MelodAI Documentation

API Provider Registration & Environment Keys

How to register each platform, retrieve credentials, and map them to MelodAI .env variables and Admin settings.

Standard Setup Workflow

  1. Create provider account and complete verification/billing where required.
  2. Generate API keys, OAuth client IDs, or webhook secrets in the provider dashboard.
  3. Add values to production .env and local .env (never commit secrets).
  4. Mirror credentials in Admin → Settings when the panel supports runtime overrides (Mail, Payment, AI, YouTube).
  5. Test in sandbox/test mode, then switch to live keys.
  6. Run php artisan optimize:clear then php artisan config:cache on the server.

OpenAI

Portal: platform.openai.com/api-keys

  1. Sign up and add a payment method under Billing.
  2. Create a new secret API key (copy immediately — shown once).
  3. Optional: set organization ID if you use multiple orgs.
OPENAI_API_KEY=sk-proj-...
OPENAI_ORGANIZATION=
OPENAI_IMAGE_MODEL=gpt-image-1
OPENAI_SSL_VERIFY=true

Used for images, text, and related AI features configured in Admin → Settings → AI.

xAI (Grok)

Portal: console.x.ai

  1. Create account and open API keys section.
  2. Generate API key and copy to XAI_API_KEY.
XAI_API_KEY=xai-...
XAI_BASE_URL=https://api.x.ai/v1
XAI_IMAGE_MODEL=grok-imagine-image-quality
XAI_VIDEO_MODEL=grok-imagine-video

FAL.ai & Suno API

FAL.ai (video models: Kling, Veo, etc.)

Portal: fal.ai/dashboard/keys

FAL_KEY=...

Suno (music generation)

  1. Register at your Suno API provider (e.g. sunoapi.org) and create an API key.
  2. Generate your own webhook secret — Suno does not issue a webhook signing secret. You create a long random string and use it on both sides below.
  3. Set SUNO_WEBHOOK_SECRET in .env to that value (required in production).
  4. In the Suno provider dashboard, set the callback/webhook URL to the same secret as the token query parameter:
https://yourdomain.com/webhooks/suno?token=YOUR_SUNO_WEBHOOK_SECRET

Generate a secret locally (example):

php -r "echo bin2hex(random_bytes(32));"
SUNO_API_BASE_URL=https://api.sunoapi.org
SUNO_API_KEY=...
SUNO_WEBHOOK_SECRET=paste_the_same_random_string_here

SUNO_WEBHOOK_SECRET is required in production. MelodAI appends it to Suno callback URLs as ?token=... so only requests with your secret are accepted — this is your secret, not one from Suno.

YouTube OAuth (Publishing)

Portal: Google Cloud Console → Credentials

  1. Create a project (or select existing).
  2. Enable YouTube Data API v3.
  3. Configure OAuth consent screen (External, add test users during development).
  4. Create OAuth 2.0 Client ID → type Web application.
  5. Add authorized redirect URI exactly: https://yourdomain.com/dashboard/youtube/callback
  6. Copy Client ID and Client Secret.
YOUTUBE_CLIENT_ID=....apps.googleusercontent.com
YOUTUBE_CLIENT_SECRET=GOCSPX-...
YOUTUBE_REDIRECT_URI=https://yourdomain.com/dashboard/youtube/callback

For Expo dev against a LAN API, set YOUTUBE_REDIRECT_URI to your production HTTPS callback while the mobile app uses the server OAuth flow. Also configure in Admin → Settings → YouTube.

Cloudflare R2 Storage

Portal: Cloudflare Dashboard → R2

  1. Create an R2 bucket (e.g. melodai-storage).
  2. Create R2 API token with Object Read & Write on that bucket.
  3. Copy Access Key ID, Secret Access Key, and account endpoint URL.
  4. Optionally connect a custom domain for public CDN URL.
FILESYSTEM_DISK=cloudflare
CLOUDFLARE_R2_KEY=...
CLOUDFLARE_R2_SECRET=...
CLOUDFLARE_R2_REGION=auto
CLOUDFLARE_R2_BUCKET=melodai-storage
CLOUDFLARE_R2_ENDPOINT=https://<account-id>.r2.cloudflarestorage.com
CLOUDFLARE_R2_URL=https://cdn.yourdomain.com

Stripe (Laravel Cashier)

Portal: dashboard.stripe.com/apikeys

  1. Create Stripe account and complete business verification.
  2. Copy Publishable key and Secret key (test mode first).
  3. Developers → Webhooks → Add endpoint: https://yourdomain.com/stripe/webhook (Cashier default).
  4. Select events Cashier needs (checkout, customer subscription, invoice).
  5. Copy webhook signing secret.
STRIPE_KEY=pk_live_...
STRIPE_SECRET=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
STRIPE_CURRENCY=usd

Also enable Stripe in Admin → Settings → Payment.

Flutterwave

Portal: dashboard.flutterwave.com

  1. Complete merchant verification.
  2. Copy Public Key, Secret Key, and Encryption Key.
  3. Set webhook URL and copy webhook hash.
FLUTTERWAVE_PUBLIC_KEY=FLWPUBK-...
FLUTTERWAVE_SECRET_KEY=FLWSECK-...
FLUTTERWAVE_ENCRYPTION_KEY=...
FLUTTERWAVE_WEBHOOK_HASH=...

Enable Flutterwave in Admin → Settings → Payment.

Revolut Merchant API

Portal: Revolut Merchant API (Business account → Merchant API). MelodAI uses API version 2026-04-20 for orders, webhooks, and refunds.

  1. Create or open a Revolut Business merchant account and complete onboarding.
  2. Generate API keys (public + secret). Start with sandbox.
  3. Create a webhook endpoint on Revolut pointing to your MelodAI URL (HTTPS in production).
  4. Copy the webhook signing secret (wsk_...).
  5. Add keys to .env or Admin → Settings → Payment → Revolut (admin values override .env when saved).
  6. Turn on Enabled and save. Revolut appears at checkout only when enabled and a secret key is configured.

Webhook & return URLs

https://yourdomain.com/webhooks/revolut
https://yourdomain.com/dashboard/billing/payment/revolut/return

The return URL runs after hosted checkout. Fulfillment also runs from webhooks when the order completes.

Environment variables

REVOLUT_PUBLIC_KEY=pk_...
REVOLUT_SECRET_KEY=sk_...
REVOLUT_WEBHOOK_SIGNING_SECRET=wsk_...
REVOLUT_CURRENCY=USD
REVOLUT_ENVIRONMENT=sandbox

Set REVOLUT_ENVIRONMENT=production (or Production in admin) for live payments. Sandbox: https://sandbox-merchant.revolut.com; production: https://merchant.revolut.com.

Subscriptions and credit packs use one-shot Revolut orders, not Revolut Subscription Plans. Refunds: Admin → Billing → Invoices when the invoice allows refunds.

Cryptomus (crypto payments)

Portal: cryptomus.com → Business → Merchant → API integration.

  1. Register a Cryptomus merchant account and complete verification.
  2. Copy Merchant UUID and Payment API key.
  3. Set the payment webhook URL in Cryptomus to your MelodAI endpoint (HTTPS).
  4. Add credentials to .env or Admin → Settings → Payment → Cryptomus.
  5. Enable Enabled. Checkout shows Cryptomus when enabled and both UUID and payment key are set.

Webhook & return URLs

https://yourdomain.com/webhooks/cryptomus
https://yourdomain.com/dashboard/billing/payment/cryptomus/return

Cryptomus signs webhooks with an MD5 signature from your payment key; MelodAI verifies before fulfilling invoices or subscriptions.

Environment variables

CRYPTOMUS_MERCHANT_UUID=...
CRYPTOMUS_PAYMENT_KEY=...
CRYPTOMUS_CURRENCY=USD
CRYPTOMUS_INVOICE_LIFETIME=7200

Refunds require a destination crypto wallet address. In Admin → Billing → Invoices, enter the refund wallet when refunding Cryptomus payments.

Payment providers — activation checklist

MelodAI supports Stripe (Cashier), Flutterwave, Revolut, and Cryptomus. Configure in Admin → Settings → Payment or .env; admin-saved values override .env when present.

  1. Set APP_URL and Admin → Settings → General → Site URL to your public HTTPS domain.
  2. Register webhook URLs at each provider (see sections above).
  3. Enable each provider toggle and save required keys.
  4. Run sandbox/test checkout for subscriptions and credit packs from Dashboard → Billing.
  5. Confirm invoice creation and entitlements (credits or active subscription).
  6. For production, switch Revolut to production, Stripe to live keys, and Cryptomus/Flutterwave to live credentials.

Admin refunds

  • Stripe: payment intent refund when allowed.
  • Flutterwave: transaction refund API.
  • Revolut: order refund API.
  • Cryptomus: refund with admin-supplied wallet address; entitlements reversed on success.

Social Login (Google, GitHub, Discord)

Google

  1. Google Cloud Console → OAuth client (Web).
  2. Redirect URI: https://yourdomain.com/auth/google/callback
GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_SECRET=...
GOOGLE_REDIRECT_URI=${APP_URL}/auth/google/callback

GitHub

github.com/settings/developers → OAuth App → Authorization callback URL https://yourdomain.com/auth/github/callback

GITHUB_CLIENT_ID=...
GITHUB_CLIENT_SECRET=...

Discord

discord.com/developers/applications → OAuth2 → Redirect https://yourdomain.com/auth/discord/callback

DISCORD_CLIENT_ID=...
DISCORD_CLIENT_SECRET=...

Leave blank to hide social login buttons (FEATURE_SOCIAL_LOGIN=true still requires keys).

Cloudflare Turnstile (Captcha)

Portal: Cloudflare Dashboard → Turnstile → Add site widget for your domain.

TURNSTILE_SITE_KEY=0x4AAAA...
TURNSTILE_SECRET_KEY=0x4AAAA...

Prefer Admin → Settings → Security for runtime updates.

SMTP Email

Use your hosting mailbox or transactional provider (Brevo, Mailgun, Amazon SES).

MAIL_MAILER=smtp
MAIL_HOST=mail.yourdomain.com
MAIL_PORT=587
MAIL_USERNAME=info@yourdomain.com
MAIL_PASSWORD=...
MAIL_FROM_ADDRESS=info@yourdomain.com

Test from Admin → Settings → Mail → Send test email.

Pusher & Reverb (Real-Time)

Pusher (managed)

dashboard.pusher.com → Create app → copy app id, key, secret, cluster.

BROADCAST_CONNECTION=pusher
PUSHER_APP_ID=...
PUSHER_APP_KEY=...
PUSHER_APP_SECRET=...
PUSHER_APP_CLUSTER=mt1

Reverb (self-hosted VPS)

See VPS documentation for generating REVERB_APP_KEY and REVERB_APP_SECRET.

Full .env Reference (MelodAI)

Core application and infrastructure variables from .env.example:

Variable Purpose
APP_NAMEApplication display name
APP_ENVlocal | production
APP_DEBUGtrue locally, false in production
APP_URLPublic HTTPS base URL of Laravel app
CRON_SECRET_TOKENOptional fallback for HTTP /cron/* endpoints
DB_*MySQL connection credentials
QUEUE_CONNECTIONdatabase (default) or redis with Horizon on VPS
CACHE_STOREdatabase or redis
SANCTUM_TOKEN_EXPIRATIONMobile API token lifetime in minutes
FILESYSTEM_DISKlocal or cloudflare (R2)
FFMPEG_BINARIES / FFPROBE_BINARIESPaths to FFmpeg binaries
SUPER_ADMIN_EMAILEmail for super admin notifications
TELESCOPE_ENABLEDfalse in production

Feature flags:

Variable Purpose
FEATURE_BLOGEnable blog module
FEATURE_SOCIAL_LOGINShow OAuth login buttons when keys exist
FEATURE_TWO_FACTOREnable 2FA for users
DEFAULT_CREDITS_FREEFree credits for new users

Admin Settings Mapping

  • General: Site name, Site URL (cron base), contact emails
  • AI: OpenAI, xAI, Suno, FAL defaults
  • Mail: SMTP host, port, credentials (overrides .env at runtime)
  • Payment: Stripe, Flutterwave, Revolut, Cryptomus toggles and keys
  • YouTube: OAuth client and redirect URI
  • Security: Turnstile keys
  • Cron & Queue: HTTP cron URLs and cPanel commands