Skip to content

SimplyBiz Environment Variables

This document describes the required SimplyBiz environment variables for the Flowcode application.

Security Tokens (REQUIRED)

The following environment variables are mandatory and must be set with secure, randomly generated values:

JWT_SECRET

  • Purpose: Used for JWT token signing and verification
  • Required: No
  • Security: Must be a strong, random string (minimum 32 characters)
  • Example: JWT_SECRET=your-super-secure-random-jwt-secret-here

SIMPLYBIZ_LANDLORD_TOKEN

  • Purpose: Authentication token for SimplyBiz landlord access
  • Used in: Tenant login URL generation, token middleware validation
  • Required: Yes
  • Security: Must be a unique, unguessable string
  • Example: SIMPLYBIZ_LANDLORD_TOKEN=your-unique-landlord-token-here

FLOWCODER_REFERER_TOKEN

  • Purpose: Validation token for Flowcoder referer integration
  • Used in: getTenantLoginUrl() for flowcoder parameter, referer middleware
  • Required: Yes (when using flowcoder integration)
  • Security: Must be a unique, unguessable string
  • Example: FLOWCODER_REFERER_TOKEN=your-unique-flowcoder-token-here

Security Best Practices

⚠️ IMPORTANT: Never commit actual token values to version control.

  1. Generate Strong Tokens: Use cryptographically secure random strings 

    # Generate secure random strings
openssl rand -base64 32
# Or use Laravel's built-in helper
php -r "echo bin2hex(random_bytes(32)) . PHP_EOL;"

  2. Environment-Specific Values: Use different tokens for each environment (development, staging, production)

  3. Regular Rotation: Consider rotating these tokens periodically for enhanced security

Setup Instructions

  1. Copy .env.example to .env: 

    cp .env.example .env

  2. Generate and set the required security tokens: 

    # Example - replace with your own secure values
JWT_SECRET=$(openssl rand -base64 32)
SIMPLYBIZ_LANDLORD_TOKEN=$(openssl rand -base64 32)  
FLOWCODER_REFERER_TOKEN=$(openssl rand -base64 32)

  3. Update your .env file with the generated values

  4. Clear configuration cache after changes: 

    php artisan config:clear

  • config/flowcode.php - Configuration definitions
  • app/Http/Traits/FilamentHelperTrait.php - Uses landlord and flowcoder tokens
  • app/Http/Middleware/TokenMiddleware.php - Validates landlord token
  • app/Http/Middleware/RefererMiddleware.php - Validates flowcoder token