Environment variables
The only environment variables you need. Copy them to your .env (or secret manager).
Backend (server-side)
These two live on your server. Never in the browser.
| Variable | Value | Purpose |
|---|---|---|
NEUROON_API_KEY | sk_… (Production) or sk_dev_… (Development) | Authenticates every server-to-server call |
NEUROON_SHOP_ID | shop_… | Identifies your shop |
NEUROON_API_URL | https://api.neuroon.ai or https://dev-api.neuroon.ai | API base URL |
Frontend (browser)
The widget only needs the Widget Token (which you mint server-side and pass as data-token). There is no other client-side variable.
| Variable | Value | Purpose |
|---|---|---|
NEUROON_WIDGET_TOKEN (server-side) | 24 h token | Your server mints it and prints it into the HTML as data-token |
Per stack
Node / Express / NestJS
# .env
NEUROON_API_KEY=sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_SHOP_ID=shop_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_API_URL=https://api.neuroon.ai
const res = await fetch(`${process.env.NEUROON_API_URL}/api/plugin/shops/${process.env.NEUROON_SHOP_ID}/products/sync`, {
headers: { 'X-Shop-API-Key': process.env.NEUROON_API_KEY, ... }
})
Next.js
.env.local:
NEUROON_API_KEY=sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_SHOP_ID=shop_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_API_URL=https://api.neuroon.ai
Do not prefix with NEXT_PUBLIC_. This is server-only. To sign the Widget Token use a Route Handler (app/api/neuroon-token/route.ts) that signs it with HMAC and returns it to the frontend. See Recipe · Server-to-server token.
.NET (.NET 6+, ASP.NET Core)
appsettings.{Environment}.json or User Secrets in development:
{
"Neuroon": {
"ApiKey": "sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"ShopId": "shop_xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"ApiUrl": "https://api.neuroon.ai"
}
}
var apiKey = configuration["Neuroon:ApiKey"];
PHP / WordPress
wp-config.php (preferred over storing the key in wp_options):
define('NEUROON_API_KEY', 'sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
define('NEUROON_SHOP_ID', 'shop_xxxxxxxxxxxxxxxxxxxxxxxxxxxx');
define('NEUROON_API_URL', 'https://api.neuroon.ai');
Python / Django / Flask
# .env
NEUROON_API_KEY=sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_SHOP_ID=shop_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_API_URL=https://api.neuroon.ai
import os
api_key = os.environ['NEUROON_API_KEY']
Switching between Production and Development
You change just two things:
- NEUROON_API_URL=https://dev-api.neuroon.ai
+ NEUROON_API_URL=https://api.neuroon.ai
- NEUROON_API_KEY=sk_dev_xxxxxxxxxxxxxxxxxxxx
+ NEUROON_API_KEY=sk_xxxxxxxxxxxxxxxxxxxxxxxx
NEUROON_SHOP_ID may differ if you registered your shop in both environments separately.
The widget CDN (https://cdn.neuroon.ai/widget@<version>/widget.js) is the same on production and development.
Rules
- Never commit them to git.
.envbelongs in.gitignore. - Never put them in the frontend (
NEXT_PUBLIC_*,VITE_*, etc.) — all are server-only. - Never mix Production and Development keys.