BizFirst Deployment Models V2
Chapter 3 Guidelines

Before You Build

  • 1. Decide: inline or independent?

    Will the React app be served from the same origin as the API (inline), or its own domain/CDN (independent)? This single decision drives every setting below.

  • 2. Set (or deliberately leave empty) VITE_API_BASE_URL

    Inline: leave it empty. Independent: set it to the API's full absolute URL, e.g. https://api.example.com. Never set it to a bare /api — the endpoint constants already include that prefix; see Chapter 2.4.

  • 3. Set VITE_TENANT_ID

    Required — must be a positive integer. FlowStudio fails fast at startup if it's missing or invalid.

  • 4. Set VITE_BASE_URL if the app is mounted under a sub-path

    e.g. /flowstudio/ for an inline deployment reverse-proxied under that path. Defaults to /.

  • 5. Set VITE_GOOGLE_CLIENT_ID if Google Sign-In is used

    Leave empty to disable it entirely for that environment.

If Independent Deployment

  • 6. Verify CORS on the API

    Confirm the frontend's exact origin (scheme + host + port) is in the API's allowed-origins configuration. See Chapter 1.6.

If Inline Deployment

  • 6. Verify the same-origin proxy routes /api/*

    Whatever serves the public origin (reverse proxy, or the API server itself serving static files) must actually forward /api/* requests to the API. This is a server-side routing concern, separate from anything in FlowStudio's own configuration.

Build, Deploy, Verify

  • 7. Rebuild

    Run vite build --mode <environment> (or the project's build script) so the values from the correct .env.* file are baked into the new bundle. Editing a .env file never affects an already-built dist/.

  • 8. Deploy the new dist/ output

    To the reverse proxy / static host / API server's static file path, depending on the model chosen in step 1.

  • 9. Verify in the browser's Network tab

    Load the deployed app, open devtools → Network, and confirm requests go to the expected origin and path with no doubled /api/api segments and no CORS errors. Full walkthrough in Chapter 3.2.