QANATIX
Deployment

Configuration

All environment variables for QANATIX.

Configuration

All QANATIX settings via environment variables.

Core

VariableDescriptionDefault
ENVEnvironment (development, production)development
DEBUGEnable debug modefalse
API_V1_PREFIXAPI route prefix/api/v1
DEPLOYMENT_MODEcloud or self_hostedself_hosted

Infrastructure

VariableDescriptionDefault
DATABASE_URLAsync Postgres connection stringpostgresql+asyncpg://qanatix:qanatix@localhost:5434/qanatix
DB_POOL_SIZESQLAlchemy connection pool size per process5
DB_MAX_OVERFLOWMax overflow connections5
DB_POOL_TIMEOUTSeconds to wait for a connection10
REDIS_URLRedis connection stringredis://localhost:6380/0
REDIS_MAX_CONNECTIONSRedis connection pool size20

Authentication

QANATIX uses self-contained auth — no external auth provider required. Users sign in via the developer portal (email + password or OAuth), and receive a JWT.

VariableDescriptionDefault
SECRET_KEYSecret for signing JWTs and other tokens. Must change in production. Generate with openssl rand -hex 32change-me-to-a-random-64-char-string
JWT_ALGORITHMJWT signing algorithmHS256
JWT_EXPIRE_MINUTESJWT token lifetime in minutes1440 (24 hours)
FRONTEND_URLURL of the developer portal (used in email links)http://localhost:5173
REQUIRE_EMAIL_VERIFICATIONRequire email verification before login. Set false if no SMTP configured.true
MAX_LOGIN_ATTEMPTSFailed logins before account lockout5
LOCKOUT_DURATION_MINUTESLockout duration after too many failed attempts15

Email (SMTP)

Required for email verification and password reset. If not configured, set REQUIRE_EMAIL_VERIFICATION=false.

VariableDescriptionDefault
SMTP_HOSTSMTP server hostname
SMTP_PORTSMTP server port587
SMTP_USERSMTP username
SMTP_PASSWORDSMTP password
SMTP_USE_TLSUse STARTTLStrue
EMAIL_FROMSender addressQanatix <noreply@qanatix.com>
RESEND_API_KEYResend API key (alternative to SMTP, cloud mode)

OAuth (optional)

Enable social login by configuring one or more providers. Users can always sign in with email + password even without OAuth.

VariableDescription
OAUTH_GOOGLE_CLIENT_IDGoogle OAuth client ID
OAUTH_GOOGLE_CLIENT_SECRETGoogle OAuth client secret
OAUTH_GITHUB_CLIENT_IDGitHub OAuth App client ID
OAUTH_GITHUB_CLIENT_SECRETGitHub OAuth App client secret
OAUTH_GITLAB_CLIENT_IDGitLab OAuth application ID
OAUTH_GITLAB_CLIENT_SECRETGitLab OAuth application secret

To set up OAuth:

  1. Register an OAuth application with the provider
  2. Set the callback URL to https://your-api-domain/api/v1/auth/oauth/{provider}/callback
  3. Add the client ID and secret to your environment

Security

VariableDescriptionDefault
API_KEY_SALTSalt for API key hashing (must change in production)change-me-to-a-random-string
CONNECTOR_ENCRYPTION_KEYFernet key for connector credential encryption (comma-separated for key rotation via MultiFernet)Auto-generated in dev
WEBHOOK_SECRETHMAC-SHA256 secret for webhook verification
CORS_ORIGINSAllowed origins (comma-separated, must not be * in production)*

Upload

VariableDescriptionDefault
INGESTION_MAX_FILE_SIZEMax upload file size in bytes52428800 (50 MB)
INGESTION_BATCH_SIZEMax records per batch5000
INGESTION_ERROR_THRESHOLDCircuit breaker error ratio0.1 (10%)
INGESTION_MAX_ERRORSMax errors before circuit break1000
VariableDescriptionDefault
SEARCH_MAX_QUERY_LENGTHMax query string length500
SEARCH_MAX_FILTERSMax filters per query20
SEARCH_MAX_LIMITMax results per query100

Rate Limiting

VariableDescriptionDefault
RATE_LIMIT_ENABLEDEnable rate limitingtrue

Deployment

VariableDescriptionDefault
LOG_LEVELLogging levelINFO
WEB_CONCURRENCYUvicorn worker count1

Docker Compose production defaults

The included docker-compose.yml overrides several defaults for production:

SettingCode defaultDocker Compose
DB_POOL_SIZE520 (API), 10 (worker)
API workers14

Default ports

ServiceDefault port
QANATIX API8000
Postgres5432 (dev: 5434)
Redis6379 (dev: 6380)

Production validation

In production (ENV=production), QANATIX validates:

  • SECRET_KEY must not be the default value
  • API_KEY_SALT must not be the default value
  • CORS_ORIGINS must not be wildcard ["*"]
  • WEBHOOK_SECRET must be set

Bring Your Own Model

Configure custom AI model providers — Anthropic, OpenAI, Google, or self-hosted endpoints.

API Reference

QANATIX REST API — all endpoints.

On this page

ConfigurationCoreInfrastructureAuthenticationEmail (SMTP)OAuth (optional)SecurityUploadSearchRate LimitingDeploymentDocker Compose production defaultsDefault portsProduction validation