Skip to main content
This guide walks you through setting up Convex as your backend provider. For Supabase setup, see the Backend & Database guide.

Quick Start

1. Initialize Convex

From your project root:
This will:
  • Create a new Convex project (or link to existing)
  • Save CONVEX_DEPLOYMENT to .env.local
  • Save EXPO_PUBLIC_CONVEX_URL to .env.local
  • Start watching for changes
First time? You’ll be prompted to log in to Convex and create a project.

2. Set Up Authentication Keys

Convex Auth requires JWT_PRIVATE_KEY and JWKS environment variables for signing and verifying tokens. The easiest way to set them up:
This will prompt you to generate and set both JWT_PRIVATE_KEY and JWKS automatically.
If you have uncommitted changes or the CLI fails, generate keys manually:
Then set both values in Convex:
Both JWT_PRIVATE_KEY and JWKS are required. Missing either will cause sign-in to fail.

3. Set Backend Provider

Add to apps/app/.env:

4. Add Seed Data

This creates demo users, posts, and sample data for testing.

5. Run Your App


Project Structure


Environment Variables

Convex uses server-side environment variables (set in Convex Dashboard) and client-side variables (in your .env file).

Required Server-Side Variables

These must be set in the Convex Dashboard → Settings → Environment Variables: Generate and set both keys:
Or see the manual setup in Quick Start above.

OAuth Provider Variables

Set these in Convex Dashboard if using social login:

Client-Side Variables

These go in apps/app/.env:

Useful Commands


Authentication Setup

The boilerplate includes pre-configured auth providers in convex/auth.ts:

Available Providers

Configure OAuth Providers

  1. Go to Convex Dashboard
  2. Select your project → Settings → Environment Variables
  3. Add the required credentials:
Required for OAuth (all providers):
SITE_URL must be a public URL for mobile OAuth. OAuth won’t work on iOS/Android simulators if SITE_URL is set to localhost or 127.0.0.1. See Mobile OAuth Requirements for details.
Google OAuth:
Apple Sign-In:
GitHub OAuth:
Magic Link / OTP (via Resend):
Never put secrets in client code. OAuth secrets must be set in the Convex Dashboard, not in your .env file.
Check your current environment variables:

Using Auth in Your App

The useAuth() Hook

Use useAuth() for all auth operations. It’s the ONLY auth hook you need:
useAuth() works with both Supabase and Convex - all auth methods including magic link/OTP are supported on both backends.

Database Operations

Queries (Reading Data)

Mutations (Writing Data)


Security

Convex uses function-level security. Always use the security helpers in convex/lib/security.ts:

Available Helpers


Seed Data

Commands

Demo Data Included

  • 2 demo users: demo@shipnative.app, test@shipnative.app
  • 3 sample posts: Published and draft examples
  • Sample comments: With threading
  • Welcome notifications: For each user

Realtime Features

Convex queries are reactive by default. The boilerplate also includes explicit presence and broadcast functions:

Presence Tracking

Broadcast Messages


File Storage

Convex provides built-in file storage. Upload files directly to Convex and get URLs for display.

Upload Files

Get File URLs


Cron Jobs

Convex supports scheduled tasks via cron jobs defined in convex/crons.ts.

Built-in Jobs

Adding Custom Crons


Type Safety

Convex provides end-to-end type safety from your schema to your React components.

How It Works

Benefits

  • No manual type definitions - types are generated from your schema
  • Autocomplete everywhere - IDE knows all available fields
  • Catch errors early - TypeScript errors before you run the code
  • Refactoring safety - rename a field and see all usages
Run npx convex dev to regenerate types after schema changes. Types are in convex/_generated/.

Deployment

Development

Production

Environment Variables

Production secrets must be set in the Convex Dashboard:
  1. Go to dashboard.convex.dev
  2. Select your project
  3. Settings → Environment Variables
  4. Add all OAuth credentials and API keys

Troubleshooting

”Missing environment variable JWT_PRIVATE_KEY”, “JWKS”, or “pkcs8 format” error

This means the auth keys are missing or incorrectly formatted. Run the Convex Auth setup:
If you have uncommitted changes, see the manual setup instructions.
  • JWT_PRIVATE_KEY must be in PKCS#8 PEM format (starts with -----BEGIN PRIVATE KEY-----)
  • JWKS must be valid JSON with a keys array containing the matching public key
  • Both must be generated together from the same key pair

”Convex URL not configured” in app

Ensure .env.local has EXPO_PUBLIC_CONVEX_URL set, then restart Metro:

Auth not persisting

  • Check SecureStore permissions (iOS/Android)
  • Verify ConvexProvider wraps your app
  • Check console for errors

Types not updating

Regenerate types:

Local backend not running

OAuth not working on mobile

OAuth requires a publicly accessible SITE_URL. If you’re using local Convex (127.0.0.1), OAuth will show “Convex Auth is running” instead of redirecting to the OAuth provider.
See Social Login - Mobile OAuth Requirements for full details.

Next Steps

Authentication

Deep dive into auth flows

Realtime

Live updates and presence

Backend & Database

Schema and security patterns

Deploy

Ship to production