Storefront environment variables
Storefront is multi-tenant — every operator gets their own slug, theme, and Stripe Connect account. Most "ship-from" + "shop name" data lives per-shop in the Storefront DB row, not in env vars. Only platform-wide secrets are env vars here.
Required
| Variable | Type | What it unlocks |
|---|---|---|
DATABASE_URL | Required | Postgres connection string. |
JWT_SECRET | Required | Must match SlabTrack + ToT. Operator handoff fails otherwise. |
SLABTRACK_API_URL | Required | Where to pull card data + push sale events. Production: https://www.slabtrack.io. |
SLABTRACK_TOKEN | Secret | Service token for outbound calls to SlabTrack. |
ECOSYSTEM_WEBHOOK_SECRET | Secret | Validates inbound webhooks from SlabTrack. Same value across all three repos. |
Stripe Connect Required
Storefront uses Stripe Connect Express: every operator onboards their own Stripe account, funds settle directly into their account, and the platform takes an application fee on each transaction.
| Variable | Type | What it unlocks |
|---|---|---|
STRIPE_SECRET_KEY |
Secret | Platform secret key (the one that owns the Connect platform). sk_test_ or sk_live_. |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY |
Public | Browser-side. pk_test_ / pk_live_. |
STRIPE_WEBHOOK_SECRET |
Secret | Validates inbound webhook signatures. Without it, every webhook 401s and Orders never flip from pending → paid. whsec_... |
STRIPE_APP_FEE_BPS |
Optional | Platform application fee in basis points. 300 = 3% (default). Set to 0 for launch promos. |
Each Storefront row has its own stripeAccountId, stripeChargesEnabled,
and stripeDetailsSubmitted fields populated when the operator finishes Express onboarding.
The platform key above is just the meta-account; nothing settles into it.
Shippo Required
| Variable | Type | What it unlocks |
|---|---|---|
SHIPPO_API_TOKEN |
Secret | USPS labels via Shippo. Without it, the "Print Label" button errors. shippo_test_ / shippo_live_. |
Unlike ToT (which has one global ship-from in env vars), Storefront reads each shop's
ship-from from the Storefront DB row: shipFromName,
shipFromStreet1, shipFromStreet2, shipFromCity,
shipFromState, shipFromZip, shipFromCountry,
shipFromEmail, shipFromPhone. Operators set these in
/dashboard/[slug]/settings. No env vars needed.
Public URL
| Variable | Type | What it unlocks |
|---|---|---|
STOREFRONT_PUBLIC_URL |
Public | Operator-side share links ("Your shop is live at..."). Production: https://storefront.slabtrack.io. |
Optional flags
| Variable | Type | What it unlocks |
|---|---|---|
DUAL_LISTING_ENABLED |
Optional | Off by default. When true, listings can be cross-listed to ToT/breaks and the sale-lock system fires bulk-disengage webhooks on sale. |
SHOW_BREAKS_FEED |
Optional | 1 shows the Breaks satellite cards on the storefront's cross-channel strip. Off by default. |
Production checklist
- ✓
DATABASE_URLset - ✓
JWT_SECRETmatches SlabTrack + ToT exactly - ✓
SLABTRACK_API_URL+SLABTRACK_TOKEN+ECOSYSTEM_WEBHOOK_SECRET - ✓ Stripe Connect platform live keys set + webhook endpoint registered +
STRIPE_WEBHOOK_SECRETfrom live endpoint - ✓
SHIPPO_API_TOKENlive - ✓
STOREFRONT_PUBLIC_URL= production domain - ○ Optional:
STRIPE_APP_FEE_BPSif you want a non-default platform fee - ○ Optional:
DUAL_LISTING_ENABLED=trueif you're running cross-channel listings
Every shop owner must complete Stripe Express onboarding via the dashboard:
/dashboard/[slug]/settings → "Connect Stripe" button. Until they do,
their shop's stripeChargesEnabled stays false and the public storefront
shows a "Setup in progress" state instead of the buy buttons.