> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timeback.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Environment

> Environment variables and configuration for Timeback

## Overview

Timeback uses environment variables for credentials and runtime configuration.

## SDK Environment

The SDK's `env` option controls which Timeback environment to use:

<CardGroup cols={2}>
  <Card title="staging" icon="flask">
    Staging environment for development and testing
  </Card>

  <Card title="production" icon="rocket">
    Production environment for live applications
  </Card>
</CardGroup>

```typescript theme={null}
const timeback = await createTimeback({
	env: 'staging', // or 'production'
	// ...
})
```

Use `staging` during development to test against real data without affecting production.

## Required Variables

### SDK Credentials

```bash theme={null}
# API credentials (required for full SDK)
TIMEBACK_API_CLIENT_ID=your-client-id
TIMEBACK_API_CLIENT_SECRET=your-client-secret

# SSO credentials (required for SSO mode)
AWS_COGNITO_CLIENT_ID=your-cognito-client-id
AWS_COGNITO_CLIENT_SECRET=your-cognito-client-secret
```

### Individual Clients

Each client can be configured independently:

#### OneRoster

```bash theme={null}
ONEROSTER_BASE_URL=https://api.timeback.dev/oneroster
ONEROSTER_TOKEN_URL=https://auth.timeback.dev/oauth2/token
ONEROSTER_CLIENT_ID=your-client-id
ONEROSTER_CLIENT_SECRET=your-client-secret
```

#### EduBridge

```bash theme={null}
EDUBRIDGE_BASE_URL=https://api.timeback.dev/edubridge
EDUBRIDGE_TOKEN_URL=https://auth.timeback.dev/oauth2/token
EDUBRIDGE_CLIENT_ID=your-client-id
EDUBRIDGE_CLIENT_SECRET=your-client-secret
```

#### Caliper

```bash theme={null}
CALIPER_SENSOR_URL=https://caliper.timeback.dev/sensor
CALIPER_API_KEY=your-api-key
```

#### QTI

```bash theme={null}
QTI_BASE_URL=https://api.timeback.dev/qti
QTI_TOKEN_URL=https://auth.timeback.dev/oauth2/token
QTI_CLIENT_ID=your-client-id
QTI_CLIENT_SECRET=your-client-secret
```

#### PowerPath

```bash theme={null}
POWERPATH_BASE_URL=https://api.timeback.dev/powerpath
POWERPATH_TOKEN_URL=https://auth.timeback.dev/oauth2/token
POWERPATH_CLIENT_ID=your-client-id
POWERPATH_CLIENT_SECRET=your-client-secret
```

## .env Files

### Development

```bash .env.local theme={null}
# SDK
TIMEBACK_API_CLIENT_ID=staging-client-id
TIMEBACK_API_CLIENT_SECRET=staging-client-secret
AWS_COGNITO_CLIENT_ID=staging-cognito-id
AWS_COGNITO_CLIENT_SECRET=staging-cognito-secret

# Direct clients (if needed)
ONEROSTER_BASE_URL=https://api.staging.timeback.dev/oneroster
ONEROSTER_TOKEN_URL=https://auth.staging.timeback.dev/oauth2/token
ONEROSTER_CLIENT_ID=staging-client-id
ONEROSTER_CLIENT_SECRET=staging-client-secret
```

### Production

```bash .env.production theme={null}
# SDK
TIMEBACK_API_CLIENT_ID=production-client-id
TIMEBACK_API_CLIENT_SECRET=production-client-secret
AWS_COGNITO_CLIENT_ID=production-cognito-id
AWS_COGNITO_CLIENT_SECRET=production-cognito-secret
```

## Security

<Warning>
  Never commit credentials to version control. Always use environment variables or secret
  management.
</Warning>

Best practices:

1. Add `.env*` to `.gitignore`
2. Use different credentials for staging vs production
3. Rotate secrets regularly
4. Use secret managers (AWS Secrets Manager, Vault) in production

## Next Steps

<CardGroup cols={2}>
  <Card title="Configuration" icon="gear" href="/beta/build-on-timeback/reference/configuration">
    timeback.config.json reference
  </Card>

  <Card title="CLI credentials" icon="key" href="/beta/build-on-timeback/cli/credentials">
    Manage credentials via CLI
  </Card>
</CardGroup>