Environment Variables

Environments let you run the same requests against different backends without editing files. Select the active environment from the dropdown in the header — all {{VARIABLE}} references resolve against it instantly.

Setup

Create one .env file per environment:

envs/
  dev.env
  staging.env
  prod.env     ← add to .gitignore

dev.env

BASE_URL  = https://dev-api.example.com
API_TOKEN = dev_token_abc123
TIMEOUT   = 10000

prod.env

BASE_URL  = https://api.example.com
API_TOKEN = prod_token_xyz789
TIMEOUT   = 5000

Your request files stay the same:

GET {{BASE_URL}}/users
Authorization: Bearer {{API_TOKEN}}

Environment indicators

The env selector in the header shows a color indicator:

File name contains	Indicator
`dev`	Green
`staging`	Amber
`prod` / `production`	Red (guarded)

Production guard

Switching to a prod-named env triggers a confirmation banner. You must explicitly confirm before the switch completes — a safety net against accidentally running destructive requests against production.

Sensitive variables

Variables whose names contain secret, token, key, or password are masked as •••• in the env selector tooltip. In Settings → History, enable Redact sensitive headers to also mask them in the history log.

Runtime overrides — `.env.local`

Use # @persist in a .flow file to write extracted values into <env>.env.local. This lets you cache tokens between runs without manually pasting values.

### Login (writes token to dev.env.local)
POST {{BASE_URL}}/auth/login
Content-Type: application/json

{ "email": "dev@example.com", "password": "..." }

# @extract token = $.access_token
# @assert  status == 200
# @persist token

On subsequent runs — even after restarting the app — {{token}} is already set. The env selector shows a +1 local badge.

Delete the .env.local file from the file tree to reset the persisted state. SendPad auto-adds *.env.local to .gitignore.

See the .env file format reference for full syntax details.