources that they themselves did not create.
LOG_LEVELauth.logLevelinfoPino Log Level
NODE_ENVauth.nodeEnvdevelopmentnode environment, development, test, or production
QUOTE_INTERACTIONauth.interaction.quotefalseflag - quote grants are interactive or not
REDIS_TLS_CA_FILE_PATHauth.redis.tlsCaFile''Redis TLS config
REDIS_TLS_CERT_FILE_PATHauth.redis.tlsCertFile''Redis TLS config
REDIS_TLS_KEY_FILE_PATHauth.redis.tlsKeyFile''Redis TLS config
REDIS_URLauth.redis.host, auth.redis.portredis://127.0.0.1:6379The connection URL for Redis. For Helm, these components are provided individually.
TRUST_PROXYfalseflag to use X-Forwarded-Proto header to determine if connections is secure
WAIT_SECONDSauth.grant.waitSeconds5wait time included in grant request response (grant.continue)
ENABLE_MANUAL_MIGRATIONSauth.enableManualMigrationsfalseWhen set to true, user needs to run database manually with command npm run knex -- migrate:latest --env production

Frontend

VariableHelm Value NameDefaultDescription
GRAPHQL_URLfrontend.serviceUrls.GRAPHQL_URLhttp://localhost:3001/graphqlURL for the GraphQL Admin API
OPEN_PAYMENTS_URLfrontend.serviceUrls.OPEN_PAYMENTS_URLhttp://localhost:3003/Open Payments API Endpoint
PORTfrontend.port3005Port from which to host the Remix app
ENABLE_INSECURE_MESSAGE_COOKIEundefinedValues of true, t, 1 will not use a secure message cookie which is required for flash messages to work over http. When not set, the secure flag is set according to NODE_ENV.