Skip to main content
Never commit tokens or API keys to Git. Treat NOTIFYER_API_TOKEN and the Developer API key as production secrets.

Required environment variables

Auth modes (critical)

Notifyer has three auth modes depending on the API surface. The same JWT is used for Console and Chat modes — only the header formatting differs.
If you see HTTP 401 across many scripts, your JWT likely expired. Re-run setup-notifyer/scripts/login.js and re-export NOTIFYER_API_TOKEN.

Origin headers & CORS behavior

Many Xano endpoints enforce allowed origins. The skills’ shared HTTP client automatically sends a correct Origin header per mode:
  • Console-mode requests use Origin: https://console.notifyer-systems.com
  • Chat-mode requests use Origin: https://chat.notifyer-systems.com (override with NOTIFYER_CHAT_ORIGIN)
This is important because “missing Origin” can cause silent or confusing auth failures on endpoints that validate it.

Persisting environment variables

Add these exports to your shell profile:

Security notes for CLI usage

Passing secrets via CLI flags (like --password) can expose them via process lists (ps aux) on shared machines. Prefer using a password manager/secure terminal, and avoid logging stdout in shared CI environments.