Configure the plugin
Here is the list of configuration properties available for the WXM_RESTAPI plug-in:
raisePluginStatusToEngine
: if true (default), the plugin status impacts the server statusStatus title 2022.1 tempdir: directory to store temporary files (volatile files)
workdir: directory to store temporary files for long working process (
Status title 2021.5 
see important notice)restApiDirPurgeNode: the name of the node (in clustered mode) where to run the restapi SAN directory purge (if the current node name is different thant the value of this parameter, the purge is not done)
linksection: configure hateoas section
REMOTE (default)
LOCAL
OUTBOUND
FULLOUTBOUND
NONE
a component URI (pluginname:classname)
connectionListener: connection listener URI (pluginname:classname)
configHotUpdate: Enables automatic reloading of an endpoint configuration file if it changes on the disk.
This option is required in cluster mode, if you change the configuration via the API Designer. When saving a configuration, it is modified in the cache of the current node and the file storing the configurations is modified but the other nodes do not update their cache if this option is not enabled.
Possible values are:true: activates the reloading of the cache when the file is modified
false : does not take into account file changes until the plugin is restarted
auto: activates the reloading of the cache only if the server is not in production mode
configPluginName: the name of of plugin to store service configurations (by default the name of this plugin is WXM_RESTAPI_CONFIG)
If the plugin doesn’t exist or is not activated, the configuration plugin is the REST API plugin (WXM_RESTAPI)
SeeJira Legacy server System JIRA serverId ee2ae3e2-175d-3458-b663-57790c4fa118 key WXM-6082 applicationObject: name of object used to store application tokens (by default restapiapp)
deployDamServices: if true, automatically deploy DAM services
exposeImageServerPath: in the responses to API calls, for a property that indicates the path of a file in a property of type file or image, we expose the path of the file (relative to the SAN), otherwise we expose only the file name
defaultETag: define the default ETag (See ETags within the REST API end points )
dynETag: disable supports of dynamic ETagStatus title 2021.5 damEtag: activate (or deactivate) ETag for DAM Services
dynETag: disable supports of dynamic ETag etagContextProperties: This is the list (a JSON array) of surfer properties that are taken into account to calculate the context of a surfer. The default value is an array with the property used The default value is an array that contains the property used by the security module to manage rights (roles): it is essential to keep it to work with the role configuration application.Status title 20212022.56 useTriggerForEtagNotifications: On non cluster plateforme use trigger to handle instance change notifications for dynamic ETag (if false, dynamic ETag will be handled by notification - not available yet - si do not change this value until the feature is available)
etagVersionValue: the value for version value (see https://crossmedia.atlassian.net/wiki/spaces/WD/pages/1390706689/ETags+within+the+REST+API+end+points#Version-ETag )
etagMaxAgeControl: allows the client (ie the browser to manage the MaxAge Cache Control)
aggAutoGenerationaggTreeCount: a json to configurate aggregates boolean (true by default) to enable the tree count option in the agregates calculation
aggAutoGeneration: a json to configurate aggregates autogeneration in non damobjects in DAM services
enableMassImportServices: activate mass upload/import services (true by default)
massImportItemObjectName: name of object to store tempory items to upload/import (default is massimportitem)
massImportCreateWithJobOwner: if true (default), use job owner to create assets (or simulate). If false, use default job executor user
massImportRemoveItemAfterCreate: if true (default) remove item after asset creation while upload/import process
massImportSimuWithFaces: if true (default) compute and export faces in simulation
massImportJobConfig: json to configure thread pools for executing jobs (see https://crossmedia.atlassian.net/wiki/spaces/WD/pages/726237185/Mass+imports+uploads#Configuration-(plug-in) )
massImportSupportedFiles: intended for future use
massImportStoreCache
: if true (default) save mass import simulation and cache (and related data, as valid, haserror, haswarning, and datachanges (for fulltext search on mass import items)Status title 2022.1 massImportAsyncStoreCache: true enable asynchronous saving of the mass import simulation cache
massImportEnableDataChanges
: if true (default), information allowing fulltext search on mass import items is generatedStatus title 2022.1 massImportBlockingJobChangesQuery
: boolean, default is true(sinceStatus title 2022.1
). If true activate long polling on job changes serviceStatus title 2022.2 massImportBlockingJobChangesQueryTimeout
: long, timeout for long polling on job changes serviceStatus title 2022.1 massImportBlockingJobChangesQueryNotifyCondition
: string, the type of the type of event that releases the long polling. Possible values are:Status title 2022.1 always: when the worker has finished, even if the command has failed
anydone: (default since
) when a command has been appliedStatus title 2022.2 alldone: when all commands have been applied
massImportSetChangesCompletionServiceEnabled
: boolean, default is true(sinceStatus title 2022.1
). If it is true, the application of the commands of a job are applied to the items in an asynchronous system (if it is false, they are applied to the items one after the other). The setting of the asynchronous system is done by massImportJobConfig.Status title 2022.2 massImportJobOutstandingVirtual
: boolean, experimental, let this value to false.Status title 2022.2 massImportJobPurgeConfig
: json to configure the mass import job and items cleaning process (see https://crossmedia.atlassian.net/wiki/spaces/WD/pages/726237185/Mass+imports+uploads#massImportPurgeConfig)Status title 2022.2 asyncZipBinaryExpiringTimeout
: an integer (default is 120), the retention time in seconds of the progress of an asynchronous zip upload after it has finished processing.Status title 2022.2 asyncZipBinaryThreadPoolConfig
: json object, configuration of the thread pool for asynchronous zip uploadStatus title 2022.2
This is a JSON object. This is the default configuration:Code Block language json { "threadCount":3, "queueSize": 100, "idleTime": 300 "allowCoreThreadTimeOut": true }
Here is the properties:threadCount: the number of threads. You can use minThreadCount and maxThreadCount if you want to set a different minimum and maximum value.
queueSize: the size of the queue
idleTime: time (in seconds) before an idle thread is terminated
limitedChildren: if true (default), limits the number of children exported in DAM services
securedDamServices: if true (default), honors the security of the objectData domain in DAM services
securedAppSettingsServices
: if true (default), honors the security of the objectData domain in Application Settings servicesStatus title 2022.2 canRetrieveCaption: if true (default is false), honors objectData/canRetrieveCaption for children in DAM services
checkSecurityCanViewEvenSimuCreateOrUpdate
: Starting with versionStatus title 2021.6
, objectdata/view security is disabled by default on the exposure of asset modification simulations in the context of mass import, to allow the implementation of facets. If the value of this parameter is set to true, then we return to the previous behavior (we can't see a result of a modification or creation simulation if the security refuses it, or crashes because the ID of an instance in creation simulation is 0).Status title 2021.6 damRelativeURLs: if true (default is false), exported URL are relatives (in DAM services responses)
authRelativeURLs: if true (default is false), exported URL are relatives (in auth services responses)
allowAccessIfActionDoesntExist: if true (false by default) do not check end point security if the corresponding action doesn’t exist
lazyDeployDamServices: if true, and not production mode, the configuration of dam services are automatically updated when the structures change
sessionAuth(obsolete): if true, allows authentication of invokation with the session surfer (avoid this because of XRSF attacks)
sessionAuth
: default is false. If true, allows stateful surfer session surfer (shared with backoffice session)Status title 11.18 allowSessionAuth
: default is true. If true, allows api client to work as sessionAuth mode, on demand, while getting a token.Status title 11.18 sessionAuthReconnectMode
: default is false. If true, during a sessionAuth authentication, the surfer is reconnected (re-execution of surferservices among others)Status title 11.18 sessionAuthBODisconnect
: default is false. If true, in sessionAuth mode, if we connect a new surfer, we force the disconnection of the surfer currently in sessionStatus title 11.18 sessionFul
: default is false. If true, we connect in sessionful (see API Authentication & Connection Modes )Status title 2021.4 WWWAuthenticateFallBack : default is false. In case there is no authentication information in the request, we return a 401 Unauthorized. If this parameter is true, the WWW-Authenticate header is included in the response.
allowJWTCookieAuth: default is true. Allows to request a connection in cookie mode (request parameter cookieauth=true)
JWTCookieSameSite: default is
Strict. Value of the SameSite attribute of the REST API cookies.JWTCookieSameSiteLocal: no default. Value of the SameSite attribute of the REST API cookies in developpement mode. If no value is indicated, we use JWTCookieSameSite
JWTCookieShare
: default is false. If false attribute Path of API cookies isStatus title 2021.4 /api. If true, its /, thus, the cookie is transmitted for all urls including the BO, thus allowing to connect to the whole solution via the Portal. This is not useful in sessionful mode, because the session is shared between BO and API.DXMDomain
: Value of the cookie attribute Domain (necessary for DXM access in the Portal), if you want to indicate a specific value different from the value automatically assigned if DXM is enabled.Status title 2021.4 JWTCookiePathDependsOnRequest: default is false. If true, the value of the Path attribute of the cookie is determined from the request that is doing the signin, otherwise it is determined from the system variables. This parameter is ignore if JWTCookieShare is true.
JWTCookieLongLife: Default is true. If true, the lifetime of the JWT cookie is the lifetime of the refresh token, otherwise it is the lifetime of the access token.
csrfTokenControl: boolean, default is false, activates CSRF token checks in the API call when cookie is used for authentificationStatus title 2022.6
csrfTokenControlExcludes: a white list (JSON Array) of IP for which the token control is disabled (event csrfTokenControl is true)Status title 2022.6
csrfTokenControlExcludes_local: the same as csrfTokenControlExcludes, but for local use only (never included in backup)Status title 2022.6 oauth2Enabled: default is true. If true, allows to use the OAuth2 SSO authentication system provided by the API
ssoSAMLEnabled: default is true.If true, allows to use the SAML SSO authentication system provided by the engine
ssoOAuth2Enabled: default is false. If true, allows to use the OAuth2 SSO authentication system provided by the engine
tokenHash: A base for the hashing of JWT tokens signature
tokenCleaningPeriod: period of the task of cleaning expired tokens
tokenLongLifeTime: lifetime of long life JWT tokens (in seconds)
tokenShortLifeTime: lifetime of short life JWT tokens (in seconds)
tokenMaxAge: (optional) max age of JWT tokens (in seconds)
jwtAlgorithm: JWT tokens hash algorithm (HS256, HS384 or HS512)
errorSupport: configuration of error support in error message
This is a JSon. You can configure default message for the client, or keys and parameters so that the customer can generate his own messages. The default value is:
Code Block {"key":"WEDIA_ERROR_SUPPORT","params":["support@wedia-group.com"]}string form
if the value is a string, then this is the support message that will be presented
object form
the object has two properties:
key: the key for the message
WEDIA_ERROR_SUPPORT
A message presenting one value (the email of support service) and the Wedia name
EMAIL_ERROR_SUPPORT
A altenative of WEDIA_ERROR_SUPPORT message without Wedia mention
params:
Parameters for the message. Default messages has only one parameter:
support email address
value: (optional) a default static message. If this property is omitted, one is generated with key and params from the REST API Plug-in bundle.
array form
An array of several messages.
allowDebugInProduction: boolean. Allows to temporarily allow debug mode, even in production. Be careful to enable this option exceptionally to limit API vulnerabilities to certain attacks.
presetPrefix: prefix for preset (for automatic naming) exposed from Image Processing Configuration
defaultCharset: default charset for API request parameters and headers
defaultContentCharset: default charset for for API request and response body
docPortalWithHelpers
: default is false. If true, messages are displayed to help solve the errors. As this information is related to the internal functioning of the Wedia solution, it does not generally speak to external parties and is therefore not displayed by default.Status title 2021.5 apiDocSecure: default is true. If false, access to the API documentation is not secured (it is not necessary to authenticate to consult it).
| Note |
|---|
It is not recommended to put false on a server accessible on the web. |
apiDocRenderer: type of default HTML/CSS renderer for OAS3.0 documentation
apiDocLazyRendering
: if true, ReDoc's lazy rendering mode is enabled (supposed to improve its display speed)Status title 2021.6 apiDocCache: enable or not OAS3.0 file cache. When the cached file is generated, the documentation is always read from the file, so no configuration changes can be seen in the documentation.
ALWAYS: always cached
NEVER! never cached
ONLYPROD: cached only if production mode is activated
apiDocCacheClearOnRestart: boolean, true to delete the OAS3.0 cached files when the plug-in restarts
apiDocCacheGenOnRestart: boolean, default is true. If true, OAS files describing the API documentation are generated when the plugin starts. If false, OAS files describing the API documentation are generated when requested (if caching is enabled, when first requested). This can penalize the request, but will queue up other simultaneous requesters, or even reject them (in error) if the timeout is exceeded. It is therefore recommended to leave this value at true, except on development servers, when this documentation is not used, in order to preserve resources (disk space, memory, cpu).
apiDocInternalCache: boolean, default is true. If true, activates the internal cache during generation. Consumes more memory, but saves generation time.
apiDocOasStream:
a json object to configure the download of an OAS3 fileStatus title 2022.1
The default configuration provided should be fine in general. If you have problems with file loading times (especially large files), please contact Joël DRIGO before changing this configuration. See more details here.apiDocInfoExcluded:
a json array to configure the list of information to be excluded from the REST API documentation. See more details here.Status title 2022.1 apiDocPortal:
a json object to configure the REST API documentation display (the rendering portal, not the user documentation portal). See more details here.Status title 2022.1 alwaysGenerateCacheForTagGroups:
a boolean, default is false. If true, the tag group cache is generated even version 1 of the documentation display is selected (these files are not used by the documentation portal version 1 but could be loaded (or displayed) directly via the dedicated URLs if wanted)Status title 2022.1
languageObject: default is restapilang. The object (structure) used to control the languages (by example lang). The structure of the object must be the same as the object
lang. If the value of this parameter is empty or corresponds to a non-existent object, the language control is disabled (a user who logs in with an unmanaged language will have the messages in the default language).disableNotAcceptableLanguageException:default is false. if true, uses the first found locale instead of throwing a 406 Not Acceptable when no valid locale is found in a query (an invalid locale is a locale that is not defined in the language object, see parameter
languageObject). If false, throws an error to the requester.notAcceptableLanguageExceptionLocale: Locale by default if request locale is not acceptable (see parameters
languageObjectanddisableNotAcceptableLanguageException). If no value set, use default indexation language.checkResetPassword: default is true. If true, activates the test of the changepass property of the user at the connection.
binaryUpdateAcceptedPaths: defines the paths accessible in the SAN for the assignment of files by path, to a field of type binary or image, during a creation or a modification. It is a JSON array of paths (relative to the SAN). By default, the file and image folders are allowed as file sources.Anchor binaryUpdateAcceptedPaths binaryUpdateAcceptedPaths
...
To create a separate configuration plugin (when the configuration is still in WXM_RESTAPI):
create the plugin as usual (with a minimal config.xml)
move the configuration from WXM_RESTAPI
files of WXM_RESTAPI/config to the config folder of this plugin
configuration files are those that start with underscore and txt typemove also the resource configuration directories (those that start with underscore and end with _RSC)
...