API Manager Configuration Catalog

The new configuration model based on the toml format is introduced from API Manager 3.0.0 onwards. In older versions of the product, users had to modify different configuration files depending on the components related to the specific feature they were configuring. With this update, all configuration files have been merged to make configurations easier. Therefore, the <API-M_HOME>/repository/conf/deployment.toml file is the single source used to configure and tune the various features in API Manager.

This document describes all the configuration parameters that are used in WSO2 API Manager.

Instructions for use

Select the configuration sections, parameters, and values that are required for your use and add them to the .toml file. See the example .toml file given below.

# This is an example .toml file.

[server]
pattern="value"                         
enable_port_forward=true

[key_mgr_node]
endpoints="value"

[gateway]
gateway_environments=["dev","test"]

[[database]]
pool_options.maxActiv=5

Server

[server]
hostname = "localhost"
node_ip = "127.0.0.1"
#offset=0
mode = "single" #single or ha
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"
disable_shutdown_from_ui = false
disable_restart_from_ui = false
[server] Required

This includes configurations required for configuring the deployment parameters that are used for identifying an API Manager server node.

hostname

string Required

Default: localhost
Possible Values: localhost,127.0.0.1,<any-ip-address>,<any-hostname>

The hostname or IP address of the machine hosting the API Manager instance.

offset

integer

Default: 0

Port offset allows you to run multiple WSO2 products, multiple instances of a WSO2 product, or multiple WSO2 product clusters on the same server or virtual machine (VM). Port offset defines the number by which all ports defined in the runtime such as the HTTP/S ports will be offset. For example, if the default HTTP port is 9443 and the port offset is 1, the effective HTTP port will be 9444. Therefore, for each additional WSO2 product instance, set the port offset to a unique value so that they can all run on the same server without any port conflicts.

server_role

string Required

Default: default
Possible Values: default,api-devportal,api-key-manager,api-publisher,gateway-worker,traffic-manager

The profile name of the API Manager instance.

enableMTOM

boolean

Default: false
Possible Values: true,false

Use this paramater to enable MTOM (Message Transmission Optimization Mechanism) for the product server.

enableSwA

boolean

Default: false
Possible Values: true,false

Use this paramater to enable SwA (SOAP with Attachments) for the product server. When SwA is enabled, the API Manager will process the files attached to SOAP messages.

disable_shutdown_from_ui

boolean

Default: false
Possible Values: true,false

Use this parameter to disable the shutdown server option from carbon management console UI.

disable_restart_from_ui

boolean

Default: false
Possible Values: true,false

Use this parameter to disable the restart server option from carbon management console UI.

Super admin configurations

[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[super_admin] Required

This includes the configurations related to the super admin user.

username

string

Default: admin

super admin username

password

string

Default: admin

super admin password

create_admin_account

string

Default: TRUE

Set this to true to create a new user with the super admin details given.

Enabling the H2 database console

[database_configuration]
enable_h2_console = true
[database_configuration]

Configurations required to enable browsing the H2 database from a web browser.

enable_h2_console

boolean Required

Default: false
Possible Values: true, false

True when required to browser the H2 database from a browser. False when not.

Database configurations

[database.apim_db]
type = "h2"
url = "jdbc:h2:./repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE"
username = "wso2carbon"
password = "wso2carbon"
[database.apim_db] Required

Database configurations related to API Manager

type

string Required

Default: h2
Possible Values: mysql,h2,mssql,postgre,oracle,db2

Database vendor

hostname

string Required

Default:

You can use either hostname and port or the URL(given below). If you specify the URL the hostname and port will be overridden.

port

string Required

Default:

url

string

Default: jdbc:h2:repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE

The connection URL is required when you use the h2 db. You have to add the URL to use the JDBC properties listed below. Otherwise it is optional.

username

string Required

Default: wso2carbon

The username used to create a connection to the database.

password

string Required

Default: wso2carbon

The password used to create a connection to the database.

validationQuery

string Required

Default: SELECT 1

The value changes according to the Database query

pool_options.maxActive

string

Default: 50

The maximum number of active connections that can be allocated from the connection pool at the same time. Change according to the preferred database.

pool_options.maxWait

string

Default: 60000

The maximum time that requests are expected to wait in the queue for a connection to be released. This property comes into effect when the maximum number of active connections allowed in the connection pool (see maxActive property) is used up.

pool_options.testOnBorrow

string

Default: TRUE

The indication of whether connection objects will be validated before they are borrowed from the pool. If the object validation fails, the connection is dropped from the pool, and there will be an attempt to borrow another connection.

pool_options.validationInterval

string

Default: 30000

This parameter controls how frequently a given validation query is executed (time in milliseconds). That is, if a connection is due for validation, but has been validated previously within this interval, it will not be validated again.

pool_options.defaultAutoCommit

string

Default: TRUE

When auto committing is enabled, each SQL statement will be committed to the database as an individual transaction, as opposed to committing multiple statements as a single transaction.

Shared database configurations

[database.shared_db]
type = "h2"
url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
username = "wso2carbon"
password = "wso2carbon"
[database.shared_db] Required

Configurations related to the databases shared between nodes

type

string

Default: h2
Possible Values: mysql,h2,mssql,postgre,oracle,db2

Database type

url

string

Default: jdbc:h2:repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE

connection url

username

string

Default: wso2carbon

username

password

string

Default: wso2carbon

password

JWT Configurations

[apim.jwt]
enable = true
encoding = "base64"
generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
claim_dialect = "http://wso2.org/claims"
header = "X-JWT-Assertion"
signing_algorithm = "SHA256withRSA"
enable_user_claims = true
claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever"
[apim.jwt] Required

Enable APIM to generate a JWT within itself. JSON Web Token (JWT) is used to represent claims that are transferred between two parties such as the end-user and the backend.

enable

string Required

Default: FALSE
Possible Values: true, false

Enable JWT.

encoding

string

Default: base64
Possible Values: base64,base64url

Use base64 encoding for the default JWT generator. Use the url-safe JWT generator if it is base64url.

generator_impl

string

Default:

This can be defined as a custom generation implmetation. If this is defined, the "apim.jwt.encoding" will be ignored. Note that this should be the fully-qualified class name.

header

string

Default: X-JWT-Assertion

The HTTP header name used to send the JWT generated prev.

enable_user_claims

string

Default: FALSE
Possible Values: false true

No user store claims included in the JWT if false.

claims_extractor_impl

string

Default:

You can define the custom claim retiriver implmentation by adding the following apim.jwt.enable_user_claims=true. Make sure that it is the fully-qualified class name.

claim_dialect

string

Default: http://wso2.org/claims

A set of claims are identified as a dialect. Different dialects represent the same piece of information with different claim URIs.

signing_algorithm

string

Default: SHA256withRSA
Possible Values: NONE

Specify NONE to disbale the sigining.

[[apim.jwt.issuer]]
name = "https://test.apim.integration"
[apim.jwt.issuer]

To specify the issuers of the JWT tokens if third-party Key Managers are used.

name

string

Default:

The issuer name of the JWT.

[apim.jwt.issuer.jwks]
url = "https://localhost:8743/jwks/1.0"
[apim.jwt.issuer.jwks]

To specify the JSON Web Key Set (JWKS) endpoint of the issuer.

url

string

Default:

The JWKS endpoint URL of the issuer.

[[apim.jwt.issuer.claim_mapping]]
remote_claim = "http://idp1.org/claims/givenname"
local_claim = "http://wso2.org/claims/givenname"
[apim.jwt.issuer.claim_mapping]

remote_claim

string

Default:

The name of the remote claim.

local_claim

string

Default:

The local claim name that the remote claim needs to be mapped to.

API-M gateway environment configurations

[[apim.gateway.environment]]
name = "Default"
type = "hybrid"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username = "admin"
password = "admin"
ws_endpoint = "ws://localhost:9099"
http_endpoint = "http://localhost:${http.nio.port}"
https_endpoint = "https://localhost:${https.nio.port}"
[apim.gateway.environment] Required

Configuring the gateways used by API Manager.

name

string Required

Default: Production and Sandbox

User can add preferred values and should not be changed once configured.

display_name

string

Default: <name> of the environment

User can add preferred set a name to display

type

string Required

Default: hybrid
Possible Values: production, sandbox, hybrid

display_in_api_console

string Required

Default: TRUE

Displays the environment under 'Try it' in the API Developer Portal, in the API console.

description

string Required

Default: This is a hybrid gateway that handles both production and sandbox token traffic.

Describe the function of the gateway here.

show_as_token_endpoint_url

string Required

Default: TRUE

Use to construct the sample curl request in the API Developer Portal.

service_url

string Required

Default: https://localhost:9443/services/

APIs will be published using this URL

username

string Required

Default: $conf{super_admin.username}

Credentials used to publish APIs

password

string Required

Default: $conf{super_admin.password}

Credentials used to publish APIs

ws_endpoint

string Required

Default: no default value

E.g., ws://localhost:9099

https_endpoint

string Required

Default: no default value

https://localhost:8243/

http_endpoint

string

Default: no default value

http://localhost:8280/

Virtual host of API-M gateway environment configurations

[[apim.gateway.environment]]
name = "Default"
type = "hybrid"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username = "admin"
password = "admin"
ws_endpoint = "ws://localhost:9099"
http_endpoint = "http://localhost:${http.nio.port}"
https_endpoint = "https://localhost:${https.nio.port}"
[apim.gateway.environment.virtual_host]

Configuring virtual host for the gateways environment.

http_endpoint

string

Default: http://<host of https endpoint>:80
Possible Values: http://<host>:<por>/<optional context>

HTTP endpoint e.g. http://dev.wso2.com:8280

https_endpoint

string Required

Default:
Possible Values: https://<host>:<por>/<optional context>

HTTPS endpoint e.g. https://dev.wso2.com:8243

ws_endpoint

string

Default: ws://<host of https endpoint>:9099
Possible Values: ws://<host>:<por>

WS endpoint e.g. ws://dev.wso2.com:9099

wss_endpoint

string

Default: wss://<host of https endpoint>:8099
Possible Values: wss://<host>:<por>

WSS endpoint e.g. wss://dev.wso2.com:8099

Gateway token cache

[apim.cache.gateway_token]
enable = true
expiry_time = "900s"
[apim.cache.gateway_token] Required

enable

string

Default: TRUE

Enable the gateway token cache. WSO2 recommends to enable this feature by default. The token validation request checks with the cached value.

expiry_time

string

Default: 15 m

Set the cache expiry time in minutes. Recommended value is 15 minutes.

Cache resource

[apim.cache.resource]
enable = true
expiry_time = "900s"
[apim.cache.resource] Required

enable

string

Default: TRUE

Enable the gateway resource cache. Caches the API resources at the gateway. Expires in 15 minutes.

Keymanager token cache

[apim.cache.km_token]
enable = false
expiry_time = "15m"
[apim.cache.km_token] Required

enable

string

Default: FALSE

Enable the Key Manager token cache. The token validation request checks with the value cached at the Key Manager. At any given time you should only have one cache enabled, which is either the Key Manager cache or the API Gateway cache. WSO2 does not recommend using both caches at the same time.

expiry_time

string

Default: 15 m

Set the cache expiry time.

Cache recent APIs

[apim.cache.recent_apis]
enable = false
[apim.cache.recent_apis] Required

enable

string

Default: FALSE

Enable cache for recently added apis in the API Developer Portal. This expires in 15 minutes by default.

Cache scopes

[apim.cache.scopes]
enable = true
[apim.cache.scopes] Required

enable

string

Default: TRUE

Enabel cache for scopes. This expires in 15 minutes by default.

Cache publisher roles

[apim.cache.publisher_roles]
enable = true
[apim.cache.publisher_roles] Required

enable

string

Default: TRUE

Enable cache for publisher roles. Expires in 15 minutes by default

Cache JWT claims

[apim.cache.jwt_claim]
enable = true
expiry_time = "15m"
[apim.cache.jwt_claim] Required

enable

string

Default: TRUE

Enable JWT claim cache. The user's claims used to create the JWT are cached.

expiry_time

string

Default: Not defined

Set the cache expiry time. Would be same as the JWT expiry time.

Cache tags

[apim.cache.tags]
expiry_time = "2m"
[apim.cache.tags] Required

expiry_time

string

Default: 2m

Set when the tag cache expires. This option is disabled when not defined.

API-M Analytics configurations

[apim.analytics]
enable = false
store_api_url = "https://localhost:7444"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
event_publisher_type = "default"
event_publisher_type = "custom"
event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
publish_response_size = true
[apim.analytics] Required

enable

string Required

Default: FALSE

Set TRUE to enable analytics in API Manager

store_api_url

string Required

Default: https://localhost:7444

The Store REST API URL for Analytics. If there are mutiple analytics node, use the loadbalancing URL

username

string Required

Default: Credentials of the super admin user.

Credentials of the super admin user, in the analytics node

password

string Required

Default: Credentials of the super admin user.

Credentials of the super admin user, in the analytics node

receiver_username

string

Default: Uses the "apim.analytics.username"

Change this if a specific user is required for event publishing.

receiver_password

string

Default: Uses the "apim.analytics.password"

Change this if a specific user is required for event publishing.

store_api_username

string

Default: use apim.analytics.username

Change this if a specific user is required to access the Store REST API.

store_api_password

string

Default: use apim.analytics.password

Change this if a specific user is required to access the Store REST API.

event_publisher_impl

string

Default:

If you have defined a custom "event_publisher_type", the custom publisher needs to be defined to the following value 'event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"

publish_response_size

string

Default: FALSE

Set TRUE to enable and define size of the publisher response sent to Analytics. Size is set bytes.

API-M Analytics - URL group configurations

#LOADBALANCER CONFIGS
[[apim.analytics.url_group]]
analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"]
analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"]
type = "loadbalance"

#FAILOVER CONFIGS
[[apim.analytics.url_group]]
analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"]
analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"]
type = "failover"
[apim.analytics.url_group] Required

string

Default:

Define each analytics node that the API Manager will connect to, as an array. If there are mutiple node, you need to define this configuration for each node.

analytics_url

string Required

Default: tcp://localhost:7612

The list of server URLs e.g.,: analytics_url = ["tcp: //localhost:7611, tcp://localhost:7611"]"

analytics_auth_url

string Required

Default: ssl://localhost:7712

The list of auth server URLs e.g.,: analytics_auth_url = ["ssl: //localhost:7711,ssl://localhost:7711"]

type

string

Default: no default value
Possible Values: loadbalance failover

Loadbalance or Failover

[apim.key_manager]
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
pool.init_idle_capacity = 50
pool.max_idle = 100
key_validation_handler_type = "default"
key_validation_handler_type = "custom"
key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
[apim.key_manager] Required

service_url

string Required

Default: https://localhost:9443/services/

URL that offers services of the KM

username

string

Default: Credentials of the super admin user.

Credentials of the super admin user, in the Key Manager node.

password

string

Default: Credentials of the super admin user.

Credentials of the super admin user, in the Key Manager node.

pool.init_idle_capacity

string

Default: 50

Minimum no. of clients created, to connect to the key manager.

pool.max_idle

string

Default: 100

Maximum no. of clients created, to connect to the key manager.

key_validation_handler_type

string

Default: default
Possible Values: default or custom

If custom, then provide the "key_validation_handler_impl" value

key_validation_handler_impl

string

Default:

You can provide a custom key validation handler implmentation. To do this, set the "key_validation_handler_type" to custom

API-M OAuth configurations

[apim.oauth_config]
enable_outbound_auth_header = false
auth_header = "Authorization"
revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
enable_token_encryption = false
enable_token_hashing = false
[apim.oauth_config] Required

Collection of OAuth related configs

enable_outbound_auth_header

string

Default: FALSE

If TRUE, sends Auth header to the backend as received from the client.

auth_header

string

Default: Authorization
Possible Values: Any custom value

Valid authorization header for OAuth configurations.

revoke_endpoint

string

Default: https://localhost:8243/revoke
Possible Values: Valid URL for revocation endpoint.

Token revocation endpoint used in the API Developer Portal

enable_token_encryption

string

Default: FALSE

If set to TRUE, the token stored in the database will be encrypted/decrypted when reading and storing. RSA/ECB/OAEPwithSHA1andMGF1PaddingIf FALSE - Setting Up OAuth Token Encryption | Extension Points for OAuth - IS Docs

enable_token_hashing

string

Default: FALSE

Similar to prev. Get desc from IS docs

allowed_scopes

string

Default: ["^device_.*,openid"]

List of allowlisted scopes. Take desc from Key Concepts page.

API-M Developer Portal configurations

[apim.devportal]
url = "https://localhost:${mgt.transport.https.port}/devportal"
enable_application_sharing = false
if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
application_sharing_type = "default" changed type, saml, default todo: check the new config for rest api
application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
display_multiple_versions = false
display_deprecated_apis = false
enable_comments = true
enable_ratings = true
enable_forum = true
[apim.devportal] Required

Configures the API Developer Portal

url

string Required

Default: https://localhost:9443/devportal

Public API Developer Portal URL

enable_application_sharing

string

Default: FALSE

Enable application sharing according to the claims.

application_sharing_type

string

Default: If the config is not mentioned, then undefined.default
Possible Values: default, saml

Use the application_sharing_impl as default implmentationIf it is saml, the group extractor extracts the claims to group the applications from the saml response.

application_sharing_impl

string

Default: Based on the application sharing type.

Need to define if the application_sharing_type is custom. If both application_sharing_type and application_sharing_impl is defined, take value from application_sharing_impl.

login_username_case_insensitive

string

Default: TRUE

Check with new UI

display_multiple_versions

string

Default: FALSE

If TRUE displays all the versions of the API under the API listing (and search depending on the new UI)

display_deprecated_apis

string

Default: FALSE

If TRUE displays all the deprecated APIs under the API listing (and search depending on the new UI)

enable_comments

string

Default: TRUE

Can comment on the API

enable_ratings

string

Default: TRUE

Enable rating the API with a star-based rating

enable_forum

string

Default: TRUE

^

application_sharing_claim

string

Default: http://wso2.org/claims/organization

The user claim used to group the applications.

API-M CORS configurations

[apim.cors]
allow_origins = "*"
allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"]
allow_credentials = false
[apim.cors] Required

Configures CORS headers on the Publisher and the Gateway.

enable

string

Default: TRUE

CORS configurations are enabled by default.

allow_origins

string

Default: *

Denotes "Access-Control-Allow-Origin" response header. Specify an origin to share the response with.

allow_methods

string

Default: GET,PUT,POST,DELETE,PATCH,OPTIONS

Configures the methods allowed by the access control.

allow_headers

string

Default: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction

Configures the type of headers allowed by the access control.

allow_credentials

string

Default: FALSE

Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests. It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)

API-M Throttling configurations

[apim.throttling]
enable_data_publishing = true
enable_policy_deploy = true
enable_blacklist_condition = true
enable_persistence = true
enable_header_based_throttling = true
enable_jwt_claim_based_throttling = true
enable_query_param_based_throttling = true
enable_unlimited_tier = true
throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
skip_redeploying_policies = ["carbon.super_app_unitApp","carbon.super_app_20PerMin"]
[apim.throttling] Required

Configures API-M traffic control.

event_type

string

Default: Binary
Possible Values: Thrift

Binary - Uses the binary transport. Recommended.Thrift - Uses thrift tranport

receiver_url

string

Default: tcp://${carbon.local.ip}:${receiver.url.port}

Define traffic manager connection url inline. If none of this is defined consider it as "tcp://${carbon.local.ip}:${receiver.url.port}".

enable_header_based_throttling

string

Default: false

Specifying this header to true will enable a user to define header condition throttling policies in the Admin Portal.

enable_unlimited_tier

string

Default: true

Specifying this config to false will disable the unlimited throttling tier of basic throttling configurations.

enable_jwt_claim_based_throttling

string

Default: false

Specifying this config to true will enable a user to define JWT claim based throttling policies in the Admin Portal.

enable_query_param_based_throttling

string

Default: false

Specifying this config to true will enable a user to define Query parameter condition throttling policies in the Admin Portal.

skip_redeploying_policies

string

Default:

Define an array of throttle policies which don't need to redeploy on startup

enable_decision_connection

boolean

Default: true
Possible Values: true, false

This will enable/disable the JMS Message retrieval connection based on the provided value(true/false).

enable_data_publishing

boolean

Default: true
Possible Values: true, false

Enable publishing of request and throttling data.

enable_policy_deploy

boolean

Default: true
Possible Values: true, false

Enable deploying of throttling policies.

enable_blacklist_condition

boolean

Default: true
Possible Values: true, false

Enable blocking conditions from the admin portal.

enable_persistence

boolean

Default: false
Possible Values: true, false

Enable persisting current counter state of the TM.

API-M Throttling URL group configs

[apim.throttling.blacklist_condition]
start_delay = "5m"
period = "1h"

[apim.throttling.jms]
start_delay = "5m"

[apim.throttling.event_sync]
hostName = "0.0.0.0"
port = 11224

[apim.throttling.event_management]
hostName = "0.0.0.0"
port = 10005

LOADBALANCE CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "loadbalance"

FAILOVER CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "failover"
[apim.throttling.url_group] Required

username

string

Default: super username

Credentials of the Traffic Manager user.

password

string

Default: super user password

Credentials of the Traffic Manager user.

receiver_username

string

Default: super username

If the username of the receiver is different, use the username of the receiver configured on the Traffic Manager.

receiver_password

string

Default: super user password

If the credentials of the receiver is different, use the password of the receiver configured on the Traffic Manager.

policy_deploy.username

string

Default: super username

If the credentials of the user is different, use the credentials of the user configured for deploying policies.

policy_deploy.password

string

Default: super user password

If the credentials of the user is different, use the credentials of the user configured for deploying policies.

jms.username

string

Default: super username

If the credentials of the user is different, use the credentials of the user configured for the JMS connection.

jms.password

string

Default: super user password

If the credentials of the user is different, use the credentials of the user configured for the JMS connection.

publisher.max_idle

string

Default: 1000

Ideal values for the maximum no. of connections to the data publisher pool.

publisher.init_idle_size

string

Default: 200

Ideal values for the minimum no. of connections to the data publisher pool.

publisher.pool_size

string

Default: 200

The size of the thread pool in the API Publisher.

publisher.max_pool_size

string

Default: 1000

The maximum size of the thread pool in the API Publisher.

publisher.keep_alive_time

string

Default: 200s

The timeframe after which the publisher thread pool is terminated.

service_url

string Required

Default: https://localhost:${mgt.transport.https.port}${carbon.context}services/

Service URL of the Traffic Manager.

blacklist_condition.start_delay

string

Default: not defined

Define the delay time to get the blacklist conditions from the Keymanager.

jms.destination

string

Default: throttleData

JMS topic name

jms.start_delay

string

Default: not define

Connection delay to read the Traffic Manager at startup.

jms.conn_jndi_name

string

Default: TopicConnectionFactory
Possible Values: custom value

jms.destination_type

string

Default: topic

decision_connection_type

string

Default: andes

Define the JMS type e.g.,: andes

jms.java_naming_factory_initial

string

Default:

Define JMS factory initials. If decision_connection_type is andes, this is "org.wso2.andes.jndi.PropertiesFileInitialContextFactory"

throttle_decision_endpoints

string Required

Default:

Define array of JMS connection as an array.

API-M Throttling URL group

[apim.throttling.blacklist_condition]
start_delay = "5m"
period = "1h"

[apim.throttling.jms]
start_delay = "5m"

[apim.throttling.event_sync]
hostName = "0.0.0.0"
port = 11224

[apim.throttling.event_management]
hostName = "0.0.0.0"
port = 10005

LOADBALANCE CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "loadbalance"

FAILOVER CONFIGS
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
type = "failover"
[apim.throttling.url_group] Required

traffic_manager_urls

string Required

Default:
Possible Values: TM binary server url

[[apim.throttling.url_group]]traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]type = "loadbalance"

traffic_manager_auth_urls

string Required

Default:
Possible Values: TM binary auth server url

type

string

Default: failover
Possible Values: failover,loadbalance

API-M Workflow configurations

[apim.workflow]
enable = false
service_url = "https://localhost:9445/bpmn"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.15/workflows/update-workflow-status"
token_endpoint = "https://localhost:${https.nio.port}/token"
client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.15/register"
client_registration_username = "$ref{super_admin.username}"
client_registration_password = "$ref{super_admin.password}"
[apim.workflow] Required

Configures the workflows in API Manager

enable

string

Default: FALSE

Enable API State Change workflow.

service_url

string

Default: https://localhost:9445/bpmn

The service URL of the workflow engine.

wf_engine_user

string

Default: super username

Workflow username.

wf_engine_pass

string

Default: super user password

Workflow password.

callback_endpoint

string

Default: https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.14/workflows/update-workflow-status

Callback URL for the workflow engine.

token_endpoint

string

Default: https://localhost:${https.nio.port}/token

Token endpoint used for the workflow.

client_registration_endpoint

string

Default: https://localhost:${mgt.transport.https.port}/client-registration/v0.14/register

DCR endpoint

client_registration_username

string

Default: super username

DCR username

API-M SDK configurations

[apim.sdk]
group_id = "org.wso2"
artifact_id = "org.wso2.client"
model_package = "org.wso2.client.model"
api_package = "org.wso2.client.api"
supported_languages = ["android", "java", "scala", "csharp", "dart", "flash", "groovy", "javascript"]
                    
[apim.sdk] Required

group_id

string

Default: org.wso2

Group ID of the of the generated project.

artifact_id

string

Default: org.wso2.client.

Artifact ID of the generated project.

model_package

string

Default: org.wso2.client.model.

Model package of the generated project.

api_package

string

Default: org.wso2.client.api.

API package of the generated project.

supported_languages

string

Default: android,java,scala,csharp,dart,flash,groovy,javascript,jmeter,nodejs,perl,php,python,ruby,swift,clojure,asyncScala,csharpDotNet2

Supported programming languages.

API-M Open tracer configurations

[apim.open_tracer]
remote_tracer.enable = true
remote_tracer.name = "zipkin"
remote_tracer.properties.hostname = "localhost"
remote_tracer.properties.port = 9411
log_tracer.enable = true
                    
[apim.open_tracer] Required

Configurations related to tracing.

remote_tracer.enable

string

Default: FALSE

Enable tracing in API Manager. Traces the execution time upto message level.

remote_tracer.name

string

Default: zipkin

Tracer name.

remote_tracer.properties.hostname

string

Default: localhost

Hostname of the zipkin tool (tracer)

remote_tracer.properties.port

string

Default: 9411

Port allocated for the tool.

log_tracer.enable

string

Default: FALSE

Define whether to log the tracer values.

API-M token revocation

[apim.token.revocation]
notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
enable_realtime_notifier = true
realtime_notifier.ttl = 5000
enable_persistent_notifier = true
persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
persistent_notifier.ttl = 5000
persistent_notifier.username = "root"
persistent_notifier.password = "root"
[apim.token.revocation] Required

Configures the token revocation on KM

notifier_impl

string

Default: org.wso2.carbon.apimgt.notification.TokenRevocationNotifier

This config is required only during a custom implementation. If a token is revoked, the notification will be sent to the JMS topic. Write a custom implementation to change this behaviour.

enable_realtime_notifier

string

Default: TRUE

(Only applicable if Choreo Connect is used). If set to FALSE, works as persistent.

enable_persistent_notifier

string

Default: TRUE

Notifications will be persisted to etcd. At the Choreo Connect startup, the etcd will be queried by Choreo Connect.

realtime_notifier.ttl

string

Default: 5000

persistent_notifier.hostname

string

Default: https://localhost:2379/v2/keys/jti/

etcd hostname

persistent_notifier.ttl

string

Default: 5000

persistent_notifier.username

string

Default: root

persistent_notifier.password

string

Default: root

Enable Notifications

[apim.notification]
from_address = "abcd@gmail.com"
username = "abcd@gmail.com"
password = "xxxxxx"
hostname = "smtp.gmail.com"
port = "587"
enable_start_tls = true
enable_authentication = true
[apim.notifications]

from_address

string

Default:

The email address you use to send emails.

username

string

Default:

The email address used to authenticate the mail server. This can be the same email address as the from_address.

password

string

Default:

Password used to authenticate the mail server.

signature

string

Default:

Signature of the sender account.

hostname

string

Default:

The SMTP server to connect to.

port

string

Default: 25

The SMTP server port to connect to, if the connect() method does not explicitly specify one. Defaults to 25.

enable_start_tls

string

Default: false

If true, enables the use of the `STARTTLS` command (if supported by the server, before issuing any login commands). Note that an appropriate trust store must be configured so that the client will trust the certificate of the server. Defaults to false.

enable_authentication

string

Default: false

If true, it attempts to authenticate the user using the AUTH command. Defaults to false.

Tenant Management

[tenant_mgt]
enable_email_domain = true
[tenant_mgt]

enable_email_domain

string

Default: FALSE

Enable email login for tenant users.

Enable Password Recovery

[output_adapter.email]
from_address = "wso2am@gmail.com"
username = "wso2amtest"
password = "Wso2@am70"
signature = "do not reply"
hostname = "smtp.gmail.com"
port = "587"
enable_start_tls = true
enable_authentication = true
[output_adapter.email]

from_address

string

Default:

The email address you use to send emails.

username

string

Default:

The email address used to authenticate the mail server. This can be the same email address as the from_address.

password

string

Default:

Password used to authenticate the mail server.

hostname

string

Default:

The SMTP server to connect to.

signature

string

Default:

Signature of the sender account.

port

string

Default: 25

The SMTP server port to connect to, if the connect() method does not explicitly specify one. Defaults to 25.

enable_start_tls

string

Default: false

If true, enables the use of the `STARTTLS` command (if supported by the server, before issuing any login commands). Note that an appropriate trust store must be configured so that the client will trust the certificate of the server. Defaults to false.

enable_authentication

string

Default: false

If true, it attempts to authenticate the user using the AUTH command. Defaults to false.

Multi-tenancy Configurations

[multi_tenancy.stratos]
disable_tenant_management_emails = true
email_validation_mandatory_for_login = false
tenant_activation_moderated = false
super_admin_email = "super-admin-email"
skip_summary_generator = false
notification_email = "notification-email"
finance_notification_email = "finance-notification-email"
charge_on_registration = false
public_cloud_setup = true
google_analytics_url = "http://google-analytics.js"
sso_loading_message = "Loading..."
[multi_tenancy.stratos]

Configures the multi-tenant Stratos properties.

disable_tenant_management_emails

boolean

Default: TRUE

Disable tenant management emails for tenant users.

email_validation_mandatory_for_login

boolean

Default: FALSE

Enable or disable mandatory email validation when logging in.

tenant_activation_moderated

boolean

Default: FALSE

Enable or disable activation of moderated tenants.

super_admin_email

string

Default:

Email of the super admin user.

skip_summary_generator

boolean

Default: FALSE

Skip summary generator for tenants.

notification_email

string

Default:

The email address that is used to send event related notifications.

finance_notification_email

string

Default:

The email address that is used to send financial information related notifications.

charge_on_registration

boolean

Default: FALSE

The charge applicable for tenant registration.

public_cloud_setup

boolean

Default: TRUE

Enable or disable public cloud setup for tenants.

google_analytics_url

string

Default:

URL address of Google Analytics.

sso_loading_message

string

Default:

The message that is displayed when SSO is loaded.

[multi_tenancy.stratos.paypal]
url = "Paypal URL"
username = "username"
password = "password"
signature = "signature"
environment = "live"
[multi_tenancy.stratos.paypal]

url

string

Default:

The URL address of the attached PayPal account.

username

string

Default:

The username of the attached PayPal account.

password

string

Default:

The password of the attached PayPal account.

signature

string

Default:

TThe signature of the attached PayPal account.

environment

string

Default:

The environment of the attached PayPal account.

[multi_tenancy.stratos.manager_service]
url = "https://am.cloud.wso2.com/services/"
admin_username = "admin"
admin_password = "admin"
[multi_tenancy.stratos.manager_service]

Configures the Stratos manager service.

url

string

Default:

The URL of the Stratos manager service.

admin_username

string

Default:

The admin username of the Stratos manager service.

admin_password

string

Default:

The admin password of the Stratos manager service.

[multi_tenancy.usage_agent.data_persistence_task]
startup_delay_in_ms = "60000"
records_per_execution = "100"
execution_interval_in_ms = "-1"
[multi_tenancy.usage_agent.data_persistence_task]

Configures the data presistance for user agents in multi-tenant mode.

startup_delay_in_ms

string

Default:

Connection delay to start data presistance at startup.

records_per_execution

string

Default:

Number of records to be persisted per execution.

execution_interval_in_ms

string

Default: -1

Time between execution cycles in miliseconds.

Multi-tenancy throttling manager configurations

[multi_tenancy.throttling_manager_tasks]
data_providers = [
    "org.wso2.carbon.throttling.manager.dataproviders.BillingDataProvider",
    "org.wso2.carbon.throttling.manager.dataproviders.UsageDataProvider"
]
[multi_tenancy.throttling_manager_tasks]

Configures the multi-tenant throttling manager tasks.

data_providers

string array

Default:

Data providers for throttling management tasks.

[multi_tenancy.throttling_manager_tasks.parameters]
interval = "10"
delay = "60"
[multi_tenancy.throttling_manager_tasks.parameters]

Configures the parameters of multi-tenant throttling manager tasks.

interval

string

Default:

Time interval betweeen throttling manager tasks.

delay

string

Default:

Time delay to start throttling manager tasks.

Multi-tenancy cloud services configurations

[multi_tenancy.cloud_services]
name = "WSO2 API Manager"
default = true
key = "AM"
label = "API Manager"
link = "https://am.cloud.wso2.com"
description = "API Manager in the cloud"
[multi_tenancy.cloud_services]

Configures the multi tenant cloud services.

name

string

Default:

Name of the cloud service.

default

boolean

Default: TRUE

Use as the default cloud service or not.

key

string

Default:

Key-value that represents the cloud service.

label

string

Default:

Label value that represents the cloud service.

link

string

Default:

URL link to the cloud service.

description

string

Default:

Description of the cloud service.

Multi-tenancy monetization configurations

[multi_tenancy.billing.package.demo]
name = "Demo"
subscription_charge = 0
[multi_tenancy.billing.package.demo]

This includes multi-tenancy monetization configurations related to the "Demo" package.

name

string

Default: Demo

Provides the name of the billing package that is being used.

subscription_charge

int

Default: 0

The value of the subscription charge for the billing package.

[multi_tenancy.billing.package.demo.users]
limit= "1"
charge= "0"
[multi_tenancy.billing.package.demo.users]

This includes the users' configurations related to the "Demo" billing package.

limit

string

Default: 1

Provides the number of users that can be attached to the "Demo" billing package.

charge

string

Default: 0

The value of the subscription charge for the "Demo" billing package per user.

[multi_tenancy.billing.package.demo.resource_volume]
limit= "20"
overuse_charge= "0"
[multi_tenancy.billing.package.demo.resource_volume]

This includes the resource volume configurations related to the "Demo" billing package.

limit

string

Default:

The maximum number of resources that can be charged with the given billing package.

overuse_charge

string

Default: 0

The charge for over usage based on the billing package.

[multi_tenancy.billing.package.demo.bandwidth]
limit= "50"
overuse_charge= "0"
[multi_tenancy.billing.package.demo.bandwidth]

This includes the bandwidth configurations related to the "Demo" billing package.

limit

string

Default:

The highest bandwidth value that can be allocated for the "Demo" billing package.

overuse_charge

string

Default: 0

The charge for over usage based on the billing package.

[multi_tenancy.billing.package.smb]
name = "SMB"
subscription_charge = "100"
[multi_tenancy.billing.package.smb]

This includes multi-tenancy monetization configurations related to the "SMB" package.

name

string

Default: SMB

Provides the name of the billing package that is being used.

subscription_charge

int

Default: 0

The value of the subscription charge for the billing package.

[multi_tenancy.billing.package.smb.users]
limit= "unlimited"
charge= "0"
[multi_tenancy.billing.package.smb.users]

This includes the users' configurations related to the "SMB" billing package.

limit

string

Default: 1

Provides the number of users that can be attached to the "SMB" billing package.

charge

string

Default: 0

Value of the subscription charge for the "SMB" billing package per user.

[multi_tenancy.billing.package.smb.resource_volume]
limit= "50"
overuse_charge= "0"
[multi_tenancy.billing.package.smb.resource_volume]

This includes the resource volume configurations related to the "SMB" billing package.

limit

string

Default:

The maximum number of resources that can be charged with the given billing package.

overuse_charge

string

Default: 0

The charge for over usage based on the billing package.

[multi_tenancy.billing.package.smb.bandwidth]
limit= "150"
overuse_charge= "0"
[multi_tenancy.billing.package.smb.bandwidth]

This includes the bandwidth configurations related to the "SMB" billing package.

limit

string

Default:

The highest bandwidth value that can be allocated for the "SMB" billing package.

overuse_charge

string

Default: 0

The charge for over usage based on the billing package.

[multi_tenancy.billing.package.custom]
name = "Professional"
subscription_charge = "500"
[multi_tenancy.billing.package.custom]

This includes multi-tenancy monetization configurations related to the custom package.

name

string

Default: SMB

The name of the custom billing package.

subscription_charge

int

Default: 0

The value of the subscription charge for the billing package.

[multi_tenancy.billing.package.custom.users]
limit= "unlimited"
charge= "0"
[multi_tenancy.billing.package.custom.users]

This includes the users' configurations related to the custom billing package.

limit

string

Default: 1

Provides the number of users that can be attached to the custom billing package.

charge

string

Default: 0

Value of the subscription charge for the custom billing package per user.

[multi_tenancy.billing.package.custom.resource_volume]
limit = "1536"
overuse_charge = "0.03"
[multi_tenancy.billing.package.custom.resource_volume]

This includes the resource volume configurations related to the custom billing package.

limit

string

Default:

The maximum number of resources that can be charged with the given billing package.

overuse_charge

string

Default: 0

The charge for over usage based on the billing package.

[multi_tenancy.billing.package.custom.bandwidth]
limit= "50"
overuse_charge= "0"
[multi_tenancy.billing.package.custom.bandwidth]

This includes the bandwidth configurations related to the custom billing package.

limit

string

Default:

The highest bandwidth value that can be allocated for the custom billing package.

overuse_charge

string

Default: 0

The charge for over usage based on the billing package.

Registry indexing configurations

[indexing]
enable = true
starting_delay = 35
frequency = 3
bach_size = 40
pool_size = 40
re_indexing = 1
[indexing]

Index configurations related to metadata search in registry.

enable

boolean

Default: true
Possible Values: true,false

Enable registry indexing, which indexes the APIs in the registry. Required only to be true on the API Publisher and Developer Portal nodes. WSO2 recommends disabling this on other nodes (Gateways, Traffic Managers, and Key Managers).

starting_delay

string

Default: 35

Initial startup delay for indexing (when the server is starting) in seconds.

frequency

string

Default: 3

Indexing frequency in seconds.

bach_size

string

Default: 40

Number of resources submitted for given indexing thread.

pool_size

string

Default: 40

Number of worker threads for indexing.

re_indexing

string

Default: Not defined

Provide a number starting from 1. Increase the value by one during each time you need to reindex. Make sure to backup and delete the <API-M_HOME>/solr directory after changing the configuration and before restarting the server. After a server restart, reindexing might take a considerable amount of time depending on the number of APIs you have in the registry.

HTTP Servlet Transport

[transport.http.properties]
port = "9763"
redirectPort = "9443"
bindOnInit = "false"
maxHttpHeaderSize = "8192"
acceptorThreadCount = "2"
maxThreads = "250"
minSpareThreads = "50"
disableUploadTimeout = "false"
connectionUploadTimeout = "120000"
maxKeepAliveRequests = "200"
acceptCount = "200"
server = "WSO2 Carbon Server"
compression = "on"
compressionMinSize = "2048"
noCompressionUserAgents = "gozilla, traviata"
compressibleMimeType = "text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding = "UTF-8"
[transport.http.properties]

This configuration header is required for configuring the parameters that are used for tuning the default HTTP catalina server transport of the API Manager.

port

integer Required

Default: 9443
Possible Values: -

bindOnInit

boolean Required

Default: false
Possible Values: "true" or "false"

maxHttpHeaderSize

integer Required

Default: 8192
Possible Values: -

acceptorThreadCount

integer Required

Default: 2
Possible Values: -

maxThreads

integer Required

Default: 250
Possible Values: -

minSpareThreads

integer Required

Default: 50
Possible Values: -

disableUploadTimeout

boolean Required

Default: false
Possible Values: "true" or "false"

connectionUploadTimeout

integer Required

Default: 120000
Possible Values: -

maxKeepAliveRequests

integer Required

Default: 120000
Possible Values: -

keepAliveTimeout

integer Required

Default: 60000
Possible Values: 3000

acceptCount

integer Required

Default: 200
Possible Values: -

server

string Required

Default: WSO2 Carbon Server
Possible Values: -

compression

string Required

Default: on
Possible Values: -

compressionMinSize

integer Required

Default: 2048
Possible Values: -

noCompressionUserAgents

string Required

Default: gozilla, traviata
Possible Values: -

compressibleMimeType

string Required

Default: text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg
Possible Values: -

URIEncoding

string Required

Default: UTF-8
Possible Values: -

HTTPS Servlet Transport

[transport.https.properties]
port = "9763"
redirectPort = "9443"
bindOnInit = "false"
maxHttpHeaderSize = "8192"
acceptorThreadCount = "2"
maxThreads = "250"
minSpareThreads = "50"
disableUploadTimeout = "false"
connectionUploadTimeout = "120000"
maxKeepAliveRequests = "200"
acceptCount = "200"
server = "WSO2 Carbon Server"
compression = "on"
compressionMinSize = "2048"
noCompressionUserAgents = "gozilla, traviata"
compressibleMimeType = "text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding = "UTF-8"
enableLookups = "false"
scheme = "https"
secure = "true"
SSLEnabled = "true"
[transport.https.properties]

This configuration header is required for configuring the parameters that are used for tuning the default HTTPS catalina server transport of the API Manager.

port

integer Required

Default: 9443
Possible Values: -

bindOnInit

boolean Required

Default: false
Possible Values: "true" or "false"

maxHttpHeaderSize

integer Required

Default: 8192
Possible Values: -

acceptorThreadCount

integer Required

Default: 2
Possible Values: -

maxThreads

integer Required

Default: 250
Possible Values: -

minSpareThreads

integer Required

Default: 50
Possible Values: -

disableUploadTimeout

boolean Required

Default: false
Possible Values: "true" or "false"

connectionUploadTimeout

integer Required

Default: 120000
Possible Values: -

maxKeepAliveRequests

integer Required

Default: 120000
Possible Values: -

keepAliveTimeout

integer Required

Default: 60000
Possible Values: 3000

acceptCount

integer Required

Default: 200
Possible Values: -

server

string Required

Default: WSO2 Carbon Server
Possible Values: -

compression

string Required

Default: on
Possible Values: -

compressionMinSize

integer Required

Default: 2048
Possible Values: -

noCompressionUserAgents

string Required

Default: gozilla, traviata
Possible Values: -

compressibleMimeType

string Required

Default: text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg
Possible Values: -

URIEncoding

string Required

Default: UTF-8
Possible Values: -

enableLookups

boolean Required

Default: false
Possible Values: "true" or "false"

scheme

string Required

Default: https
Possible Values: -

secure

boolean Required

Default: true
Possible Values: "true" or "false"

SSLEnabled

boolean Required

Default: true
Possible Values: "true" or "false"

HTTP/S Pass-through Transport (non-blocking mode)

[transport.passthru_https]
http.socket.timeout = "3m"
worker_pool_size_core = 300
worker_pool_size_max = 400
worker_pool_queue_length = -1
io_buffer_size = 16384
http.max.connection.per.host.port = 32767
http.user.agent.preserve = false
preserve_http_server_name = true
http.headers.preserve = ["Content-Type"]
disable_connection_keepalive = false
max_open_connections = -1
force_xml_validation = false
force_json_validation = false
listener.parameters.port = 8243    #inferred  default: 8280
listener.parameters.WSDLEPRPrefix ="$ref{server.hostname}"
listener.parameters.bind-address = "$ref{server.hostname}"
listener.protocols = "TLSv1,TLSv1.1,TLSv1.2"
listener.parameters.SSLVerifyClient = "require"
listener.ssl_profile.file_path = "repository/resources/security/listenerprofiles.xml"
listener.ssl_profile_interval = "600000"
listener.preferred_ciphers = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
listener.key_store.file_name ="$ref{keystore.tls.file_name}"
listener.key_store.type = "$ref{keystore.tls.type}"
listener.key_store.password = "$ref{keystore.tls.password}"
listener.key_store.key_password = "$ref{keystore.tls.key_password}"
listener.trust_store.file_name = "$ref{truststore.file_name}"
listener.trust_store.type = "$ref{truststore.type}"
listener.trust_store.password = "$ref{truststore.password}"
sender.warnOnHTTP500 = "*"
sender.http.proxyHost = "$ref{server.hostname}"
sender.http.proxyPort = 3128
sender.http.nonProxyHosts = ["$ref{server.hostname}"]
sender.hostname_verifier = "AllowAll"
sender.key_store.file_name ="$ref{keystore.tls.file_name}"
sender.key_store.type = "$ref{keystore.tls.type}"
sender.key_store.password = "$ref{keystore.tls.password}"
sender.key_store.key_password = "$ref{keystore.tls.key_password}"
sender.trust_store.file_name = "$ref{truststore.file_name}"
sender.trust_store.type = "$ref{truststore.type}"
sender.trust_store.password = "$ref{truststore.password}"
sender.ssl_profile.file_path = "repository/resources/security/sslprofiles.xml"
sender.ssl_profile.interval = "600000"
[transport.passthru_http]

This configuration header is required for configuring the parameters that are used for tuning the default HTTP/S passthrough transport of the API Manager in non-blocking mode.

http.socket.timeout

integer Required

Default: 180000
Possible Values: -

This is the maximum period of inactivity between two consecutive data packets, specified in milliseconds.

worker_pool_size_core

integer Required

Default: 400
Possible Values: -

The API Manager uses a thread pool executor to create threads and to handle incoming requests. This parameter controls the number of core threads used by the executor pool. If you increase this parameter value, the number of requests received that can be processed by the gateway increases, hence, the throughput also increases. The nature of the integration scenario and the number of concurrent requests received by the gateway are the main factors that helps to determine this parameter.

worker_pool_size_max

integer Required

Default: 400
Possible Values: -

This is the maximum number of threads in the worker thread pool. Specifying a maximum limit avoids performance degradation that can occur due to context switching. If the specified value is reached, you will see the error 'SYSTEM ALERT - HttpServerWorker threads were in BLOCKED state during last minute'. This can occur due to an extraordinarily high number of requests sent at a time when all the threads in the pool are busy, and the maximum number of threads is already reached.

worker_pool_queue_length

integer Required

Default: -1
Possible Values: -

This defines the length of the queue that is used to hold runnable tasks to be executed by the worker pool. The thread pool starts queuing jobs when all the existing threads are busy, and the pool has reached the maximum number of threads. The value for this parameter should be -1 to use an unbound queue. If a bound queue is used and the queue gets filled to its capacity, any further attempts to submit jobs fail causing some messages to be dropped by Synapse.

io_buffer_size

integer Required

Default: 16384
Possible Values: -

This is the value of the memory buffer allocated when reading data into the memory from the underlying socket/file channels. You should leave this property set to the default value.

http.max.connection.per.host.port

integer Required

Default: 32767
Possible Values: -

This defines the maximum number of connections allowed per host port.

http.user.agent.preserve

boolean Required

Default: "true" or "false"
Possible Values: -

If this parameter is set to true, the user-agent HTTP header of messages passing through the integrator is preserved and printed in the outgoing message.

http.headers.preserve

string Required

Default: Content-Type
Possible Values: -

This parameter allows you to specify the header field/s of messages passing through the EI that need to be preserved and printed in the outgoing message such as Location, CommonsHTTPTransportSenderKeep-Alive, Date, Server, User-Agent, and Host. For example, http.headers.preserve = Location, Date, Server.

disable_connection_keepalive

boolean Required

Default: false
Possible Values: "true" or "false"

If this parameter is set to true, the HTTP connections with the back end service are closed soon after the request is served. It is recommended to set this property to false so that the integrator does not have to create a new connection every time it sends a request to a back-end service. However, you may need to close connections after they are used if the back-end service does not provide sufficient support for keep-alive connections.

listener.parameters.port

integer Required

Default: 8290
Possible Values: -

The port on which this transport receiver should listen for incoming messages.

listener.parameters.WSDLEPRPrefix

string Required

Default: -
Possible Values: -

A URL prefix which will be added to all service EPRs and EPRs in WSDLs etc.

listener.parameters.port

integer Required

Default: 8253
Possible Values: -

The secured port on which this transport receiver should listen for incoming messages.

listener.key_store.file_name

string Required

Default: APIM_HOME/repository/resources/security/wso2carbon.jks
Possible Values: -

The path to the keystore file that is used for securing the HTTP passthrough connection. By default, the keystore file of the primary keystore is enabled for this purpose.

listener.key_store.type

string Required

Default: JKS
Possible Values: "JKS" or "PKCS12"

The type of the keystore file. By default, the keystore type of the primary keystore is enabled for this purpose.

listener.key_store.password

string Required

Default: wso2carbon
Possible Values: -

The password of the keystore file that is used for securing the HTTP passthrough connection. This keystore password is used when accessing the keys in the keystore. By default, the keystore password of the primary keystore is enabled for this purpose.

listener.key_store.key_password

string Required

Default: wso2carbon
Possible Values: -

The password of the private key that is used for securing the HTTP passthrough connection. This keystore password is used when accessing the keys in the keystore. By default, the keystore password of the primary keystore is enabled for this purpose.

listener.trust_store.file_name

string Required

Default: APIM_HOME/repository/resources/security/wso2truststore.jks
Possible Values: -

The path to the keystore file that is used for storing the trusted digital certificates. By default, the product's trust store is configured for this purpose.

listener.trust_store.type

string Required

Default: JKS
Possible Values: "JKS" or "PKCS12"

The type of the keystore file that is used as the trust store. By default, the product's trust store is configured for this purpose.

listener.trust_store.password

string Required

Default: wso2carbon
Possible Values: -

The password of the keystore file that is used as the trust store. By default, the product's trust store is configured for this purpose.

sender.warnOnHTTP500

string Required

Default: -
Possible Values: -

If the outgoing messages should be sent through an HTTP proxy server, use this parameter to specify the target proxy.

sender.http.proxyHost

string

Default: -
Possible Values: -

If the outgoing messages should be sent through an HTTP proxy server, use this parameter to specify the target proxy.

sender.http.proxyPort

integer

Default: -
Possible Values: -

The port through which the target proxy (specified by the 'sender.proxy_port' parameter) accepts HTTP traffic.

sender.http.nonProxyHosts

string Required

Default: -
Possible Values: -

The list of hosts to which the HTTP traffic should be sent directly without going through the proxy. When trying to add multiple hostnames along with an asterisk in order to define a set of sub-domains for non-proxy hosts, you need to add a period before the asterisk when configuring proxy server.

sender.hostname_verifier

string Required

Default: -
Possible Values: -

The list of hosts to which the HTTP traffic should be sent directly without going through the proxy. When trying to add multiple hostnames along with an asterisk in order to define a set of sub-domains for non-proxy hosts, you need to add a period before the asterisk when configuring proxy server.

sender.key_store.file_name

string Required

Default: APIM_HOME/repository/resources/security/wso2carbon.jks
Possible Values: -

The path to the keystore file that is used for securing the HTTP passthrough connection. By default, the keystore file of the primary keystore is enabled for this purpose.

sender.key_store.type

string Required

Default: JKS
Possible Values: "JKS" or "PKCS12"

The type of the keystore file. By default, the keystore type of the primary keystore is enabled for this purpose.

sender.key_store.password

string Required

Default: wso2carbon
Possible Values: -

The password of the keystore file that is used for securing the HTTP passthrough connection. This keystore password is used when accessing the keys in the keystore. By default, the keystore password of the primary keystore is enabled for this purpose.

sender.key_store.key_password

string Required

Default: wso2carbon
Possible Values: -

The password of the private key that is used for securing the HTTP passthrough connection. This keystore password is used when accessing the keys in the keystore. By default, the keystore password of the primary keystore is enabled for this purpose.

sender.trust_store.file_name

string Required

Default: APIM_HOME/repository/resources/security/wso2truststore.jks
Possible Values: -

The path to the keystore file that is used for storing the trusted digital certificates. By default, the product's trust store is configured for this purpose.

sender.trust_store.type

string Required

Default: JKS
Possible Values: "JKS" or "PKCS12"

The type of the keystore file that is used as the trust store. By default, the product's trust store is configured for this purpose.

sender.trust_store.password

string Required

Default: wso2carbon
Possible Values: -

The password of the keystore file that is used as the trust store. By default, the product's trust store is configured for this purpose.

HTTP/S Pass-through Transport (blocking mode)

[transport.passthru_https]
listener.enable = true
listener.parameters.port = 8200
listener.hostname = ""
listener.origin_server = ""
listener.request_timeout = ""
listener.request_tcp_no_delay = ""
listener.request_core_thread_pool_size = ""
listener.request_max_thread_pool_size = ""
listener.thread_keepalive_time = ""
listener.thread_keepalive_time_unit = ""

[transport.blocking_https]
sender.enable = true
sender.parameters.cacheHttpClient = true
sender.parameters.Transfer-Encoding = ""
sender.parameters.defaultMaxConnectionsPerHost = 200
sender.parameters.OmitSOAP12Action = true
sender.parameters.SO_TIMEOUT = 60000
[transport.passthru_https]

This configuration header is required for configuring the parameters that are used for configuring the default HTTP/S passthrough transport in blocking mode

listener.enable

boolean Required

Default: true
Possible Values: "true" or "false"

This parameter is used for enabling the HTTP passthrough transport listener in blocking mode.

listener.parameters.port

integer Required

Default: 8200
Possible Values: -

The port on which this transport receiver should listen for incoming messages.

listener.hostname

string

Default: -

listener.origin_server

string

Default: -

listener.request_timeout

string

Default: -

listener.request_tcp_no_delay

string

Default: -

listener.request_core_thread_pool_size

string

Default: -

listener.request_max_thread_pool_size

string

Default: -

listener.thread_keepalive_time

string

Default: -

listener.thread_keepalive_time_unit

string

Default: -

sender.enable

boolean Required

Default: true
Possible Values: "true" or "false"

This parameter is used for enabling the HTTP passthrough transport sender in blocking mode.

sender.parameters.cacheHttpClient

boolean Required

Default: -
Possible Values: "true" or "false"

This parameter is used to specify whether the HTTP client should save cache entries and the cached responses in the JVM memory or not.

sender.parameters.Transfer-Encoding

string Required

Default: -
Possible Values: "chunked" or "true"

This parameter enables you to specify whether the data sent should be chunked. It can be used instead of the Content-Length header if you want to upload data without having to know the amount of data to be uploaded in advance.

sender.parameters.defaultMaxConnectionsPerHost

integer Required

Default: -
Possible Values: -

The maximum number of connections that will be created per host server by the client. If the backend server is slow, the connections in use at a given time will take a long time to be released and added back to the connection pool. As a result, connections may not be available for some requests. In such situations, it is recommended to increase the value for this parameter.

sender.parameters.OmitSOAP12Action

boolean Required

Default: -
Possible Values: "true" or "false"

If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages.

sender.parameters.SO_TIMEOUT

integer Required

Default: -
Possible Values: 60000

If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages.

sender.http.proxyHost

string

Default: -
Possible Values: -

If the outgoing messages should be sent through an HTTP proxy server (in blocking mode), use this parameter to specify the target proxy.

sender.http.proxyPort

integer

Default: -
Possible Values: -

The port through which the target proxy (specified by the 'sender.proxy_host' parameter) accepts HTTP traffic (in blocking mode).

sender.http.proxyHost

string

Default: -
Possible Values: -

If the outgoing messages should be sent through an HTTPS proxy server (in blocking mode), use this parameter to specify the target proxy.

sender.http.proxyPort

integer

Default: -
Possible Values: -

The port through which the target proxy (specified by the 'sender.secured_proxy_host' parameter) accepts HTTPS traffic (in blocking mode).

HTTP proxy profile

[transport.passthru_http.sender.parameters]
proxyProfiles = "example.comlocalhost8080squidUserpassword"
[[transport.passthru_http.sender.parameters]]

This configuration header is required for configuring HTTP proxy profiles when you need multiple proxy servers to route messages to different endpoints.

proxyProfiles

string Required

Default: -
Possible Values: <profile><targetHosts>example.com</targetHosts><proxyHost>localhost</proxyHost><proxyPort>8080</proxyPort><proxyUserName>squidUser</proxyUserName><proxyPassword>password</proxyPassword></profile>

Attribute to define a full proxy profile. Following fields describes the elements used inside the profile

targetHosts

string Required

Default: -
Possible Values: "*", "example.com", "<any-ip-address>"

A host name or a comma-separated list of host names for a target endpoint. Host names can be specified as regular expressions that match a pattern. When asterisks (*) is specified as the target hostname, it will match all the hosts in the profile.

proxyHost

string Required

Default: -
Possible Values: -

The host name of the proxy server.

proxyPort

integer Required

Default: -
Possible Values: -

The port number of the proxy server.

proxyUserName

string Required

Default: -
Possible Values: -

The username for authenticating the proxy server.

proxyPassword

string Required

Default: -
Possible Values: -

The password for authenticating the proxy server.

HTTP secured proxy profile

[transport.passthru_https.sender.parameters]
proxyProfiles = "example.comlocalhost8080squidUserpassword"
[[transport.passthru_https.sender.parameters]]

This configuration header is required for configuring HTTP proxy profiles when you need multiple proxy servers to route messages to different endpoints.

proxyProfiles

string Required

Default: -
Possible Values: <profile><targetHosts>example.com</targetHosts><proxyHost>localhost</proxyHost><proxyPort>8080</proxyPort><proxyUserName>squidUser</proxyUserName><proxyPassword>password</proxyPassword></profile>

Attribute to define a full proxy profile. Following fields describes the elements used inside the profile

targetHosts

string Required

Default: -
Possible Values: "*", "example.com", "<any-ip-address>"

A host name or a comma-separated list of host names for a target endpoint. Host names can be specified as regular expressions that match a pattern. When asterisks (*) is specified as the target hostname, it will match all the hosts in the profile.

proxyHost