Configuration
Loopwave is configured through environment variables, validated at startup — if a required value is malformed, the server refuses to start (fail fast) rather than running in a broken state.
Core variables
| Variable | Default | Description |
|---|---|---|
PORT | 4000 | Port the API listens on. |
WEB_ORIGIN | http://localhost:3000 | Your dashboard URL; used for CORS and socket origins. |
MONGODB_URI | mongodb://localhost:27017/wa_platform | MongoDB connection string. |
JWT_SECRET | dev-secret-change-me | Secret for signing dashboard login tokens. Change in production. |
JWT_EXPIRES | 7d | Login token lifetime. |
AUTH_DIR | .data/auth | Directory holding WhatsApp linked-device credentials. Must persist. |
If JWT_SECRET is left at its default, Loopwave warns at startup. Always set a strong,
unique secret before going to production — anyone who knows it can forge logins.
Initial admin (optional bootstrap)
These can seed the first admin if you prefer not to use the install wizard interactively. The wizard is still the recommended path.
| Variable | Default | Description |
|---|---|---|
ADMIN_EMAIL | admin@local | Bootstrap admin email. |
ADMIN_PASSWORD | admin123 | Bootstrap admin password. Change it. |
ADMIN_NAME | Admin | Bootstrap admin display name. |
License variables
These control license verification and enforcement. See Licensing for the full picture.
| Variable | Default | Description |
|---|---|---|
LICENSE_MODE | monitor | monitor tracks state only; enforce blocks writes when invalid. Use enforce for shipped tenant builds. |
LICENSE_PUBLIC_KEY | dev key | Base64 PEM of your Ed25519 public key. Set your own for production. |
LICENSE_GRACE_DAYS | 7 | Days a tenant keeps working after expiry before hard-lock. |
LICENSE_CHECK_INTERVAL_HOURS | 12 | How often the background re-check runs. |
LICENSE_SERVER_URL | (empty) | Optional endpoint for remote revocation checks. Network failure never locks a working tenant. |
Example .env
PORT=4000
WEB_ORIGIN=https://inbox.yourcompany.com
MONGODB_URI=mongodb://localhost:27017/loopwave
JWT_SECRET=please-generate-a-long-random-string
JWT_EXPIRES=7d
AUTH_DIR=/var/lib/loopwave/auth
# License (production)
LICENSE_MODE=enforce
LICENSE_PUBLIC_KEY=base64-pem-of-your-public-key
LICENSE_GRACE_DAYS=7Treat JWT_SECRET and any private license key as secrets. Never commit them to source
control; load them from your platform’s secret manager.
How licensing, grace periods, and enforcement work.