Environment Variables
Complete reference for all environment variables used by VibePing's dashboard and SDK.
Environment Variables
Every environment variable the VibePing dashboard uses, what it does, and whether you need it.
Required Variables
These must be set for the dashboard to function.
| Variable | Where | Description |
|---|---|---|
NEXT_PUBLIC_SUPABASE_URL | Dashboard | Your Supabase project URL. Starts with https://. Find it under Project Settings → API in your Supabase dashboard. |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Dashboard | The anon public API key from Supabase. Safe to expose to the browser — RLS policies protect your data. |
SUPABASE_SERVICE_ROLE_KEY | Dashboard (server only) | The service role key. Never expose this client-side. Used by API routes to bypass RLS for event ingestion and admin operations. |
Optional Variables
Set these to enable specific features.
| Variable | Where | Default | Description |
|---|---|---|---|
NEXT_PUBLIC_APP_URL | Dashboard | http://localhost:3000 | The full URL where your dashboard is hosted. Used for auth callbacks, CORS headers, and generating links. Set this to your production URL (e.g. https://app.vibeping.dev). |
NEXT_PUBLIC_VIBEPING_API_URL | Dashboard | http://localhost:3000/api | Base URL for API requests from the dashboard frontend. Usually you don't need to change this — the dashboard serves its own API. Only set this if you're running the API separately from the frontend. |
UPTIME_CRON_SECRET | Dashboard (server only) | — | Secret token that authenticates cron requests to /api/uptime/ping. Without this, the uptime endpoint rejects requests. Generate any random string (e.g. openssl rand -hex 32). |
ALERTS_CRON_SECRET | Dashboard (server only) | — | Secret token that authenticates cron requests to /api/alerts/check. Required for error spike email alerts. Generate any random string (e.g. openssl rand -hex 32). |
RESEND_API_KEY | Dashboard (server only) | — | API key from Resend↗ for sending email alerts (error spikes) and waitlist notifications. Free tier allows 100 emails/day. |
DATABASE_URL | Dashboard (server only) | — | Direct PostgreSQL connection string. Only needed if you're running database migrations locally with the Supabase CLI (npx supabase db push). Not used at runtime. |
SDK Configuration
The SDK itself doesn't use environment variables. It's configured through HTML attributes or JavaScript:
Script Tag
<script
src="https://cdn.jsdelivr.net/npm/@vibeping/sdk@latest/dist/vibeping.umd.js"
data-id="vp_your_api_key"
data-api-url="https://app.vibeping.dev"
></script>| Attribute | Required | Default | Description |
|---|---|---|---|
data-id | Yes | — | Your project API key. Starts with vp_. |
data-api-url | No | https://app.vibeping.dev | Where events are sent. |
npm Package
import { init } from '@vibeping/sdk';
init({
id: 'vp_your_api_key',
});| Option | Required | Default | Description |
|---|---|---|---|
id | Yes | — | Your project API key. |
Setting Up for Vercel
Add these environment variables in the Vercel dashboard under Project Settings → Environment Variables:
NEXT_PUBLIC_SUPABASE_URL— your Supabase URLNEXT_PUBLIC_SUPABASE_ANON_KEY— the anon keySUPABASE_SERVICE_ROLE_KEY— the service role key (mark as Secret)NEXT_PUBLIC_APP_URL— your production URL (e.g.https://app.vibeping.dev)UPTIME_CRON_SECRET— a random secret for cron authentication
The Vercel cron job at /api/uptime/ping runs every 5 minutes and requires UPTIME_CRON_SECRET to be set.
Security Notes
NEXT_PUBLIC_prefix means the variable is exposed to the browser. Only Supabase URL and anon key should have this prefix.SUPABASE_SERVICE_ROLE_KEYbypasses Row Level Security. Never put it in client-side code or expose it inNEXT_PUBLIC_variables.UPTIME_CRON_SECRETprevents unauthorized users from triggering uptime checks. Always set this in production.- Store secrets in your hosting provider's environment variables, never in code or
.envfiles committed to git.