Why API connections matter
Most modern apps rely on external services:AI & Machine Learning
Connect to services like Google AI, OpenAI, or Anthropic to add smart features—chatbots, content generation, image analysis, etc.
Payments
Integrate Stripe, PayPal, or other payment processors to accept payments in your app.
Analytics
Track user behavior and app performance with services like Mixpanel, Segment, or Google Analytics.
Communication
Send emails (SendGrid, Mailgun), SMS messages (Twilio), or push notifications (Firebase).
API keys are like passwords that let your app talk to external services securely. Bloom helps you manage them safely.
Auto-provisioned API keys
Bloom can automatically provide API keys for popular services, so you can start using them immediately without creating accounts or managing credentials yourself.How it works
- Enabled (Recommended)
- Disabled
When auto-provisioning is ON:Supported services:
Bloom provides API keys automatically for supported services
Keys are securely managed and rotated by Bloom
Usage counts against your plan’s credits
No need to create external accounts or manage credentials
Start using services immediately
- Google AI (Gemini models)
- Additional services coming soon
Auto-provisioned keys are shared across your Bloom apps but isolated per project for security.
Credit usage warning
If you see this warning:- Upgrade your plan to get more credits (recommended for continued use)
- Disable API provisioning and use your own API keys instead
- Purchase credit top-ups from your billing dashboard
View plans and pricing
Compare plans and see how credits are used
Environment Variables
Environment variables let you securely store API keys, configuration values, and other sensitive information your app needs to function.What are environment variables?
Think of environment variables as a secure storage locker for your app’s secrets:- API keys from external services
- Configuration values like feature flags or URLs
- Credentials for databases or third-party services
Environment variables are never exposed in your app’s frontend code or shared publicly. They’re only accessible from your backend functions.
Managing variables
Click 'Add Variable'
Opens a form to create a new environment variable.
2
Enter variable details
- Name: What you’ll call this variable in your code (e.g.,
STRIPE_API_KEY) - Value: The actual key or configuration value
3
Save the variable
The variable is immediately available in your Convex backend functions.
4
Use it in your code
Access the variable in your backend using
process.env.VARIABLE_NAMEVariable status indicators
Each variable shows its current status:- Provided by Bloom
- In use
- Not in use
This variable is auto-provisioned by Bloom. The API key is managed automatically and rotated for security.Example:
Google_AI when auto-provisioning is enabledNo manual configuration needed
Counts against your plan credits
Actions for variables
Edit variable
Edit variable
Click the edit icon (pencil) to change a variable’s value.Common reasons to edit:
- Rotating API keys for security
- Updating configuration values
- Fixing incorrect credentials
Delete variable
Delete variable
Click the delete icon (trash can) to remove a variable.Check logs after deleting to ensure no functions are trying to access the removed variable.
Refresh variables
Refresh variables
Click Refresh to reload the list of variables and their current status.Useful after:
- Adding variables in the Convex dashboard directly
- Making changes in another browser tab
- Troubleshooting variable visibility issues
Common use cases
Adding a custom AI API key
Adding a custom AI API key
If you want to use your own Google AI, OpenAI, or Anthropic API key:
1
Disable auto-provisioning
Toggle off “Automatically provision API keys” if it’s enabled.
2
Get your API key
- For Google AI: Google AI Studio
- For OpenAI: OpenAI Platform
- For Anthropic: Anthropic Console
3
Add as environment variable
Click “Add Variable” and enter:
- Name:
GOOGLE_AI_API_KEY(or appropriate name) - Value: Your API key from the provider
4
Update your code
Make sure your backend functions use
process.env.GOOGLE_AI_API_KEY5
Test the connection
Use your app’s AI features and check Logs for any errors
Connecting a payment processor
Connecting a payment processor
To add Stripe, PayPal, or another payment service:
1
Create an account
Sign up with your chosen payment processor (e.g., Stripe)
2
Get API credentials
Find your API keys in the service’s dashboard:
- Stripe: Dashboard → Developers → API keys
- Look for “Secret key” or “API key”
3
Add to environment variables
- Name:
STRIPE_SECRET_KEY(or provider-specific name) - Value: Your secret API key
4
Implement payment logic
Use Bloom’s agent to help generate payment processing code, or follow the provider’s documentation
Setting up analytics
Setting up analytics
To track user behavior with Mixpanel, Segment, or Google Analytics:
1
Create analytics account
Sign up with your chosen analytics platform
2
Get tracking credentials
Each platform provides:
- API key or Write key
- Project ID or tracking ID
3
Add as environment variables
Example for Mixpanel:
MIXPANEL_TOKEN: Your project tokenMIXPANEL_SECRET: Your API secret (if using server-side tracking)
4
Initialize tracking
Add tracking calls to your backend functions or frontend code as needed
Switching from Bloom-managed to custom keys
Switching from Bloom-managed to custom keys
If you started with auto-provisioned keys but want to use your own:
1
Get your own API key
Create an account with the service provider and generate an API key
2
Add the new variable
Create an environment variable with your custom key (don’t delete the Bloom one yet)
3
Update your code
Change your functions to use the new variable name
4
Test thoroughly
Verify everything works with your custom key before proceeding
5
Disable auto-provisioning
Once confirmed working, toggle off auto-provisioning to stop using Bloom credits
6
Remove old variable (optional)
Delete the Bloom-provided variable if no longer needed
Security best practices
Never commit keys to code
Always use environment variables—never hard-code API keys directly in your app’s source code.
Rotate keys regularly
Change API keys periodically for security, especially if team members leave or keys are potentially exposed.
Use separate keys per environment
If exporting code for production, use different API keys for development vs. production deployments.
Monitor usage
Check provider dashboards regularly for unexpected API usage that might indicate a security issue.
Troubleshooting
API calls failing with 'key not valid'
API calls failing with 'key not valid'
Possible causes:
- The API key is incorrect or expired
- The key doesn’t have required permissions
- Auto-provisioning is disabled but no custom key is set
- Variable name doesn’t match what your code expects
- Verify the key is correct in the provider’s dashboard
- Check the variable name matches your code exactly
- Enable auto-provisioning if you want Bloom-managed keys
- View Logs for the specific error message
Variable not showing as 'In use'
Variable not showing as 'In use'
If you added a variable but it doesn’t show the “In use” badge:
- Your code might not be calling the function that uses it yet
- The variable name in your code might not match exactly
- You might be checking
process.envincorrectly in your function
Credits depleted
Credits depleted
If auto-provisioning is disabled due to insufficient credits:Option 1: Upgrade plan
- Get more monthly credits
- Keep using Bloom-managed keys
- Simplest for ongoing projects
- Disable auto-provisioning
- Add your own API keys
- Direct billing from service providers
Can't find my variable
Can't find my variable
- Click Refresh to reload the variable list
- Check you’re in the correct app’s settings
- Verify the variable was saved (you should see a confirmation)
- Check if it was accidentally deleted