4333b1c55d
Etsy returns 403 'Shared secret is required in x-api-key header' when the keystring is used on resource endpoints: the keystring is only the OAuth client id. Store the shared secret alongside it (Settings form + env fallback) and send it as x-api-key on users/me and receipt requests. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
19 lines
No EOL
620 B
Text
19 lines
No EOL
620 B
Text
# Environment Variables
|
|
NODE_ENV=development
|
|
PORT=3001
|
|
CLIENT_URL=http://localhost:3000
|
|
|
|
# Database
|
|
MONGODB_URI=mongodb://localhost:27017/etsy-tracker
|
|
|
|
# JWT Secret (change in production)
|
|
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
|
|
|
|
# Session Secret (change in production)
|
|
SESSION_SECRET=your-super-secret-session-key-change-this-in-production
|
|
|
|
# Etsy API (optional fallback — normally configured per user in the
|
|
# Settings UI and stored in the database)
|
|
# ETSY_API_KEY=your-etsy-keystring
|
|
# ETSY_SHARED_SECRET=your-etsy-shared-secret
|
|
# ETSY_REDIRECT_URI=https://etsy.plexultra.com/api/etsy/callback |