Never commit tokens or API keys to Git. Treat NOTIFYER_API_TOKEN and the Developer API key as production secrets.
Required environment variables
Auth modes (critical)
Notifyer has three auth modes depending on the API surface. The same JWT is used for Console and Chat modes — only the header formatting differs.
If you see HTTP 401 across many scripts, your JWT likely expired. Re-run setup-notifyer/scripts/login.js and re-export NOTIFYER_API_TOKEN.
Many Xano endpoints enforce allowed origins. The skills’ shared HTTP client automatically sends a correct Origin header per mode:
- Console-mode requests use
Origin: https://console.notifyer-systems.com
- Chat-mode requests use
Origin: https://chat.notifyer-systems.com (override with NOTIFYER_CHAT_ORIGIN)
This is important because “missing Origin” can cause silent or confusing auth failures on endpoints that validate it.
Persisting environment variables
Add these exports to your shell profile:
Security notes for CLI usage
Passing secrets via CLI flags (like --password) can expose them via process lists (ps aux) on shared machines. Prefer using a password manager/secure terminal, and avoid logging stdout in shared CI environments.
Related pages