# API configuration The API is configurured trought either environment variables or a local config file `/config/local.js` **Server settings** Basic server settings ``` API_URL API_HOSTNAME API_EXPRESS_PORT API_EMAILADDRESS ``` ``` "url": "", "hostname": "", "emailAddress": "", "express": { "port": 0 }, ``` **Database** MySQL database access ``` API_DATABASE_USER API_DATABASE_PASSWORD API_DATABASE_DATABASE API_DATABASE_HOST ``` ``` "database": { "user": "", "password": "", "database": "", "host": "", "dialect": "", "multipleStatements": true }, ``` **Cookie settings** ``` API_SECURITY_SESSIONS_COOKIENAME API_SECURITY_SESSIONS_ONLYSECURE ``` ``` "security": { "sessions": { "secret": "KrkA3jezYn1nX5yHVYAhTzicG0shq8Bl", "onlySecure": false } }, ``` **Email for notifications** The API sends emails to users and administrators. Use these settings to configure the SMTP settings ``` API_MAIL_FROM API_MAIL_TRANSPORT_SMTP_PORT API_MAIL_TRANSPORT_SMTP_HOST API_MAIL_TRANSPORT_SMTP_REQUIRESSL API_MAIL_TRANSPORT_SMTP_AUTH_USER API_MAIL_TRANSPORT_SMTP_AUTH_PASS API_NOTIFICATIONS_ADMIN_EMAILADDRESS ``` ``` "mail": { "from": "", "transport": { "smtp": { "port": 0, "host": "", "requireTLS": true, "name": "", "auth": { "user": "", "pass": "" } } } }, ``` This is the address of the administrator that should receive notifications (1): ``` "notifications": { "admin": { "emailAddress": "" } }, ``` **Oauth** Handling of oauth calls, and connecting to the oauth server ``` API_AUTHORIZATION_JWTSECRET AUTH_API_URL AUTH_FIRST_CLIENT_ID AUTH_FIRST_CLIENT_SECRET ``` ``` "authorization": { "jwt-secret": "", "auth-server-url": "", "auth-client-id": "", // (1) "auth-client-secret": "", // (1) "auth-server-login-path": "/dialog/authorize?redirect_uri=[[redirectUrl]]&response_type=code&client_id=[[clientId]]&scope=offline", "auth-server-exchange-code-path": "/oauth/token", "auth-server-get-user-path": "/api/userinfo?client_id=[[clientId]]", "auth-server-logout-path": "/logout?clientId=[[clientId]]", "after-login-redirect-uri": "/?jwt=[[jwt]]", "fixed-auth-tokens": [{ "token": "123", "userId": "1" }] // see below } "allowedOrigins": [ "http://test-project.cms.niels:8109" ], ``` **Ignore brute force** A list of IP's that will not be blocked by the brute force checks ``` IGNORE_BRUTE_FORCE_IP ``` ``` "ignoreBruteForce": [], ``` **Anonymize users** When [anonymizing users](/openstad/manual/how-tos/gebruikers-anonimiseren-per-website.md) change the names of those users to this, to be shown in ideas and arguments ``` "anonymize": { "firstName": "This user", "lastName": "has been deleted" } }, ``` **Other** ``` TEMPLATE_SOURCE ``` ``` "templateSource": "https://cdn.openstad.nlsvgtr.nl/meer/ecosystem-templates/site/index.json", "ideas": { "duration": 60 }, ``` ``` API_NOTIFICATIONS_ADMIN_EMAILADDRESS API_NOTIFICATIONS_SENDENDDATENOTIFICATIONSXDAYSBEFORE ``` ``` "notifications": { "admin": { "emailAddress": "webmaster@example.com" }, "sendEndDateNotifications": { "XDaysBefore": 10 } } ``` **Fixed Auth Tokens** It is possible to allow access to the API through a fixed token. This token should be configured to represent a specific existing user.\ This mechanism is used to allow access to the API to other OpenStad servers (Admin panel, Frontend) but can also be used to allow access the API server to other external services or other REST tools.\ Fixed auth tokens are configured in either the env var `API_AUTHORIZATION_FIXEDAUTHTOKENS` or the local config file. It is a list of tokens and user id's: ``` [ { "token": "123", "userId": "1" }, { "token": "456", "userId": "31" } ] ``` (1) These settings are normally defined in the site config, but default to the values provided here --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openstad.org/openstad/technical/api/api-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.