Documentation Index
Fetch the complete documentation index at: https://docs.cocobase.cc/llms.txt
Use this file to discover all available pages before exploring further.
Project Settings
Every project has a Settings page where you control credentials, team members, authentication behavior, and environment variables for cloud functions.
How to get there:
Dashboard → [Your Project] → Settings
↑
Left sidebar navigation item
app.cocobase.cc
└── Dashboard (project list)
└── Click a project row
└── Left sidebar → Settings
| Tab | What’s in it |
|---|
| General | Project name, API key, allowed origins (CORS) |
| Team | Invite teammates, manage access |
| Configs | Auth behavior, email URLs, environment variables |
General Tab
API Key
Your project’s API key authenticates every SDK and HTTP request from your app. It must be sent in the X-API-Key header.
⚠️ Keep this secret. Anyone with this key can read and write
all your project's data.
- Click Copy to copy the key to clipboard
- Click Regenerate to rotate to a new key (the old key stops working immediately)
Allowed Origins (CORS)
Controls which domains are allowed to call your Cocobase API from a browser.
Settings → General → Allowed Origins
[+ Add origin] https://myapp.com [×]
https://staging.myapp.com [×]
http://localhost:3000 [×]
- Add every domain your frontend runs on
- Include
http://localhost:PORT for local development
- Wildcards (
*) are not supported — list each origin explicitly
- Mobile apps and server-side code don’t need CORS (add them anyway if you see errors)
To add an origin:
- Type the full URL (including
https://) into the input
- Click Add or press Enter
- Click Save
Team Tab
Invite other Cocobase users to collaborate on your project. Teammates can access the dashboard, view data, and manage collections — but only the owner can delete the project or regenerate the API key.
Invite a Teammate
Settings → Team → [Email address input] → Send invite
- Enter the teammate’s Cocobase account email
- Click Invite
- They appear in the team list immediately — they’ll see the project in their dashboard
Remove a Teammate
Click the trash icon next to their name. They lose access immediately.
Leaving a Project (teammates only)
If you’re a teammate (not the owner), you’ll see a Leave button on the project row in your dashboard:
Dashboard → Project row → Leave button (↖ exit icon)
Configs Tab
The Configs tab has two sections:
- Project configuration — built-in settings that control Cocobase behavior
- Environment variables — custom key/value pairs for your cloud functions
Project Configuration
These are the built-in config keys. You can set them with the toggles and inputs in the dashboard, or read them from config.get("KEY") inside cloud functions.
Auth
JWT_EXPIRY_MINUTES
Type: integer Default: 2880 (2 days) Min: 1
| Value | Meaning |
|---|
60 | 1 hour |
1440 | 1 day |
2880 | 2 days (default) |
43200 | 30 days |
ENABLE_2FA
Type: boolean Default: false
OTP_LENGTH. Users can individually opt out of 2FA on their account (if you allow it).
ENABLE_PHONE_LOGIN
Type: boolean Default: false
ENABLE_EMAIL_VERIFICATION
Type: boolean Default: false
email_verified is false.
Pair with VERIFICATION_URL to point users to your own verification page, or leave it blank to use the Cocobase-hosted one.
OTP_LENGTH
Type: integer Default: 6 Range: 4–10
4 for shorter codes (friendlier UX), 8 or 10 for higher security.
ALLOWED_SELF_ROLES
Type: string (comma-separated) Default: null (all roles allowed)
user and seller to be self-assigned:
Roles not in this list (e.g. admin, moderator) can only be assigned server-side via cloud functions or the dashboard.
Email
These settings control the URLs included in system emails (verification, welcome, password reset).
SEND_WELCOME_EMAIL
Type: boolean Default: true
post_register hook.
FRONTEND_URL
Type: string Default: null
https://myapp.com). Used as a fallback when more specific URL configs are not set, and included in email templates as a “go to app” link.
Set this first — the other URL configs fall back to it.
VERIFICATION_URL
Type: string Default: null
ENABLE_EMAIL_VERIFICATION on, Cocobase sends them a link:
{VERIFICATION_URL}?token=<token>
token query param and call the verification endpoint. If not set, falls back to FRONTEND_URL, then to the Cocobase-hosted verification page.
Example: https://myapp.com/verify-email
VERIFICATION_SUCCESS_URL
Type: string Default: null
https://myapp.com/welcome
LOGIN_URL
Type: string Default: null
https://myapp.com/login
PASSWORD_RESET_URL
Type: string Default: null
{PASSWORD_RESET_URL}?token=<token>
https://myapp.com/reset-password
Environment Variables
Settings → Configs → Environment Variables section
config.get("MY_KEY").
[Key] [Value]
STRIPE_API_KEY sk_live_... 👁 🗑
SLACK_WEBHOOK_URL https://hooks... 👁 🗑
APP_ENV production 👁 🗑
[+ Add new variable]
- Keys are auto-uppercased and spaces become
_
- Values are masked by default (click the eye icon to reveal)
- Keys that match a built-in config name are rejected — use the Config section above for those
- Changes take effect on the next function execution (no restart needed)
Reading in cloud functions:
def main():
stripe_key = config.get("STRIPE_API_KEY")
slack_url = config.get("SLACK_WEBHOOK_URL")
env = config.get("APP_ENV", "production") # with default
...
Quick Navigation Map
app.cocobase.cc
│
├── Dashboard (project list)
│ └── Click any project row
│
└── Project Dashboard
│
├── Overview ← landing page
├── Collections ← data / schema
├── App Users ← auth users + hooks
│ └── Auth Hooks tab
├── Cloud Functions ← deploy Python functions
├── Cron Jobs ← scheduled function runs
├── Storage ← files / media / static
├── Email ← SMTP + templates + logs
├── Analytics
│ ├── Overview
│ ├── Usage & Plan ← quota bars
│ └── Functions
├── Subscriptions ← upgrade plan / voucher
└── Settings ◄──── you are here
├── General ← API key + CORS origins
├── Team ← invite teammates
└── Configs ← auth config + env vars
