Managing environment variables effectively is crucial for a smooth API development workflow. In this guide, we'll explore best practices for organizing your variables, keeping secrets secure, and switching between environments seamlessly.

Why Environment Variables Matter

Hard-coding values like API URLs, keys, and tokens into your requests creates several problems:

Manual updates: Changing environments requires editing every request
Security risks: Accidentally sharing requests with real credentials
Team confusion: Different team members with different configurations

Environment variables solve all these problems.

Setting Up Your Environments

We recommend creating at least three environments:

Development

{
  "baseUrl": "http://localhost:3000",
  "apiKey": "dev-key-12345",
  "debug": "true"
}

Staging

{
  "baseUrl": "https://staging-api.example.com",
  "apiKey": "staging-key-67890",
  "debug": "true"
}

Production

{
  "baseUrl": "https://api.example.com",
  "apiKey": "{{PROD_API_KEY}}",
  "debug": "false"
}

Using Variables in Requests

Reference variables using double curly braces:

GET {{baseUrl}}/api/v1/users
Authorization: Bearer {{apiKey}}

When you switch environments, all your requests automatically update.

Variable Scopes

Restk supports multiple variable scopes, resolved in this order:

Runtime variables - Set during script execution
Request variables - Defined on the request
Folder variables - Inherited from parent folders
Collection variables - Shared across a collection
Environment variables - Environment-specific

This hierarchy allows you to override variables at different levels.

Handling Secrets Securely

For sensitive values like API keys and tokens, follow these practices:

Use Initial vs Current Values

Restk distinguishes between:

Initial value: Shared with your team
Current value: Used locally, never shared

Store placeholder text in initial values and real secrets in current values.

Never Commit Secrets

When exporting environments:

Review the JSON before sharing
Remove or mask sensitive values
Use a secrets manager for production credentials

Use Dynamic Secrets

For extra security, generate tokens dynamically in pre-request scripts:

// Generate timestamp-based token
const timestamp = Date.now();
const secret = nova.environment.get('secret');
const token = nova.crypto.hmacSha256(timestamp.toString(), secret);
nova.variable.set('authToken', token);

Environment Switching Tips

Keyboard Shortcut

Use Cmd+E to quickly switch environments.

Color Coding

Assign different colors to environments:

🟢 Green for Development
🟡 Yellow for Staging
🔴 Red for Production

The visual indicator helps prevent accidental production requests.

Environment Indicators

Enable the environment indicator in settings to always see which environment is active.

Advanced Patterns

Dynamic Base URLs

Support multiple API versions:

{
  "baseUrl": "https://api.example.com",
  "apiVersion": "v2",
  "fullUrl": "{{baseUrl}}/{{apiVersion}}"
}

Conditional Values

Use scripts to set values conditionally:

if (nova.environment.get("name") === 'production') {
  nova.variable.set('timeout', '30000');
} else {
  nova.variable.set('timeout', '5000');
}

Common Mistakes to Avoid

Hard-coding URLs: Always use {{baseUrl}}
Sharing secrets: Never commit real API keys
Forgetting to switch: Check your environment before sending
Inconsistent naming: Use a consistent naming convention
Too many globals: Prefer environment or collection scope

Conclusion

Proper environment management transforms your API development workflow. Start with the basics—create your environments and use variables consistently—then gradually adopt advanced patterns as needed. For a deeper look at how RESTK handles environments, see the Environments documentation or explore all RESTK features.

What environment management tips do you have? Share them with us on Discord!

Related reading: