Third-Party Integrations

All sensitive keys and environment variables should be properly secured and never committed to version control. Use appropriate secret management solutions for different environments.

StarterAppKit integrates with several third-party services that require configuration through environment variables. Below are the key services and their respective configurations:

Google Authentication

Google Sign-In enables users to authenticate using their Google accounts.

Required Environment Variables:

  • GOOGLE_CLIENT_ID: Your Google OAuth 2.0 client ID
  • GOOGLE_REDIRECT_URI: The authorized redirect URI for OAuth flow
Ensure your redirect URIs are properly configured in both your application and Google Cloud Console. Mismatched URIs will cause authentication failures.

To set up Google Authentication:

  1. Visit the Google Cloud Console
  2. Create or select a project
  3. Enable the Google Sign-In API
  4. Create OAuth 2.0 credentials
  5. Add authorized redirect URIs

Stripe

Stripe handles payment processing within the application.

Required Environment Variables:

  • STRIPE_SK: Your Stripe Secret Key
  • STRIPE_PK: Your Stripe Publishable Key
  • STRIPE_WEBHOOK_SECRET: Your Stripe Webhook Secret Key
Never expose your Stripe Secret Key (SK) in client-side code. Always keep it secure on your server.

To configure Stripe:

  1. Create a Stripe account
  2. Obtain your API keys from the Stripe Dashboard
  3. Configure webhook endpoints if needed

Apple In-App Purchases

For iOS in-app purchase validation and receipt verification through App Store Connect.

Required Environment Variables:

  • APPLE_RECEIPT_SECRET: Your App Store Connect shared secret
  • APPLE_RECEIPT_ENVIRONMENT: Set to either sandbox or production
  • BUNDLE_ID: Your iOS app bundle identifier
Always test in-app purchases using the sandbox environment first. The production environment should only be used after thorough testing.

For setup instructions, visit the Apple In-App Purchase Documentation.

Flagsmith

Flagsmith provides feature flag management.

Required Environment Variables:

  • FLAGSMITH_KEY: Your Flagsmith API key
Remember to set up appropriate fallback values for all feature flags in case the Flagsmith service is unreachable.

To set up Flagsmith:

  1. Create an account at Flagsmith
  2. Create a new project
  3. Obtain your API key from the project settings
  4. See the Flagsmith Documentation for implementation details

Email Service (SMTP)

For sending transactional emails and magic links.

Required Environment Variables:

  • SMTP_USERNAME: Your SMTP server username
  • SMTP_PASSWORD: Your SMTP server password
  • SMTP_HOST: Your SMTP server hostname
Implement proper email validation and rate limiting to prevent abuse of your email service.

Common SMTP providers:

Magic Link Authentication

Secure passwordless authentication system.

Required Environment Variables:

  • MAGIC_LINK_SECRET: Secret key for generating secure magic links
Magic links should have a short expiration time and be single-use only to maintain security.

Development Considerations

When deploying to production, ensure all development-specific configurations are removed and proper security measures are in place.

Additional Notes

  • Different values may be needed for development, staging, and production environments
  • Refer to each service's documentation for best practices on key management and security
  • Consider using a secure secret management system for production deployments

For a complete list of dependencies and integrations:

  • Mobile app: Review Package Dependencies in Xcode
  • Backend: Check package.json in the backend codebase
Extending StarterAppKitAuthentication