Configuration

ScanPick is configured through environment variables. No config files required.

Required Variables

Variable	Description	Example
`DATABASE_CONNECTION_STRING`	PostgreSQL connection string	`Host=localhost;Database=scanpick;Username=scanpick;Password=...`
`JWT_SECRET`	JWT signing key (64+ characters)	`openssl rand -base64 48 \| tr -d '/+=' \| head -c 64`

Optional Variables

Variable	Default	Description
`ASPNETCORE_URLS`	`http://+:5000`	API listen URL
`ASPNETCORE_ENVIRONMENT`	`Production`	Environment name. Set to `Development` for detailed error pages and Scalar API explorer
`DISABLE_AUTO_SEED`	`false`	Set to `true` to skip automatic database seeding on first startup
`SETUP_TOKEN`	(none)	First-run setup token. If set, the setup page is required before the API starts

Database

ScanPick uses PostgreSQL 16 only. The API automatically applies pending Entity Framework migrations on startup.

Connection string format:

Host=<host>;Database=<database>;Username=<user>;Password=<password>

Optional parameters:

Port=<port> — default: 5432
SSL Mode=Require — for cloud-hosted PostgreSQL

Connection String Examples

# Local Docker Postgres
DATABASE_CONNECTION_STRING="Host=localhost;Database=scanpick;Username=scanpick;Password=devpassword"

# Remote PostgreSQL
DATABASE_CONNECTION_STRING="Host=db.example.com;Port=5432;Database=scanpick;Username=scanpick;Password=securepass;SSL Mode=Require"

Authentication

Workers authenticate via PIN (BCrypt-hashed). The API issues JWTs with a 24-48 hour expiry. No refresh tokens in v1.

The JWT_SECRET should be:

At least 64 characters long
Generated randomly per installation
Stored securely (environment variable, not in config files)

Production Checklist

Generate a strong JWT_SECRET
Set ASPNETCORE_ENVIRONMENT to Production
Use a dedicated PostgreSQL user (not postgres superuser)
Enable SSL for database connections if connecting over network
Configure a reverse proxy (nginx, Caddy) for TLS termination
Set up regular PostgreSQL backups
Monitor API health at GET /api/health