Skip to content

Configuration

Configuration

Cbox Billing is configured through environment variables read by config/billing.php (the single large billing config), plus the standard Laravel config files and the companion packages' configs (services.php, cbox-id-client.php, cors.php, health.php, telemetry.php).

The guiding principle is deny-by-default: unset secrets disable the feature they gate rather than opening it. No gateway secret means webhooks are refused; no CORS allow-list means no cross-origin browser access; no license key means the free tier.

In this section

Page What
Environment reference Every environment variable the app reads, grouped by concern.
Payment gateways Stripe, Mollie, and the manual signed-webhook gateway; how the bound gateway is selected.
Tax & seller entities The selling entities of record, per-entity invoice numbering, and tax registrations.
Queue, cache & session Local database drivers vs Redis/Valkey in production, and the durable billing stores.
CORS & throttling The deny-by-default CORS allow-list and the two-tier per-token rate limits.

Where each concern lives

Concern Config file Key env
Billing knobs config/billing.php CBOX_BILLING_*, CBOX_LICENSE_*, STRIPE_*
Identity (OIDC login) config/services.phpcbox_id CBOX_ID_ISSUER, CBOX_ID_CLIENT_*, CBOX_ID_REDIRECT_URI
Federated RBAC manifest config/cbox-id-client.php CBOX_ID_ISSUER, CBOX_ID_CLIENT_*
CORS config/cors.php CORS_ALLOWED_ORIGINS
Health config/health.php HEALTH_ENABLED, HEALTH_TOKEN
Telemetry config/telemetry.php TELEMETRY_ENABLED, TELEMETRY_STORE