Provided REST API Appsettings
This page lists all the appsettings.json settings available for Provided REST APIs
The appsettings.json file is located in the folder <AMT
Environment>\Apps\<Application>\Binaries\Common\RestApiProvider\<Name of the Rest API>\
| After changing settings in the appsettings.json file, the IIS Application Pool containing the Provided REST API must be recycled/restarted to read the changed settings. |
The appsettings file is (sub-)divided into the following sections.
| Section | Description |
| Amt | The main section where most settings are located. |
| Logging | Section for the logging settings for the Web Application. |
| AllowedHosts | Solo settings which restricts the hosts which may access the Web Application. |
AmtCookieEncryptionKey
This setting is explained in Generating Keys.
EnableSwaggerDoc
If set to true, Swagger Documentation in the form of a json file is created.
The address of the json file depends
on the name set in the Options window of the
Provided REST API.
EnableSwaggerUI
This setting enables the Swagger UI webpage, which can be accessed by adding index.html to the IIS Application of the
Provided REST API.
E.g. https://amt.example.com/AMT/CustomerAPI/index.html
Note: Swagger UI requires the
Swagger Documentation to be enabled (see setting above).
EnableParams
To debug a Provided REST API the EnableParams setting should be set to true.
BusinessLogic
Settings needed to communicate with the AMT environment.
The name of the application to which the Provided REST API belongs should be set as the value of the 'ApplicationName' key.
"ApplicationName": "<ApplicationName>"
},
AuthenticationType
The authentication type used to interact with the Provided REST API, the only valid option is "JWT" (JSON Web Token) which is used for OIDC Authentication.
JWT
The 'JWT' section contains settings needed for the correct working of OIDC Authentication.
- Authority - The URL of the authorization server.
- Audience - The configured intended recipient of the access token.
- TokenValidationParameters:
- NameClaimType - The claim type that will be used to identify the user. Commonly preferred_username is used as claim type.
- RequireHttpsMetadata - If true then HTTPS is required for the authority. The default is true. This should be disabled only in development environments.
"Authority": "https://login.example.org/amt-applications/v2/auth",
"Audience": "amt-provided-restapi-demo",
"TokenValidationParameters": {
"NameClaimType": "preferred_username"
},
"RequireHttpsMetadata": true
}
WebSessionState
The 'WebSessionState' section contains optional settings for the ASP.NET Core web sessions used by the Provided REST API.
- 'IdleTimeout' - The time in minutes that a session remains active on the server before it is discarded, default is
10 minutes.
- The 'Cookie' section holds settings for the cookie used for the web session.
- Domain - The domain of the web session cookie.
- Path - The path of the web session cookie.
- Name - The name of the web session cookie.
"IdleTimeout": 10,
"Cookie": {
"Domain": "",
"Path": "/",
"Name": ".Amt.AC.WebSession"
}
}
Logging
Sets the logging levels for the various ASP.NET Core components of the web application. These settings do not need be
adjusted in a normal situation.
The allowed log levels are, from most to least detailed: Trace, Debug, Information,
Warning, Error, Critical and None.
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information",
"System.Net.Http": "Warning"
}
},
AllowedHosts
In the AllowedHosts section, access to the web application can be restricted to specific hostnames.
The
value is a semicolon-delimited list of host names without port numbers.
By default all hostnames are allowed
by the asterisk (*) wildcard.
Disallowed users will get a HTTP 400 error code (Bad Request).