APIM Server Configuration
Environment Variables
Environment Variable |
Value(s)/Format |
Description |
|---|---|---|
APIM_SERVER_APP_ID |
alpha & ‘-’ |
the server app id |
APIM_SERVER_PORT |
number |
the port the http server is listening on |
APIM_SERVER_MONGO_CONNECTION_STRING |
mongodb connection string |
connection string for mongo. example: mongodb://{hostname}:{port}/?retryWrites=true&w=majority |
APIM_SERVER_OPENAPI_ENABLE_RESPONSE_VALIDATION |
boolean (false|true) |
whether the responses from server should be validated against it’s open api spec. switch off for production. |
APIM_SERVER_LOGGER_LOG_LEVEL |
‘fatal’, ‘error’, ‘warn’, ‘info’, ‘debug’, ‘trace’ or ‘silent’ |
the log level. use warn or info for production. |
APIM_SERVER_REQUEST_SIZE_LIMIT |
number + ‘kb’ |
the limit of the request size. example: 100kb |
APIM_SERVER_COOKIE_SECRET |
string |
the secret for signing browser cookies |
APIM_SERVER_ROOT_USER |
string in e-mail format |
the user name for the root user. example: root@apim-server.com. |
APIM_SERVER_ROOT_USER_PWD |
string |
the password for the root user. |
APIM_SERVER_DATA_PATH |
directory |
the directory for server data. see below. |
APIM_SERVER_INTERNAL_CONNECTOR_API_URL |
url |
APIM Connector API url for internal connector configuration. example:http://{hostname}:{port}/v1 |
Environment Variable |
Value(s)/Format |
Description |
|---|---|---|
APIM_SERVER_AUTH_TYPE |
internal |
denotes that the APIM Server acts as the IDP |
APIM_SERVER_AUTH_INTERNAL_JWT_SECRET |
string |
the secret for signing the JWT |
APIM_SERVER_AUTH_INTERNAL_JWT_EXPIRY_SECS |
number (JWT expiry in seconds) |
the JWT expiration in seconds. example: 15 minutes = 60 * 15 = 900 seconds. must be lower than refresh token expiry |
APIM_SERVER_AUTH_INTERNAL_REFRESH_JWT_SECRET |
string |
the secret for signing the refresh JWT |
APIM_SERVER_AUTH_INTERNAL_REFRESH_JWT_EXPIRY_SECS |
number (refresh JWT expiry in seconds) |
the refresh JWT expiration in seconds. example: 5 days = 60 * 60 * 24 * 5 = 432000 seconds. must be higher than jwt expiry |
APIM_SERVER_CONNECTOR_AUTH_ISSUER |
string |
the issuer in the generated token for the APIM Connector. Must be the same as in Connector configuration. |
APIM_SERVER_CONNECTOR_AUTH_AUDIENCE |
string |
the audience in the generated token for the APIM Connector. Must be the same as in Connector configuration. |
APIM_SERVER_CONNECTOR_AUTH_SECRET |
string |
the secret for signing the bearer token for the APIM Connector. Must be the same as in Connector configuration. |
Note
When signing into the Portal app, the server generates two tokens, the bearer token for the API requests and the refresh token. The refresh token is stored as a Cookie on the browser and is used to automatically refresh the bearer token until it is expired. The portal refreshes the bearer token for the signed in user every 5 minutes, hence, the bearer token expiry must be greater than 5 mins.
Note
The APIM Server functions as a proxy from the APIM Portal to the APIM Connector. It generates the connector api bearer token from information of the signed-in user.
Environment Variable |
Value(s)/Format |
Description |
|---|---|---|
APIM_SERVER_AUTH_TYPE |
oidc |
future support for open id connect idp configuration |
Bootstrapping Data
Boostrapping Connector Configuration
TODO, example file
See also
docker.compose.yml - docker compose in repo.