Skip to main content

Don’t hardcode URLs

In the previous lesson, the frontend had http://localhost:8000 hardcoded. This breaks the moment you deploy — your production API isn’t at localhost. Environment variables let you configure these values per environment.

.env files

An .env file stores key-value pairs that your application reads at startup:
Each line is KEY=VALUE. No spaces around the =. No quotes needed (unless the value contains spaces).
Never commit .env files to Git. They contain secrets like database passwords and API keys. Add .env to your .gitignore file. Always.

Vite environment variables (frontend)

Vite has one important rule: frontend environment variables must start with VITE_.
Access them in your React code with import.meta.env:
The VITE_ prefix is a security feature. Your React code gets bundled and sent to the user’s browser — anyone can read it. The prefix prevents you from accidentally exposing secrets like DATABASE_URL or SECRET_KEY in your frontend bundle. Only variables you explicitly mark with VITE_ are included.

Using environment variables in React

Define the URL once, use it everywhere. When you deploy, just change the environment variable — no code changes needed.

Python environment variables (backend)

In Python, you already know this pattern. Use python-dotenv or Pydantic’s BaseSettings:

.env.example — document what’s needed

Create a .env.example file that shows what variables are required, without the actual values:
Commit .env.example to Git. When a new developer clones the project, they copy it to .env and fill in their values:
This is a universal pattern across all frameworks and languages. Every professional project has .env.example committed and .env in .gitignore. It documents what configuration a project needs without exposing secrets.

Multiple environments

You can have different .env files for different situations:
Vite automatically loads the right file:
  • npm run dev → reads .env
  • npm run build → reads .env.production (if it exists)
The companion repo uses VITE_API_BASE_URL (same concept, more explicit name). Its mobile app uses Expo’s equivalent prefix: EXPO_PUBLIC_API_BASE_URL.

What’s next?

Your URLs are configurable. But when your React frontend at localhost:5173 tries to call your FastAPI backend at localhost:8000, the browser blocks the request. This is CORS — and it’s the most common error when connecting frontend to backend.

Understanding CORS

Fix cross-origin errors when your React frontend talks to your FastAPI backend