Settings
Project and account configuration. Manage API keys, timezone, email delivery, and authentication methods here.
Path: /p/:projectId/settings and account menu
Project settings
General
| Setting | Description |
|---|---|
| Project name | Display name in sidebar and URLs |
| Timezone | Bucket boundaries for all Insights queries and dashboards |
| Display preferences | Number formatting defaults |
Timezone matters: A “day” in Insights is midnight-to-midnight in project timezone. Changing timezone affects all historical charts — change it once at project setup, not mid-analysis.
API keys
Manage credentials for SDK and server integrations:
| Key type | Use in | Permissions |
|---|---|---|
| SDK API key | Browser/mobile SDK init() | Write events, identify |
| Shared API key | Server-side scripts, cron jobs | Read insights, read profiles |
To rotate a key:
- Click Create key to generate a new one.
- Update your SDK init or server environment variables.
- Deploy your application.
- Revoke the old key.
Never commit API keys to public repositories. Use environment variables:
# .env.local (Next.js)
NEXT_PUBLIC_PUG_PROJECT_ID=proj_abc123
NEXT_PUBLIC_PUG_API_KEY=pk_sdk_...
# Server only — never NEXT_PUBLIC_
PUG_SHARED_API_KEY=pk_shared_...See Authentication for header format and service access per key type.
Account settings
Accessible from the avatar menu:
| Setting | Description |
|---|---|
| Profile | Display name, avatar |
| Password | Change password (email/password accounts) |
| Sign-in methods | Link Google OAuth, manage magic link email |
Organization settings
Org admins can configure:
| Setting | Description |
|---|---|
| Org name | Display name for the organization |
| Email provider | SMTP or transactional email provider for magic links |
| Billing | Plan and usage (if applicable) |
Email provider
Pug sends email for:
- Magic link sign-in
- Member invitations
Configure a custom provider in Organization → Email provider:
Provider: SMTP / SendGrid / Postmark / …
From: noreply@yourdomain.com
Host/Port: your SMTP server
Auth: API key or username/passwordSend a test email after configuration to verify delivery. Misconfigured email providers cause silent magic link failures — always test after setup.
Managed via OrgEmailProvidersService in the API. See RPC services.
Self-hosted configuration
For self-hosted deployments, also configure backend environment variables. See Self-hosting configuration for JWT_SECRET, OAuth, and database URLs.
Point cotton-ui at your API:
VITE_API_URL=https://your-api.example.comFurther reading
- Authentication — key types and headers
- Quickstart — first API key setup
- Self-hosting — backend configuration