Configuration Catalog¶
The new configuration model based on the toml format is introduced from API Manager 3.0.0 onwards. In older versions of the product, users had to modify different configuration files depending on the components related to the specific feature they were configuring. With this update, all configuration files have been merged to make configurations easier. Therefore, the
This document describes all the configuration parameters that are used in WSO2 API Manager.
Instructions for use¶
Select the configuration sections, parameters, and values that are required for your use and add them to the .toml file. See the example .toml file given below.
# This is an example .toml file.
[server]
pattern="value"
enable_port_forward=true
[key_mgr_node]
endpoints="value"
[gateway]
gateway_environments=["dev","test"]
[[database]]
pool_options.maxActiv=5
Super admin configurations¶
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[super_admin]
Required
This includes the configurations related to the super admin user.
username
string
admin
super admin username
password
string
admin
super admin password
create_admin_account
string
TRUE
Set this to true to create a new user with the super admin details given.
Connecting to the primary data store¶
[server]
hostname="localhost"
node_ip="127.0.0.1"
enable_mtom=false
enable_swa=false
[server]
Required
This groups the parameters that define the server node details.
hostname
string Required
"localhost"
"127.0.0.1","localhost","<any-ip-address>"
The hostname of the WSO2 API-M server instance.
node_ip
string Required
"127.0.0.1"
The IP address of the server node.
Enabling the H2 database console¶
[database_configuration]
enable_h2_console = true
[database_configuration]
Configurations required to enable browsing the H2 database from a web browser.
enable_h2_console
boolean Required
false
true, false
True when required to browser the H2 database from a browser. False when not.
Database configurations¶
[database.apim_db]
type = "h2"
url = "jdbc:h2:./repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE"
username = "wso2carbon"
password = "wso2carbon"
[database.apim_db]
Required
Database configurations related to API Manager
type
string Required
h2
mysql,h2,mssql,postgre,oracle,db2
Database vendor
hostname
string Required
You can use either hostname and port or the URL(given below). If you specify the URL the hostname and port will be overridden.
port
string Required
url
string
jdbc:h2:repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE
The connection URL is required when you use the h2 db. You have to add the URL to use the JDBC properties listed below. Otherwise it is optional.
username
string Required
wso2carbon
The username used to create a connection to the database.
password
string Required
wso2carbon
The password used to create a connection to the database.
*validationQuery
string Required
SELECT 1
The value changes according to the Database query
pool_options.maxActive
string
50
The maximum number of active connections that can be allocated from the connection pool at the same time. Change according to the preferred database.
pool_options.maxWait
string
60000
The maximum time that requests are expected to wait in the queue for a connection to be released. This property comes into effect when the maximum number of active connections allowed in the connection pool (see maxActive property) is used up.
pool_options.testOnBorrow
string
TRUE
The indication of whether connection objects will be validated before they are borrowed from the pool. If the object validation fails, the connection is dropped from the pool, and there will be an attempt to borrow another connection.
pool_options.validationInterval
string
30000
This parameter controls how frequently a given validation query is executed (time in milliseconds). That is, if a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
pool_options.defaultAutoCommit
string
TRUE
When auto committing is enabled, each SQL statement will be committed to the database as an individual transaction, as opposed to committing multiple statements as a single transaction.
Shared database configurations¶
[database.shared_db]
type = "h2"
url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
username = "wso2carbon"
password = "wso2carbon"
[database.shared_db]
Required
Configurations related to the databases shared between nodes
type
string
h2
mysql,h2,mssql,postgre,oracle,db2
Database type
url
string
jdbc:h2:repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE
connection url
username
string
wso2carbon
username
password
string
wso2carbon
password
JWT Configurations¶
[apim.jwt]
enable = true
encoding = "base64"
generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
claim_dialect = "http://wso2.org/claims"
header = "X-JWT-Assertion"
signing_algorithm = "SHA256withRSA"
enable_user_claims = true
claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever"
[apim.jwt]
Required
Enable APIM to generate a JWT within itself. JSON Web Token (JWT) is used to represent claims that are transferred between two parties such as the end-user and the backend.
enable
string Required
FALSE
true, false
Enable JWT.
encoding
string
base64
base64,base64url
Use base64 encoding for the default JWT generator. Use the url-safe JWT generator if it is base64url.
generator_impl
string
This can be defined as a custom generation implmetation. If this is defined, the "apim.jwt.encoding" will be ignored. Note that this should be the fully-qualified class name.
header
string
X-JWT-Assertion
The HTTP header name used to send the JWT generated prev.
enable_user_claims
string
FALSE
FALSE
No user store claims included in the JWT if false.
enable_user_claims
string
FALSE
TRUE
THe default user claims will be added to the JWT
claims_extractor_impl
string
You can define the custom claim retiriver implmentation by adding the following apim.jwt.enable_user_claims=true. Make sure that it is the fully-qualified class name.
claim_dialect
string
http://wso2.org/claims
A set of claims are identified as a dialect. Different dialects represent the same piece of information with different claim URIs.
signing_algorithm
string
SHA256withRSA
NONE
Specify NONE to disbale the sigining.
API-M gateway environment configurations¶
[[apim.gateway.environment]]
name = "Production and Sandbox"
type = "hybrid"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username = "admin"
password = "admin"
ws_endpoint = "ws://localhost:9099"
http_endpoint = "http://localhost:${http.nio.port}"
https_endpoint = "https://localhost:${https.nio.port}"
[apim.gateway.environment]
Required
Configuring the gateways used by API Manager.
name
string Required
Production and Sandbox
User can add preferred values as the name.
type
string Required
hybrid
production, sandbox, hybrid
display_in_api_console
string Required
TRUE
Displays the environment under 'Try it' in the API Store, in the API console.
description
string Required
This is a hybrid gateway that handles both production and sandbox token traffic.
Describe the function of the gateway here.
show_as_token_endpoint_url
string Required
TRUE
Use to construct the sample curl request in the API Store.
service_url
string Required
https://localhost:9443/services/
APIs will be published using this URL
username
string Required
$conf{super_admin.username}
Credentials used to publish APIs
password
string Required
$conf{super_admin.password}
Credentials used to publish APIs
ws_endpoint
string Required
no default value
E.g., ws://localhost:9099
https_endpoint
string Required
no default value
https://localhost:8243/
http_endpoint
string
no default value
http://localhost:8280/
Gateway token cache¶
[apim.cache.gateway_token]
enable = true
expiry_time = "900s"
[apim.cache.gateway_token]
Required
enable
string
TRUE
Enable the gateway token cache. WSO2 recommends to enable this feature by default. The token validation request checks with the cached value.
expiry_time
string
15 m
Set the cache expiry time in minutes. Recommended value is 15 minutes.
Cache resource¶
[apim.cache.resource]
enable = true
expiry_time = "900s"
[apim.cache.resource]
Required
enable
string
TRUE
Enable the gateway resource cache. Caches the API resources at the gateway. Expires in 15 minutes.
Keymanager token cache¶
[apim.cache.km_token]
enable = false
expiry_time = "15m"
[apim.cache.km_token]
Required
enable
string
FALSE
Enable the Key Manager token cache. The token validation request checks with the value cached at the Key Manager. At any given time you should only have one cache enabled, which is either the Key Manager cache or the API Gateway cache. WSO2 does not recommend using both caches at the same time.
expiry_time
string
15 m
Set the cache expiry time
Cache recent APIs¶
[apim.cache.recent_apis]
enable = false
[apim.cache.recent_apis]
Required
enable
string
FALSE
Enable cache for recently added apis in the API Store. This expires in 15 minutes by default
Cache scopes¶
[apim.cache.scopes]
enable = true
[apim.cache.scopes]
Required
enable
string
TRUE
Enable cache for scopes. This expires in 15 minutes by default.
Cache publisher roles¶
[apim.cache.publisher_roles]
enable = true
[apim.cache.publisher_roles]
Required
enable
string
TRUE
Enable cache for publisher roles. Expires in 15 minutes by default
Cache JWT claims¶
[apim.cache.jwt_claim]
enable = true
expiry_time = "15m"
[apim.cache.jwt_claim]
Required
enable
string
TRUE
Enable JWT claim cache. The user's claims used to create the JWT are cached.
expiry_time
string
Not defined
Set the cache expiry time. Would be same as the JWT expiry time.
Cache tags¶
[apim.cache.tags]
expiry_time = "2m"
[apim.cache.tags]
Required
expiry_time
string
2m
Set when the tag cache expires. This option is disabled when not defined.
API-M Analytics configurations¶
[apim.analytics]
enable = false
store_api_url = "https://localhost:7444"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
event_publisher_type = "default"
event_publisher_type = "custom"
event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
publish_response_size = true
[apim.analytics]
Required
enable
string Required
FALSE
Set TRUE to enable analytics in API Manager
store_api_url
string Required
https://localhost:7444
The Store REST API URL for Analytics. If there are mutiple analytics node, use the loadbalancing URL
username
string Required
Credentials of the super admin user.
Credentials of the super admin user, in the analytics node
password
string Required
Credentials of the super admin user.
Credentials of the super admin user, in the analytics node
receiver_username
string
Uses the "apim.analytics.username"
Change this if a specific user is required for event publishing.
receiver_password
string
Uses the "apim.analytics.password"
Change this if a specific user is required for event publishing.
store_api_username
string
Uses the "apim.analytics.username"
Change this if a specific user is required to access the Store REST API.
store_api_password
string
Uses the "apim.analytics.password"
Change this if a specific user is required to access the Store REST API.
event_publisher_impl
string
If you have defined a custom "event_publisher_type", the custom publisher needs to be defined to the following value event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
publish_response_size
string
FALSE
Set TRUE to enable and define size of the publisher response sent to Analytics. Size is set bytes.
API-M Analytics - URL group configurations¶
#LOADBALANCER CONFIGS
[[apim.analytics.url_group]]
analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"]
analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"]
type = "loadbalance"
#FAILOVER CONFIGS
[[apim.analytics.url_group]]
analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"]
analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"]
type = "failover"
[apim.analytics.url_group]
Required
string
Define each analytics node that the API Manager will connect to, as an array. If there are mutiple node, you need to define this configuration for each node.
analytics_url
string Required
tcp://localhost:7612
The list of server URLs e.g.,: analytics_url = ["tcp: //localhost:7611", "tcp://localhost:7611"]
analytics_auth_url
string Required
ssl://localhost:7712
The list of auth server URLs e.g.,: analytics_auth_url = ["ssl: //localhost:7711", "ssl://localhost:7711"]
type
string
no default value
Loadbalance or Failover
API-M Key Manager related configurations¶
[apim.key_manager]
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
pool.init_idle_capacity = 50
pool.max_idle = 100
key_validation_handler_type = "default"
key_validation_handler_type = "custom"
key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
[apim.key_manager]
Required
service_url
string Required
https://localhost:9443/services/
URL that offers services of the KM
username
string
Credentials of the super admin user
Credentials of the super admin user, in the Key Manager node.
password
string
Credentials of the super admin user
Credentials of the super admin user, in the Key Manager node.
pool.init_idle_capacity
string
50
Minimum no. of clients created, to connect to the key manager.
pool.max_idle
string
100
Maximum no. of clients created, to connect to the key manager.
key_validation_handler_type
string
default
default or custom
If custom, then provide the "key_validation_handler_impl" value
key_validation_handler_impl
string
You can provide a custom key validation handler implmentation. To do this, set the "key_validation_handler_type" to custom
API-M OAuth configurations¶
[apim.oauth_config]
enable_outbound_auth_header = false
auth_header = "Authorization"
revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
enable_token_encryption = false
enable_token_hashing = false
[apim.oauth_config]
Required
Collection of OAuth related configs
enable_outbound_auth_header
string
FALSE
If TRUE, sends Auth header to the backend as received from the client.
auth_header
string
Authorization
Any custom value
Valid authorization header for OAuth configurations.
revoke_endpoint
string
https://localhost:8243/revoke
Valid URL for revocation endpoint
Token revocation endpoint used in the API Store
enable_token_encryption
string
FALSE
If set to TRUE, the token stored in the database will be encrypted/decrypted when reading and storing. RSA/ECB/OAEPwithSHA1andMGF1PaddingIf FALSE - Setting Up OAuth Token Encryption | Extension Points for OAuth - IS Docs
enable_token_hashing
string
FALSE
Similar to prev. Get desc from IS docs
white_listed_scopes
string
["^device_.*,openid"]
List of whitelisted scopes. Take desc from Key Concepts page.
API-M Developer Portal configurations¶
[apim.devportal]
url = "https://localhost:${mgt.transport.https.port}/devportal"
enable_application_sharing = false
if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
application_sharing_type = "default" changed type, saml, default todo: check the new config for rest api
application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
display_multiple_versions = false
display_deprecated_apis = false
enable_comments = true
enable_ratings = true
enable_forum = true
[apim.devportal]
Required
Configures the API Developer Portal
url
string Required
https://localhost:9443/devportal
Public store URL
enable_application_sharing
string
FALSE
Enable application sharing according to the claims.
application_sharing_type
string
If the config is not mentioned, then undefined.default
default, saml
Use the application_sharing_impl as default implmentation. If it is saml, the group extractor extracts the claims to group the applications from the saml response.
application_sharing_impl
string
Based on the application sharing type.
Need to define if the application_sharing_type is custom. If both application_sharing_type and application_sharing_impl is defined, take value from application_sharing_impl.
login_username_case_insensitive
string
TRUE
Check with new UI
display_multiple_versions
string
FALSE
If TRUE displays all the versions of the API under the API listing (and search depending on the new UI)
display_deprecated_apis
string
FALSE
If TRUE displays all the deprecated APIs under the API listing (and search depending on the new UI)
enable_comments
string
TRUE
Can comment on the API
enable_ratings
string
TRUE
Enable rating the API with a star-based rating
enable_forum
string
TRUE
^
application_sharing_claim
string
http://wso2.org/claims/organization
The user claim used to group the applications.
API-M CORS configurations¶
[apim.cors]
allow_origins = "*"
allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"]
allow_credentials = false
[apim.cors]
Required
Configures CORS headers on the Publisher and the GW.
enable
string
TRUE
CORS configurations are enabled by default.
allow_origins
string
*
Denotes "Access-Control-Allow-Origin" response header. Specify an origin to share the response with.
allow_methods
string
GET,PUT,POST,DELETE,PATCH,OPTIONS
Configures the methods allowed by the access control.
allow_headers
string
authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
Configures the type of headers allowed by the access control.
allow_credentials
string
FALSE
Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests. It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)
API-M Throttling configurations¶
[apim.throttling]
enable_data_publishing = true
enable_policy_deploy = true
enable_blacklist_condition = true
enable_persistence = true
throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
[apim.throttling]
Required
Configures API-M traffic control.
event_type
string
Binary
Thrift
Binary - Uses the binary transport. Recommended.Thrift - Uses thrift tranport
receiver_url
string
if None of this is defined consider it as tcp://${carbon.local.ip}:${receiver.url.port}
Define traffic manager connection url inline. If none of this is defined consider it as tcp://${carbon.local.ip}:${receiver.url.port}
receiver_url
string
Define array of traffic manager connections
API-M Throttling URL group configs¶
[apim.throttling.blacklist_condition]
start_delay = "5m"
period = "1h"
[apim.throttling.jms]
start_delay = "5m"
[apim.throttling.event_sync]
hostName = "0.0.0.0"
port = 11224
[apim.throttling.event_management]
hostName = "0.0.0.0"
port = 10005
LOADBALANCE CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "loadbalance"
FAILOVER CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "failover"
[apim.throttling.url_group]
Required
username
string
super user username
Credentials of the Traffic Manager user.
password
string
super user password
Credentials of the Traffic Manager user
receiver_username
string
super user username
If the username of the receiver is different, use the username of the receiver configured on the Traffic Manager.
receiver_password
string
super user password
If the credentials of the receiver is different, use the password of the receiver configured on the Traffic Manager.
policy_deploy.username
string
super user username
If the credentials of the user is different, use the credentials of the user configured for deploying policies.
policy_deploy.password
string
super user password
If the credentials of the user is different, use the credentials of the user configured for deploying policies.
jms.username
string
super user username
If the credentials of the user is different, use the credentials of the user configured for the JMS connection.
jms.password
string
super user password
If the credentials of the user is different, use the credentials of the user configured for the JMS connection.
publisher.max_idle
string
1000
Ideal values for the maximum no. of connections to the data publisher pool.
publisher.init_idle_size
string
200
Ideal values for the minimum no. of connections to the data publisher pool.
publisher.pool_size
string
200
The size of the thread pool in the API Publisher.
publisher.max_pool_size
string
1000
The maximum size of the thread pool in the API Publisher.
publisher.keep_alive_time
string
200s
The timeframe after which the publisher thread pool is terminated.
service_url
string Required
https://localhost:${mgt.transport.https.port}${carbon.context}services/
Service URL of the Traffic Manager.
blacklist_condition.start_delay
string
not defined
Define the delay time to get the blacklist conditions from the Keymanager
jms.destination
string
throttleData
JMS topic name
jms.start_delay
string
not defined
Connection delay to read the Traffic Manager at startup.
jms.conn_jndi_name
string
TopicConnectionFactory
custom value
jms.destination_type
string
topic
decision_connection_type
string
andes
Define JMS type e.g.,: andes
jms.java_naming_factory_initial
string
Define JMS factory initials. If decision_connection_type is andes, this is "org.wso2.andes.jndi.PropertiesFileInitialContextFactory"
throttle_decision_endpoints
string Required
Define array of JMS connection as an array.
enable_unlimited_tier
string
TRUE
Enable unlimited tier
enable_header_based_throttling
string
FALSE
Enable the header condition based throttling. Advanced policies allow you to apply limits to APIs by filtering requests based on HTTP headers.
enable_jwt_claim_based_throttling
string
FALSE
Enable JWT claim based throtlling.
API-M Throttling URL group¶
[apim.throttling.blacklist_condition]
start_delay = "5m"
period = "1h"
[apim.throttling.jms]
start_delay = "5m"
[apim.throttling.event_sync]
hostName = "0.0.0.0"
port = 11224
[apim.throttling.event_management]
hostName = "0.0.0.0"
port = 10005
LOADBALANCE CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "loadbalance"
FAILOVER CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "failover"
[apim.throttling.url_group]
Required
traffic_manager_urls
string Required
TM binary server url
[[apim.throttling.url_group]]traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]type = "loadbalance"
traffic_manager_auth_urls
string Required
TM binary auth server url
type
string
failover
failover,loadbalance
API-M Workflow configurations¶
[apim.workflow]
enable = false
service_url = "https://localhost:9445/bpmn"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.15/workflows/update-workflow-status"
token_endpoint = "https://localhost:${https.nio.port}/token"
client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.15/register"
client_registration_username = "$ref{super_admin.username}"
client_registration_password = "$ref{super_admin.password}"
[apim.workflow]
Required
Configures the workflows in API Manager
enable
string
FALSE
Enable API State Change workflow.
service_url
string
https://localhost:9445/bpmn
The service URL of the workflow engine
wf_engine_user
string
super user username
Workflow username.
wf_engine_pass
string
super user password
Workflow password.
callback_endpoint
string
https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.14/workflows/update-workflow-status
Callback URL for the workflow engine
token_endpoint
string
https://localhost:${https.nio.port}/token
Token endpoint used for the workflow..
client_registration_endpoint
string
https://localhost:${mgt.transport.https.port}/client-registration/v0.15/register
DCR endpoint
client_registration_username
string
super user username
DCR username
API-M SDK configurations¶
[apim.sdk]
group_id = "org.wso2"
artifact_id = "org.wso2.client"
model_package = "org.wso2.client.model"
api_package = "org.wso2.client.api"
supported_languages = ["android", "java", "scala", "csharp", "dart", "flash", "groovy", "javascript"]
[apim.sdk]
Required
group_id
string
org.wso2
Group ID of the of the generated project.
artifact_id
string
org.wso2.client.
Artifact ID of the generated project.
model_package
string
org.wso2.client.model.
Model package of the generated project.
api_package
string
org.wso2.client.api.
API package of the generated project.
supported_languages
string
android,java,scala,csharp,dart,flash,groovy,javascript,jmeter,nodejs,perl,php,python,ruby,swift,clojure,asyncScala,csharpDotNet2
Supported programming languages.
API-M Open tracer configurations¶
[apim.open_tracer]
remote_tracer.enable = true
remote_tracer.name = "zipkin"
remote_tracer.properties.hostname = "localhost"
remote_tracer.properties.port = 9411
log_tracer.enable = true
[apim.open_tracer]
Required
remote_tracer.enable
string
FALSE
Enable tracing on APIM. Traces the execution time upto message level.
remote_tracer.name
string
zipkin
Tracer name
remote_tracer.properties.hostname
string
localhost
Hostname of the zipkin tool (tracer).
remote_tracer.properties.port
string
9411
Port allocated for the tool.
log_tracer.enable
string
FALSE
Define whether to log the tracer values.
API-M token revocation¶
[apim.token.revocation]
notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
enable_realtime_notifier = true
realtime_notifier.ttl = 5000
enable_persistent_notifier = true
persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
persistent_notifier.ttl = 5000
persistent_notifier.username = "root"
persistent_notifier.password = "root"
[apim.token.revocation]
Required
Configures the token revocation on KM
notifier_impl
string
org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl
This config is required only during a custom implementation. If a token is revoked, the notification will be sent to the JMS topic. Write a custom implementation to change this behaviour.
enable_realtime_notifier
string
TRUE
(Only applicable if the MGW is used) If FALSE, works as persistent.
enable_persistent_notifier
string
TRUE
Notifications will be persisted to etcd. At MGW server startup, the etcd will be queried by the MGW.
realtime_notifier.ttl
string
5000
persistent_notifier.hostname
string
https://localhost:2379/v2/keys/jti/
etcd hostname
persistent_notifier.ttl
string
5000
persistent_notifier.username
string
root
persistent_notifier.password
string
root
Enable Notifications¶
[apim.notification]
from_address = "[email protected]"
username = "[email protected]"
password = "xxxxxx"
hostname = "smtp.gmail.com"
port = "587"
enable_start_tls = true
enable_authentication = true
[apim.notifications]
from_address
string Required
The email address you use to send emails.
username
string Required
The email address used to authenticate the mail server. This can be the same email address as the from_address.
password
string Required
Password used to authenticate the mail server.
hostname
string
The SMTP server to connect to.
port
string
25
The SMTP server port to connect to, if the connect() method does not explicitly specify one. Defaults to 25.
enable_start_tls
string
false
If true, enables the use of the `STARTTLS` command (if supported by the before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the certificate of the server. Defaults to false.
enable_authentication
string
false
If true, it attempts to authenticate the user using the AUTH command. Defaults to false.