Deploy

Deploy the backend as a Go API service plus its backing infrastructure. Run database migrations before starting new API instances.

Build

Build the server binary from the backend repository:

make build

The Dockerfile builds the same main binary. If your environment cannot use the repo's base image, build with your own Go 1.26+ image and copy the binary plus policy.cedar into the runtime image.

Provision services

Required:

• Postgres for operational data.
• Hatchet or Temporal for durable workflows.

Recommended for production:

• Redis for shared cache and cluster-wide rate limiting.
• NATS for pub/sub.

Optional:

• Separate Postgres usage database via USAGE_DATABASE_URL.
• ClickHouse usage event store via USAGE_EVENT_STORE=clickhouse.

Configure

Start with .env.example from the backend repository and set production values.

Minimum:

Hatchet:

Usage and infrastructure:

Local stack

From the backend repository:

cp .env.example .env
make up
make db-migrate-all
make run

The local stack starts Postgres, Redis, NATS with JetStream, and Hatchet Lite.

Migrations

The backend uses Goose migrations:

make db-migrate-all

That applies operational, reporting, and usage-store schemas.

In production, run migrations as a separate deploy step:

1. Stop writes or run in a migration window when needed.
2. Run migrations once.
3. Start the new API version.
4. Confirm /openapi.json and a simple authenticated API request succeed.

Production checklist

• Use managed Postgres backups or tested self-hosted backups.
• Keep API_KEY_PEPPER and SECRETS_ENCRYPTION_KEY stable.
• Do not expose Redis, NATS, Hatchet, or Postgres publicly.
• Put the API behind TLS.
• Set TRUSTED_PROXIES if using a load balancer or reverse proxy.
• Use Redis when running multiple API instances.
• Use a separate usage store if usage-event volume is high.
• Configure gateway and webhook secrets before taking payments.

Self-hosting

For the full runtime shape, see Self-hosting.