The API is configurured trought either environment variables or a local config file /config/local.js
Server settings
Basic server settings
Copy API_URL
API_HOSTNAME
API_EXPRESS_PORT
API_EMAILADDRESS
Copy "url": "",
"hostname": "",
"emailAddress": "",
"express": {
"port": 0
}, Database
MySQL database access
Copy API_DATABASE_USER
API_DATABASE_PASSWORD
API_DATABASE_DATABASE
API_DATABASE_HOST
Copy "database": {
"user": "",
"password": "",
"database": "",
"host": "",
"dialect": "",
"multipleStatements": true
}, Cookie settings
Copy API_SECURITY_SESSIONS_COOKIENAME
API_SECURITY_SESSIONS_ONLYSECURE
Copy "security": {
"sessions": {
"secret": "KrkA3jezYn1nX5yHVYAhTzicG0shq8Bl",
"onlySecure": false
}
}, Email for notifications
The API sends emails to users and administrators. Use these settings to configure the SMTP settings
Copy API_MAIL_FROM
API_MAIL_TRANSPORT_SMTP_PORT
API_MAIL_TRANSPORT_SMTP_HOST
API_MAIL_TRANSPORT_SMTP_REQUIRESSL
API_MAIL_TRANSPORT_SMTP_AUTH_USER
API_MAIL_TRANSPORT_SMTP_AUTH_PASS
API_NOTIFICATIONS_ADMIN_EMAILADDRESS
Copy "mail": {
"from": "",
"transport": {
"smtp": {
"port": 0,
"host": "",
"requireTLS": true,
"name": "",
"auth": {
"user": "",
"pass": ""
}
}
}
}, This is the address of the administrator that should receive notifications (1):
Copy "notifications": {
"admin": {
"emailAddress": ""
}
}, Oauth
Handling of oauth calls, and connecting to the oauth server
Copy API_AUTHORIZATION_JWTSECRET
AUTH_API_URL
AUTH_FIRST_CLIENT_ID
AUTH_FIRST_CLIENT_SECRET
Copy "authorization": {
"jwt-secret": "",
"auth-server-url": "",
"auth-client-id": "", // (1)
"auth-client-secret": "", // (1)
"auth-server-login-path": "/dialog/authorize?redirect_uri=[[redirectUrl]]&response_type=code&client_id=[[clientId]]&scope=offline",
"auth-server-exchange-code-path": "/oauth/token",
"auth-server-get-user-path": "/api/userinfo?client_id=[[clientId]]",
"auth-server-logout-path": "/logout?clientId=[[clientId]]",
"after-login-redirect-uri": "/?jwt=[[jwt]]",
"fixed-auth-tokens": [{ "token": "123", "userId": "1" }] // see below
}
"allowedOrigins": [
"http://test-project.cms.niels:8109"
], Ignore brute force
A list of IP's that will not be blocked by the brute force checks
Copy IGNORE_BRUTE_FORCE_IP
Copy "ignoreBruteForce": [], Anonymize users
Copy "anonymize": {
"firstName": "This user",
"lastName": "has been deleted"
}
}, Other
Copy "templateSource": "https://cdn.openstad.nlsvgtr.nl/meer/ecosystem-templates/site/index.json",
"ideas": {
"duration": 60
},
Copy API_NOTIFICATIONS_ADMIN_EMAILADDRESS
API_NOTIFICATIONS_SENDENDDATENOTIFICATIONSXDAYSBEFORE
Copy "notifications": {
"admin": {
"emailAddress": "webmaster@example.com"
},
"sendEndDateNotifications": {
"XDaysBefore": 10
}
}
Fixed Auth Tokens
It is possible to allow access to the API through a fixed token. This token should be configured to represent a specific existing user.
This mechanism is used to allow access to the API to other OpenStad servers (Admin panel, Frontend) but can also be used to allow access the API server to other external services or other REST tools.
Fixed auth tokens are configured in either the env var API_AUTHORIZATION_FIXEDAUTHTOKENS or the local config file. It is a list of tokens and user id's:
Copy [
{ "token": "123", "userId": "1" },
{ "token": "456", "userId": "31" }
] (1) These settings are normally defined in the site config, but default to the values provided here
