This document explains how the ATS (Applicant Tracking System) integration works in development mode and how to configure it properly.
The ATS integration with Ashby can be configured to work in development mode using environment variables, allowing developers to test the functionality without requiring each developer to have their own Ashby API key in the database.
ASHBY_API_KEY- The Ashby API key for development testingNEXT_PUBLIC_APP_ENV- Controls whether the app runs in development or production mode
In your .env.local file:
# Ashby Configuration
ASHBY_API_KEY=your_ashby_api_key_here
ASHBY_BASE_URL=https://api.ashbyhq.com
# App Environment (controls ATS access behavior)
NEXT_PUBLIC_APP_ENV=developmentWhen NEXT_PUBLIC_APP_ENV is set to development:
- Server-side Access Check: The
checkUserAshbyAccess()function returnstrueimmediately ifASHBY_API_KEYis present - API Key Resolution: The
getAshbyApiKey()function returns the environment variable instead of looking up the user's database record - Client-side Access: The
useAshbyAccess()hook will grant access when calling the candidates API
When NEXT_PUBLIC_APP_ENV is set to production or not set at all:
- Database Lookup: The system requires users to have a valid
ashby_api_keyin their database record - User-specific Access: Each user must have their own Ashby integration configured
- No Environment Override: The
ASHBY_API_KEYenvironment variable is ignored
export async function checkUserAshbyAccess(userId: string): Promise<boolean> {
// In development mode with ASHBY_API_KEY env var, always return true
const appEnv = process.env.NEXT_PUBLIC_APP_ENV || 'production';
if (appEnv === 'development' && process.env.ASHBY_API_KEY) {
return true;
}
// Otherwise, check user's database record
// ... database lookup logic
}
export function getAshbyApiKey(userApiKey?: string | null): string | null {
// In development mode, prioritize environment variable
const appEnv = process.env.NEXT_PUBLIC_APP_ENV || 'production';
if (appEnv === 'development' && process.env.ASHBY_API_KEY) {
return process.env.ASHBY_API_KEY;
}
// Otherwise, use user's API key from database
return userApiKey || null;
}The useAshbyAccess() hook makes an API call to /api/ashby/candidates?limit=1 to check access. The server-side middleware will handle the development mode logic.
NODE_ENVis automatically set by Next.js commands (devvsstart)NEXT_PUBLIC_APP_ENVis a custom variable that's accessible on both client and server- This gives us manual control over the development behavior regardless of how the app is started
pnpm dev- Runs development server, butNEXT_PUBLIC_APP_ENVis whatever you set in.envpnpm start- Runs production build, butNEXT_PUBLIC_APP_ENVis still whatever you set in.env
The npm command does not automatically set NEXT_PUBLIC_APP_ENV.
If NEXT_PUBLIC_APP_ENV is not set or empty, the system defaults to 'production' mode for security.
-
Add to
.env.local:ASHBY_API_KEY=your_development_api_key NEXT_PUBLIC_APP_ENV=development
-
Restart your development server:
pnpm dev
-
Access ATS pages: Navigate to
/board/ats- you should now have access without needing a database API key
- The
ASHBY_API_KEYenvironment variable is only used when explicitly in development mode - Production deployments should have
NEXT_PUBLIC_APP_ENV=productionor leave it unset - Never commit real API keys to version control - use
.env.localor secure environment variable management
If you see the access denied message:
- Check that
NEXT_PUBLIC_APP_ENV=developmentin your.env.local - Verify that
ASHBY_API_KEYis set in.env.local - Restart your development server after changing environment variables
- Check the browser's Network tab to see if the
/api/ashby/candidatescall returns 200
If you get API errors:
- Verify the
ASHBY_API_KEYis valid and has the correct permissions - Check that
ASHBY_BASE_URL=https://api.ashbyhq.comis set correctly - Look at server logs for specific Ashby API error messages