Overview Timeback uses environment variables for credentials and runtime configuration.
SDK Environment The SDK’s env option controls which Timeback environment to use:
staging Staging environment for development and testing
production Production environment for live applications
const timeback = await createTimeback ({ env: 'staging' , // or 'production' // ... })
Use staging during development to test against real data without affecting production.
Required Variables SDK Credentials # API credentials (required for full SDK) TIMEBACK_API_CLIENT_ID = your-client-id TIMEBACK_API_CLIENT_SECRET = your-client-secret # SSO credentials (required for SSO mode) AWS_COGNITO_CLIENT_ID = your-cognito-client-id AWS_COGNITO_CLIENT_SECRET = your-cognito-client-secret
Individual Clients Each client can be configured independently:
OneRoster ONEROSTER_BASE_URL = https://api.timeback.dev/oneroster ONEROSTER_TOKEN_URL = https://auth.timeback.dev/oauth2/token ONEROSTER_CLIENT_ID = your-client-id ONEROSTER_CLIENT_SECRET = your-client-secret
EduBridge EDUBRIDGE_BASE_URL = https://api.timeback.dev/edubridge EDUBRIDGE_TOKEN_URL = https://auth.timeback.dev/oauth2/token EDUBRIDGE_CLIENT_ID = your-client-id EDUBRIDGE_CLIENT_SECRET = your-client-secret
Caliper CALIPER_SENSOR_URL = https://caliper.timeback.dev/sensor CALIPER_API_KEY = your-api-key
QTI QTI_BASE_URL = https://api.timeback.dev/qti QTI_TOKEN_URL = https://auth.timeback.dev/oauth2/token QTI_CLIENT_ID = your-client-id QTI_CLIENT_SECRET = your-client-secret
PowerPath POWERPATH_BASE_URL = https://api.timeback.dev/powerpath POWERPATH_TOKEN_URL = https://auth.timeback.dev/oauth2/token POWERPATH_CLIENT_ID = your-client-id POWERPATH_CLIENT_SECRET = your-client-secret
.env Files Development # SDK TIMEBACK_API_CLIENT_ID = staging-client-id TIMEBACK_API_CLIENT_SECRET = staging-client-secret AWS_COGNITO_CLIENT_ID = staging-cognito-id AWS_COGNITO_CLIENT_SECRET = staging-cognito-secret # Direct clients (if needed) ONEROSTER_BASE_URL = https://api.staging.timeback.dev/oneroster ONEROSTER_TOKEN_URL = https://auth.staging.timeback.dev/oauth2/token ONEROSTER_CLIENT_ID = staging-client-id ONEROSTER_CLIENT_SECRET = staging-client-secret
Production # SDK TIMEBACK_API_CLIENT_ID = production-client-id TIMEBACK_API_CLIENT_SECRET = production-client-secret AWS_COGNITO_CLIENT_ID = production-cognito-id AWS_COGNITO_CLIENT_SECRET = production-cognito-secret
Security Never commit credentials to version control. Always use environment variables or secret
management.
Best practices:
Add .env* to .gitignore
Use different credentials for staging vs production
Rotate secrets regularly
Use secret managers (AWS Secrets Manager, Vault) in production
Next Steps 
