BizFirst Deployment Models V2
Chapter 2 How It Works in BizFirst

(a) Local Development

FlowStudio's Vite dev server runs on localhost:6005; the Flow API runs on localhost:10001. Vite's dev server proxy forwards any request under /api to the API, so the browser only ever sees requests to its own origin (localhost:6005) — meaning VITE_API_BASE_URL can stay empty.

.env.localVITE_API_BASE_URL=
VITE_TENANT_ID=1
VITE_GOOGLE_CLIENT_ID=
vite.config.ts — dev server proxyserver: {
  port: 6005,
  proxy: {
    '/api': {
      target: 'https://localhost:10001',
      changeOrigin: true,
      secure: false
    }
  }
}

A relative fetch from the app (e.g. to /api/v1/project/projects/list) resolves against http://localhost:6005, and Vite's dev proxy transparently forwards it to https://localhost:10001. No CORS problem, no absolute URL needed.

(b) Inline Production

Both FlowStudio and the Flow API are served from the same public origin, https://qa.grippingly.com, with FlowStudio living under the /flowstudio/ path. VITE_API_BASE_URL is left empty so calculateApiUrl() resolves it to the page's own origin at runtime.

.env.production (inline deployment)VITE_API_BASE_URL=
VITE_TENANT_ID=1
VITE_GOOGLE_CLIENT_ID=<production-client-id>
VITE_BASE_URL=/flowstudio/
Leave it empty — don't set it to /api

Every API client endpoint constant already carries its own leading /api/v1/... segment (e.g. /api/v1/atlas/forms/list). If VITE_API_BASE_URL is explicitly set to /api, the final request becomes https://qa.grippingly.com/api/api/v1/atlas/forms/list — a 404, because the URL builder does a plain string concatenation with no de-duplication. See Chapter 2.4 for the full explanation of this exact bug.

(c) Independent Server

FlowStudio is deployed to its own host — a CDN or static file server — completely separate from the API's host. VITE_API_BASE_URL must be set explicitly to the API's full absolute URL.

.env.production (independent deployment)VITE_API_BASE_URL=https://api.some-domain.com
VITE_TENANT_ID=1
VITE_GOOGLE_CLIENT_ID=<production-client-id>

The API at https://api.some-domain.com must have CORS configured to allow the frontend's origin.

Comparison Table

Scenario Frontend origin API origin VITE_API_BASE_URL CORS needed?
(a) Local dev localhost:6005 localhost:10001 (via Vite dev proxy) empty No — proxy hides it
(b) Inline production qa.grippingly.com/flowstudio/ qa.grippingly.com empty No — same origin
(c) Independent server e.g. app.example.com api.some-domain.com https://api.some-domain.com Yes — cross origin