Overview Timeback uses environment variables for credentials and runtime configuration.
SDK Environment The SDK’s env option controls which Timeback environment to use:
staging Staging environment for development and testing
production Production environment for live applications
const timeback = await createTimeback ({ env: 'staging' , // or 'production' // ... })
Use staging during development to test against real data without affecting production.
Required Variables SDK Credentials # API credentials (required for full SDK) TIMEBACK_API_CLIENT_ID = your-client-id TIMEBACK_API_CLIENT_SECRET = your-client-secret # SSO credentials (required for SSO mode) AWS_COGNITO_CLIENT_ID = your-cognito-client-id AWS_COGNITO_CLIENT_SECRET = your-cognito-client-secret
Individual Clients Each client can be configured independently:
OneRoster ONEROSTER_BASE_URL = https://api.timeback.dev/oneroster ONEROSTER_TOKEN_URL = https://auth.timeback.dev/oauth2/token ONEROSTER_CLIENT_ID = your-client-id ONEROSTER_CLIENT_SECRET = your-client-secret
EduBridge EDUBRIDGE_BASE_URL = https://api.timeback.dev/edubridge EDUBRIDGE_TOKEN_URL = https://auth.timeback.dev/oauth2/token EDUBRIDGE_CLIENT_ID = your-client-id EDUBRIDGE_CLIENT_SECRET = your-client-secret
Caliper CALIPER_SENSOR_URL = https://caliper.timeback.dev/sensor CALIPER_API_KEY = your-api-key
QTI QTI_BASE_URL = https://api.timeback.dev/qti QTI_TOKEN_URL = https://auth.timeback.dev/oauth2/token QTI_CLIENT_ID = your-client-id QTI_CLIENT_SECRET = your-client-secret
PowerPath POWERPATH_BASE_URL = https://api.timeback.dev/powerpath POWERPATH_TOKEN_URL = https://auth.timeback.dev/oauth2/token POWERPATH_CLIENT_ID = your-client-id POWERPATH_CLIENT_SECRET = your-client-secret
.env Files Development # SDK TIMEBACK_API_CLIENT_ID = staging-client-id TIMEBACK_API_CLIENT_SECRET = staging-client-secret AWS_COGNITO_CLIENT_ID = staging-cognito-id AWS_COGNITO_CLIENT_SECRET = staging-cognito-secret # Direct clients (if needed) ONEROSTER_BASE_URL = https://api.staging.timeback.dev/oneroster ONEROSTER_TOKEN_URL = https://auth.staging.timeback.dev/oauth2/token ONEROSTER_CLIENT_ID = staging-client-id ONEROSTER_CLIENT_SECRET = staging-client-secret
Production # SDK TIMEBACK_API_CLIENT_ID = production-client-id TIMEBACK_API_CLIENT_SECRET = production-client-secret AWS_COGNITO_CLIENT_ID = production-cognito-id AWS_COGNITO_CLIENT_SECRET = production-cognito-secret
Security Never commit credentials to version control. Always use environment variables or secret
management.
Best practices:
Add .env* to .gitignore
Use different credentials for staging vs production
Rotate secrets regularly
Use secret managers (AWS Secrets Manager, Vault) in production
Next Steps
Configuration timeback.config.json reference
CLI credentials Manage credentials via CLI
