API: Environment Variable Integration
all
Persona: devops
Touchpoint: all API routes
Preconditions
- Environment variables configured (Stripe, Anthropic, etc.)
- Secrets properly injected into runtime
Steps
| # | Action | Expected Result |
|---|---|---|
| 1 | Verify Stripe keys loaded | Stripe API calls succeed. No 'invalid API key' errors. |
| 2 | Verify Anthropic API key loaded | Chatbot API calls Claude. Responses are non-empty and relevant. |
| 3 | Verify Supabase connection string | Database queries execute fast. No 'connection timeout' errors. |
| 4 | Verify email service credentials | Email sending succeeds. Recipient receives message. |
| 5 | Verify Twilio/SMS credentials | SMS API calls succeed. Messages deliver. |
| 6 | Verify Webhook signing keys | Signed webhooks accepted. Unsigned webhooks rejected. |
| 7 | Check for hardcoded secrets in logs | No API keys, passwords, or secrets appear in application logs. |
| 8 | Verify env vars don't leak to client | Frontend code doesn't contain sensitive env vars. Only public keys exposed. |
Known Failure Modes
- Missing env var → API returns 500 with 'undefined' error
- Wrong API key → Auth failures on external APIs
- Secrets in logs → Security breach
- Secrets exposed to client → Compromise risk
References
- Playwright spec:
e2e (environment validation) - Code files:
Notes
Verifies all required environment variables are set and correct. Run after deploying to new environment or changing secrets. Checks that secrets don't leak to logs or client code. Critical for production deployments.