diff --git a/api/.env.example b/api/.env.example
index 8f50827..e11b26c 100644
--- a/api/.env.example
+++ b/api/.env.example
@@ -12,8 +12,10 @@ AUTH_CLIENT_ID=
 AUTH_CLIENT_SECRET=
 AUTH_REDIRECT_URI=
 AUTH_REVOCATION_URI=
+AUTH_END_SESSION_URI=
 # AUTH_MODE=mock #uncomment this to bypass authentik
 
 # SERVER SETTINGS
 SERVER_PORT=3000
-CLIENT_URL= # This is whatever URL the client web app is served on
\ No newline at end of file
+CLIENT_URL= # This is whatever URL the client web app is served on
+CLIENT_DOMAIN= #whatever.com
\ No newline at end of file
diff --git a/api/package.json b/api/package.json
index 74ed4f4..48faf33 100644
--- a/api/package.json
+++ b/api/package.json
@@ -8,7 +8,8 @@
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
-    "dev": "tsc && tsc-alias && node ./built/api/src/index.js"
+    "dev": "tsc && tsc-alias && node ./built/api/src/index.js",
+    "build" : "tsc && tsc-alias"
   },
   "dependencies": {
     "connect-sqlite3": "^0.9.16",
diff --git a/api/src/index.js b/api/src/index.js
index 756c157..1a793aa 100644
--- a/api/src/index.js
+++ b/api/src/index.js
@@ -8,8 +8,8 @@ const app = express()
 app.use(morgan('dev'))
 
 app.use(cors({
-  origin: ['https://aj17thdev.nexuszone.net', 'http://localhost:5173'], // your SPA origins
-  credentials: true,
+  origin: [process.env.CLIENT_URL], // your SPA origins
+  credentials: true
 }));
 
 app.use(express.json())
@@ -32,7 +32,7 @@ app.use(session({
   cookie: {
     httpOnly: true,
     sameSite: 'lax',
-    domain: 'nexuszone.net'
+    domain: process.env.CLIENT_DOMAIN
   }
 }));
 app.use(passport.authenticate('session'));