API configuration

The API is configurured trought either environment variables or a local config file /config/local.js

Server settings

Basic server settings

API_URL
API_HOSTNAME
API_EXPRESS_PORT
API_EMAILADDRESS
  "url": "",
  "hostname": "",
  "emailAddress": "",
  "express": {
    "port": 0
  },

Database

MySQL database access

API_DATABASE_USER
API_DATABASE_PASSWORD
API_DATABASE_DATABASE
API_DATABASE_HOST
  "database": {
    "user": "",
    "password": "",
    "database": "",
    "host": "",
    "dialect": "",
    "multipleStatements": true
  },

Cookie settings

API_SECURITY_SESSIONS_COOKIENAME
API_SECURITY_SESSIONS_ONLYSECURE
  "security": {
    "sessions": {
      "secret": "KrkA3jezYn1nX5yHVYAhTzicG0shq8Bl",
      "onlySecure": false
    }
  },

Email for notifications

The API sends emails to users and administrators. Use these settings to configure the SMTP settings

API_MAIL_FROM
API_MAIL_TRANSPORT_SMTP_PORT
API_MAIL_TRANSPORT_SMTP_HOST
API_MAIL_TRANSPORT_SMTP_REQUIRESSL
API_MAIL_TRANSPORT_SMTP_AUTH_USER
API_MAIL_TRANSPORT_SMTP_AUTH_PASS
API_NOTIFICATIONS_ADMIN_EMAILADDRESS
  "mail": {
    "from": "",
    "transport": {
      "smtp": {
        "port": 0,
        "host": "",
        "requireTLS": true,
        "name": "",
        "auth": {
          "user": "",
          "pass": ""
        }
      }
    }
  },

This is the address of the administrator that should receive notifications (1):

  "notifications": {
    "admin": {
      "emailAddress": ""
    }
  },

Oauth

Handling of oauth calls, and connecting to the oauth server

API_AUTHORIZATION_JWTSECRET
AUTH_API_URL
AUTH_FIRST_CLIENT_ID
AUTH_FIRST_CLIENT_SECRET
  "authorization": {
    "jwt-secret": "",
    "auth-server-url": "",
    "auth-client-id": "", // (1)
    "auth-client-secret": "", // (1)
    "auth-server-login-path": "/dialog/authorize?redirect_uri=[[redirectUrl]]&response_type=code&client_id=[[clientId]]&scope=offline",
    "auth-server-exchange-code-path": "/oauth/token",
    "auth-server-get-user-path": "/api/userinfo?client_id=[[clientId]]",
    "auth-server-logout-path": "/logout?clientId=[[clientId]]",
    "after-login-redirect-uri": "/?jwt=[[jwt]]",
    "fixed-auth-tokens": [{ "token": "123", "userId": "1" }] // see below
  }
  "allowedOrigins": [
    "http://test-project.cms.niels:8109"
  ],

Ignore brute force

A list of IP's that will not be blocked by the brute force checks

IGNORE_BRUTE_FORCE_IP
  "ignoreBruteForce": [],

Anonymize users

When anonymizing users change the names of those users to this, to be shown in ideas and arguments

    "anonymize": {
      "firstName": "This user",
      "lastName": "has been deleted"
    }
  },

Other

TEMPLATE_SOURCE
  "templateSource": "https://cdn.openstad.nlsvgtr.nl/meer/ecosystem-templates/site/index.json",
  "ideas": {
    "duration": 60
  },
API_NOTIFICATIONS_ADMIN_EMAILADDRESS
API_NOTIFICATIONS_SENDENDDATENOTIFICATIONSXDAYSBEFORE
"notifications": {
  "admin": {
    "emailAddress": "webmaster@example.com"
  },
  "sendEndDateNotifications": {
    "XDaysBefore": 10
  }
}

Fixed Auth Tokens

It is possible to allow access to the API through a fixed token. This token should be configured to represent a specific existing user. This mechanism is used to allow access to the API to other OpenStad servers (Admin panel, Frontend) but can also be used to allow access the API server to other external services or other REST tools. Fixed auth tokens are configured in either the env var API_AUTHORIZATION_FIXEDAUTHTOKENS or the local config file. It is a list of tokens and user id's:

[
  { "token": "123", "userId": "1" },
  { "token": "456", "userId": "31" }
]

(1) These settings are normally defined in the site config, but default to the values provided here

PreviousDatabase migrationsNextoAuth2

Last updated