AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Service Activation

External service activation matrix

Firebase, Cloudflare, Google Tag, metrics, OTP SMS, WhatsApp, Telegram and email activation stay env-gated, audited, dry-run by default and independent from POS/waiter/kitchen LAN authority.

Activation statusServices: 9Families: 5Steps: 4External send in QA: false
Firebase coveredtrue
Cloudflare coveredtrue
Metrics coveredtrue
Notifications coveredtrue
Email coveredtrue
External sends disabledtrue
No LAN blockingtrue
MUPZAAI read-onlytrue

Families

identityServices: 1Dry-run defaults: 1Env names: 5
dns_cdnServices: 1Dry-run defaults: 1Env names: 2
metricsServices: 3Dry-run defaults: 3Env names: 4
notificationServices: 3Dry-run defaults: 3Env names: 11
emailServices: 1Dry-run defaults: 1Env names: 5

Activation order

1. Staging health first1 services

External services should not be attached before the app is reachable and value-free health passes.

2. Identity and runtime env1 services

Owner/admin auth and backend public URL must be stable before notification webhooks.

3. Metrics with consent3 services

Public analytics IDs can be enabled only after blocked event rules and consent are reviewed.

4. Transactional notifications4 services

OTP, WhatsApp, Telegram and email need provider secrets, audit and template controls.

Services

Firebase owner/admin authoperator_required
identity

Create Firebase project, add web app config to hosting env, keep service account in secret storage.

NEXT_PUBLIC_FIREBASE_API_KEYNEXT_PUBLIC_FIREBASE_AUTH_DOMAINNEXT_PUBLIC_FIREBASE_PROJECT_IDNEXT_PUBLIC_FIREBASE_APP_IDFIREBASE_SERVICE_ACCOUNT_BASE64
Cloudflare DNS and TLSoperator_required
dns_cdn

Point staging DNS only after /api/health and route smoke pass.

CLOUDFLARE_ZONE_IDBACKEND_PUBLIC_URL
Cloudflare Web Analyticsoperator_required
metrics

Add public analytics token through hosting env after consent policy is ready.

NEXT_PUBLIC_CLOUDFLARE_ANALYTICS_TOKEN
Google Tag Manageroperator_required
metrics

Add public GTM container id only after blocked-event rules are reviewed.

NEXT_PUBLIC_GTM_ID
MUPZAOS product metricscontract_ready
metrics

Enable aggregate-only metrics after privacy and consent checks pass.

NEXT_PUBLIC_METRICS_ENABLEDNEXT_PUBLIC_METRICS_DRY_RUN
OTP SMSblocked_until_env
notification

Add provider secrets to AWS/GitHub secret store and keep OTP online-only.

OTP_PROVIDERTWILIO_ACCOUNT_SIDTWILIO_AUTH_TOKENTWILIO_VERIFY_SERVICE_SID
WhatsApp customer updatesblocked_until_env
notification

Enable approved templates only after customer opt-in and unsubscribe path are ready.

WHATSAPP_ACCESS_TOKENWHATSAPP_PHONE_NUMBER_IDWHATSAPP_VERIFY_TOKENWHATSAPP_API_VERSION
Telegram owner ops alertsblocked_until_env
notification

Set bot token and webhook secret in server env, never in source.

TELEGRAM_BOT_TOKENTELEGRAM_WEBHOOK_SECRETBACKEND_PUBLIC_URL
SMTP emailblocked_until_env
email

Configure SMTP runtime env and keep invite/reset payloads secret-free.

SMTP_HOSTSMTP_PORTSMTP_USERSMTP_PASSSMTP_FROM