Env Vars · ThisOrThat
ThisOrThat environment variables
ToT is the buyer-facing marketplace where Flip and Pull plays happen. Every var listed here
is referenced at runtime — missing ones either crash loud (e.g. ship-from address) or silently
degrade (e.g. provably-fair anchoring falls back to local hashing without Solana).
Database + Auth
| Variable | Type | What it unlocks |
|---|
DATABASE_URL | Required | Postgres connection string (separate from SlabTrack's DB). |
JWT_SECRET | Required | Must match SlabTrack. Without this match, the SSO handoff from SlabTrack → ToT silently fails. |
NEXTAUTH_SECRET | Optional | Legacy NextAuth secret — still referenced in some helpers. Set to same value as JWT_SECRET if you don't have a separate one. |
Stripe Required
ToT uses direct charges on the platform account (not Connect). All buyer payments
flow into your single Stripe account; payouts handled by Stripe's normal payout schedule.
| Variable | Type | What it unlocks |
|---|
STRIPE_SECRET_KEY | Secret | Server-side API calls. Use sk_test_ in dev, sk_live_ in prod. |
STRIPE_PUBLISHABLE_KEY | Public | Client-side Stripe.js init. pk_test_ / pk_live_. |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY | Public | Same value, exposed to the browser via Next's NEXT_PUBLIC_ prefix. |
STRIPE_WEBHOOK_SECRET | Secret | Validates inbound webhook signatures at /api/stripe/webhook. Without it, every webhook 401s and Pull/Flip plays never settle. whsec_... |
⚠ Webhook secret rotates per environment
Stripe issues a different whsec_ for each webhook endpoint you create.
Test mode endpoint = test secret. Live mode endpoint = live secret. When you
flip from test to live, you must also update STRIPE_WEBHOOK_SECRET on Railway.
Shippo Required
| Variable | Type | What it unlocks |
|---|
SHIPPO_API_TOKEN |
Secret |
USPS label printing via Shippo. shippo_test_ in dev, shippo_live_ in prod. |
SHIPPO_API_KEY |
Legacy |
Old name — code falls back to this if SHIPPO_API_TOKEN isn't set. Use SHIPPO_API_TOKEN for new deploys. |
Ship-from address All required
ToT uses a single ship-from address (one operator running the marketplace).
These are read fresh per label-purchase request — change them in Railway and
the next label uses the new address (no restart needed).
| Variable | Example | What it unlocks |
|---|
SHIP_FROM_NAME | Your Shop LLC | "From" name on the USPS label. |
SHIP_FROM_STREET | 1301 Justin Rd Ste 201 | Street + suite. Single line. |
SHIP_FROM_CITY | Lewisville | City. |
SHIP_FROM_STATE | TX | 2-letter state code. |
SHIP_FROM_ZIP | 75077 | 5-digit ZIP. |
SHIP_FROM_PHONE | 4691234567 | 10-digit phone, no formatting. USPS requires this. |
ADMIN_EMAIL | ops@yourdomain.com | Email on the from-address. Defaults to support@slabtrack.io if unset. |
⚠ Missing any of these = labels fail
The shipping endpoint throws "Ship-from address not configured" with the list of missing
vars. Previously it would silently ship from a blank address with the name "ThisOrThat" —
that's been fixed, but the lesson stands: set all six (plus ADMIN_EMAIL) before going live.
Public URL
| Variable | Type | What it unlocks |
|---|
NEXT_PUBLIC_BASE_URL |
Public |
Used in cross-origin links (refund email URLs, share links). Production: https://thisorthat.slabtrack.io. |
SlabTrack ecosystem
| Variable | Type | What it unlocks |
|---|
SLABTRACK_API_URL |
Required |
Where ToT pulls comp data + identity. Production: https://www.slabtrack.io. |
SLABTRACK_TOKEN |
Secret |
Service token for outbound API calls back to SlabTrack (sale events, comp lookups). |
ECOSYSTEM_WEBHOOK_SECRET |
Secret |
Validates inbound webhooks from SlabTrack. Must match SlabTrack's value. |
Solana (provably-fair anchoring)
Every Pull / Flip outcome's seed gets anchored on Solana before the winner is computed.
Buyers can verify the result independently. Optional but strongly recommended for trust.
| Variable | Type | What it unlocks |
|---|
SOLANA_RPC_URL |
Optional |
Solana RPC endpoint. Devnet: https://api.devnet.solana.com, Mainnet: https://api.mainnet-beta.solana.com. |
SOLANA_PRIVATE_KEY |
Secret |
Base58 keypair for the anchor wallet. Needs SOL on the matching network to pay anchoring fees (~$0.0001 per play on mainnet). |
Optional
| Variable | Type | What it unlocks |
|---|
HUDDLE_API_URL | Optional | Live game odds for Game-Day plays. Without it, GameDay listings are read-only. |
HUDDLE_API_KEY | Optional | Auth for the Huddle API. |
ANTHROPIC_API_KEY | Optional | AI-assisted ad copy generation + buyer-facing card descriptions. |
NEXT_PUBLIC_DEV_MODE | Optional | "true" shows the purple DEV banner + uses demo-coin payments. Always "false" in prod. |
Production checklist
- ✓
DATABASE_URL set
- ✓
JWT_SECRET matches SlabTrack + Storefront
- ✓
STRIPE_SECRET_KEY + STRIPE_PUBLISHABLE_KEY + NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY + STRIPE_WEBHOOK_SECRET all live (sk_live_, pk_live_, whsec_ live endpoint)
- ✓
SHIPPO_API_TOKEN set (live token)
- ✓ All seven
SHIP_FROM_* + ADMIN_EMAIL set
- ✓
NEXT_PUBLIC_BASE_URL = https://thisorthat.slabtrack.io
- ✓
SLABTRACK_API_URL + SLABTRACK_TOKEN + ECOSYSTEM_WEBHOOK_SECRET
- ○
SOLANA_RPC_URL + SOLANA_PRIVATE_KEY for on-chain anchoring
- ○
NEXT_PUBLIC_DEV_MODE=false