The following table explains the runtime configurations that are available in the API Mircogateway.
| Heading | Description | Sub Heading | Description | Default value |
|---|---|---|---|---|
listenerConfig | The transport listener of the Microgateway (MGW) that receives the incoming requests. | host | Host or IP of the Microgateway that is exposed to the outside. | 0.0.0.0 |
httpPort | The port used for HTTP connections | 9090 | ||
httpsPort | The port used for HTTPS connections | 9095 | ||
keyStore.path | Internal Key Store path of the Microgateway | ${ballerina.home}/bre/security/ballerinaKeystore.p12
| ||
keyStore.password | Internal Key Store password | ballerina | ||
tokenListenerPort | The port where the endpoints (e.g., /token , /authorize etc.) are exposed. | 9096 | ||
authConfig | The authorization details that the Microgateway uses when enforcing security to the APIs that are exposed by it. | authorizationHeader | The header Microgateway will look into this header to retrieve security related details (e.g., If the API is protected by OAuth or JWT it looks for OAuth or JWT token in the specified header. | Authorization |
removeAuthHeaderFromOutMessage | This specifies whether to send the above mentioned authorization header to the actual back end or not. | TRUE | ||
keyManager | The Key Manager related information. This information is required when the Microgateway connects with the Key Manager in order to validate the tokens. | serverUrl | Connection URL of the Key Manager server. By default this is WSO2 Identity Server (WSO2 IS). | https://localhost:9443 |
username | The admin user name required to connect with the WSO2 IS key validation service. | admin | ||
password | Password required to connect with the key validation admin service. | admin | ||
tokenContext | The token endpoint context of the Key Manager server. | oauth2 | ||
timestampSkew | The timestamp skew that is added when checking the token validity period for the tokens that are retrieved from the gateway cache. Value is in seconds. | 5000 | ||
verifyHostname | To enable or disable hostname verification when connecting the Key Manager over HTTPS. | TRUE | ||
jwtTokenConfig | These details are used by the Microgateway when it validates the JWT present in the request. The Microgateway does the JWT validation itself. It does the signature verification and the validation of the issuer, audience and validity period as well. | issuer | The Secure Token Service (STS) that has issued the JWT. If the issuer claim has JWT present in it and the request matches the given value here, then the issuer validation will be successfull. | https://localhost:9443/oauth2/token |
audience | The audience claim present in the JWT is matched against the value provided in the configuration. | http://org.wso2.apimgt/gateway | ||
certificateAlias | The public certificate alias of the STS. | wso2apim | ||
trustStore.path | When validating the JWT token, the path of the client trust store where the Microgateway looks for the public certificate of the STS. | ${ballerina.home}/bre/security/ballerinaTruststore.p12 | ||
trustStore.password | The password of the client trust store. | ballerina | ||
jwtConfig | Details related to the JWT that the Microgateway sends to the backend. | header | The header that the Microgateway uses to include the JWT when forwarding the request to the backend. | X-JWT-Assertion |
caching | The caching config used for OAuth2 token validation. Note that this cache is only for OAuth2 tokens. | enabled | This defines whether OAuth2 token cache is enabled or not in the Microgateway. | TRUE |
tokenCache.expiryTime | Expiry time of the cache in seconds. | 900000 | ||
tokenCache.capacity | The size of the cache in MB. | 100 | ||
tokenCache.evictionFactor | The factor of the cache that will be cleared when the cache is full. By default 0.25 @5MB of cache will be cleared when the cache is full (i.e. 100 MB). | 0.25 | ||
analytics | Analytics related configurations | enable | This defines whether publishing from the Microgateway to analytics is enabled or not. | FALSE |
uploadingTimeSpanInMillis | The time interval in which the uploading task is run. | 600000 | ||
uploadingEndpoint | The endpoint URL of the web application, to which the file has to be uploaded. This web app is deployed in the Analytics server to retrieve files containing analytics data. | https://localhost:9444/analytics/v1.0/usage/upload-file | ||
rotatingPeriod | The time interval, after which the file is rotated and compressed. This depends on the Transactions Per Second (TPS) capacity of the environment. | 600000 | ||
task.uploadFiles | This determines whether to enable or disable the file upload task. If this property is disabled, the analytics files are not uploaded to the analytics server, although the files are persisted in the Microgateway system. | TRUE | ||
username | The username that the analytics server uses. | admin | ||
password | The password related to the username that the analytics server uses. | admin |
Sample file
