Environment Variables
The URL Media Inspector API relies on standard environment variables for configuration. These should be defined in a .env file or supplied directly by your container orchestration system.
Core Variables
| Variable | Type | Default | Description |
|---|---|---|---|
PORT | Number | 3000 | The port the server will bind to. |
NODE_ENV | String | development | Defines the environment. Set to production for optimized logging and cache behavior. |
PUBLIC_API_URL | String | — | The public-facing base URL of the API (e.g., https://api.urlmediainspector.dev). Used for Swagger UI server resolution and Content Security Policy. When unset in development, Swagger defaults to http://localhost:{PORT}. |
LOG_LEVEL | String | info | Logging verbosity. Use debug for development. |
Network Constraints
| Variable | Type | Default | Description |
|---|---|---|---|
MAX_FILE_SIZE_BYTES | Number | 52428800 | Maximum allowed size (in bytes) for media fetching. Default is 50 MB. |
MAX_REDIRECTS | Number | 5 | Maximum number of HTTP redirects to follow. |
TIMEOUT_MS | Number | 10000 | Global timeout for outbound HTTP requests (in milliseconds). |
Redis Configuration
The API uses Redis for canonical resource caching and background job orchestration.
| Variable | Type | Default | Description |
|---|---|---|---|
REDIS_HOST | String | 127.0.0.1 | Redis server hostname. Use redis inside Docker Compose. |
REDIS_PORT | Number | 6379 | Redis server port. |
REDIS_PASSWORD | String | — | Redis authentication password. Leave empty for development. |
REDIS_DB | Number | 0 | Redis database index. |
Queue Configuration
Background enrichment workers are managed through a job queue.
| Variable | Type | Default | Description |
|---|---|---|---|
QUEUE_CONCURRENCY | Number | 5 | Maximum number of concurrent enrichment jobs. |
QUEUE_ATTEMPTS | Number | 3 | Number of retry attempts for failed jobs. |
QUEUE_BACKOFF | Number | 1000 | Backoff delay (in milliseconds) between retry attempts. |
Security
| Variable | Type | Default | Description |
|---|---|---|---|
WEBHOOK_SECRET | String | — | Shared secret for webhook signature verification. Must be set to a strong, unique value in production. |
ADMIN_TOKEN | String | — | Token for administrative API endpoints. |
Note: SSRF protection is always enabled. There is no toggle to disable it.