NxCreateDocs

Environment Variables

Store secrets and config values in your bot environment and read them with process.env.

Every bot has its own isolated environment. Store API keys, tokens, and config values there and read them with process.env — they never appear in your bot code.

How it works

Each bot has a private .env file managed by the platform. When your bot runs, those values are loaded into a sandboxed process.env scoped only to your bot. Other bots cannot see your variables, and you cannot read host-level system variables.

Setting variables

Open the Env Editor from the bot editor toolbar. Add one variable per line in KEY=VALUE format. Lines starting with # are treated as comments and ignored.

# Payment gateway
STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...

# Third-party API
WEATHER_API_KEY=abc123

# Feature flag
PREMIUM_ONLY=true
Save the Env Editor after making changes. Variables are not live until the bot is saved and restarted.

Reading in bot code

Use process.env.KEY_NAME anywhere in your bot code. The value is always a string — parse it if you need a number or boolean.

bot.command('weather', async (ctx) => {
  const apiKey = process.env.WEATHER_API_KEY;
  const res = await axios.get('https://api.weather.example.com/current', {
    params: { key: apiKey, city: 'Delhi' }
  });
  await ctx.reply(res.data.description);
});
// Parsing a boolean flag
const premiumOnly = process.env.PREMIUM_ONLY === 'true';

// Parsing a number
const maxRetries = Number(process.env.MAX_RETRIES) || 3;

Built-in variables

Two variables are always available without being set in the Env Editor:

VariableValue
process.env.BOT_TOKENThe Telegram bot token connected to this bot.
process.env.BOT_IDThe internal NxCreator bot ID for this bot.
BOT_TOKEN and BOT_ID are injected automatically. You do not need to set them in the Env Editor.

Security model

  • Scoped: Your bot can only read its own variables — not the host system's environment and not another bot's variables.
  • Read-only: Bot code cannot modify or delete env values at runtime. Changes only take effect through the Env Editor.

Common patterns

Guard against missing variables

const apiKey = process.env.STRIPE_SECRET_KEY;
if (!apiKey) {
  console.error('STRIPE_SECRET_KEY is not set');
  return ctx.reply('Payment service is not configured.');
}

Use in custom webhook handlers

Env vars are available inside logic[...] handlers the same way as in regular bot code — useful for validating a shared secret on incoming webhook calls.

logic['stripe-event'] = async (query, body, db, response) => {
  if (query.token !== process.env.WEBHOOK_SECRET) {
    response.statusCode = 401;
    response.message = 'Unauthorized';
    return;
  }
  // handle event...
};
Last updated March 22, 2026
Was this page helpful?