System property changes
34 minute read
Traditionally, the JVM.xml
file has allowed customers to tweak the behavior of the API Gateway by defining Java system properties.
This page lists all of the Axway-defined Java system properties, per version, from 7.5.3 up to the present, and it explains their purpose and the context in which they are employed.
- The first table, 7.5.3, contains all the properties created in this version.
- All subsequent tables contain newly added properties introduced in that specific version, or service pack, and the assumption is that properties listed in previous tables are inherited.
- Note that because of fix ports, some properties might be duplicated among the three versions: 7.5.3, 7.6.2, and 7.7.
Caution
Do not change the systemjvm.xml
file located at /apigateway/system/conf
. This file is replaced during both updates and upgrades, so any changes made to it will be lost. The jvm.xml
file defines include points that allow you to add custom configuration, which will not be lost when this file is replaced.
You must update the extension jvm.xml
file, located at /apigateway/groups/[group X]/[instance Y]/conf
, to apply settings to a single API Gateway instance, and you must update the extension jvm.xml
file, located at /apigateway/conf/
, to apply changes to all API Gateway instances on the local machine.
These files do not exist by default, so you must create them first. Both files require that all settings are wrapped in a single <ConfigurationFragment>
tag, for example:
<ConfigurationFragment>
<!-- Your notes, e.g. a link to this page. -->
<VMArg name="-Dsome.property=some.value"/>
</ConfigurationFragment>
It is best practice to add XML comments as a reminder for what the setting does, and why the change in behavior is required.
7.5.3
All Java system properties that exist in the code up to and including the 7.5.3 release.
System property | Context | Description |
---|---|---|
OAUTH_DIGEST_ALGORITHM | API Gateway; OAuth | Specifies the digest algorithm used to store and retrieve tokens from a datastore. When a token is generated it will be hashed with the specified algorithm for storage, when a token is received its value is hashed to retrieve the token properties. The token is also used to store OAuth request state during a three-legged flow. A state ID is generated and the state of a request is stored in a cache against the hash of the state ID. The state can be retrieved in a later request by hashing the state ID and looking it up in the cache. Default value: SHA1. |
oam.compatibility.mode | API Gateway; Oracle Access Manager; Filter Runtime | Specifies the Oracle Access Manager server version to which the Oracle Access Manager filter connects. Possible values: OAM_10G, OAM_11G (default value). |
oam.install.dir | API Gateway; Oracle Access Manager; Filter Runtime | Specifies the path to the OAM Access SDK directory. |
apiconnnector.http.proxyHost | API Manager; Connectors | Specifies the HTTP proxy host to be used by the API Manager Connector |
apiconnector.http.proxyPort | API Manager; Connectors | Specifies the HTTP proxy port to be used by the API Manager Connector |
ApiQuotaController.SystemName | API Manager; Quotas | Specifies the name of the global system-level quota in API Manager. Default value: System. |
ApiQuotaController.SystemDescription | API Manager; Quotas | Specifies the description of the global system-level quota in API Manager. Default value: Maximum message rates aggregated across all client applications. |
ApiQuotaController.ApplicationName | API Manager; Quotas | Specifies the name of the default application-level quota in API Manager. Default value: Application Default. |
ApiQuotaController.ApplicationDescription | API Manager; Quotas | Specifies the description of the default application-level quota in API Manager. Applied to each application unless an application-specific quota is configured. Default value: Maximum message rates per application. |
cache.results | API Gateway; Filter Runtime; Database; LDAP | Specifies whether the Extract Attribute filters (Database, LDAP) should cache their results. Default value: true. |
auditLogOffloadCron | Node Manager; Logging; Audit | Specifies the CRON expression indicating the schedule for the audit log upload. Audit settings, including host and port of the remote server to which the logs will be uploaded, are read from /system/conf/auditSettings.json . Default value: 0 0/5 * ? * * * |
OAUTH_AUTHZ_EXPIRATION_SECS | API Gateway; OAuth | Number of seconds in which an authorization code should expire. Default value: 20. |
PRETTY_PRINT_KPS | KPSAdmin | Specifies whether to pretty-print JSON when taking back up of KPS tables. Default value: true. |
CASSANDRA_RETRY_MAX_DELAY_MS | Cassandra | Specifies the maximum delay in milliseconds between reconnection attempts to Cassandra. Default value: 40000 |
THROTTLING_RECORT_TTL | Cassandra | Specifies the amount of time to wait, in seconds, before garbage collecting tombstones (deletion markers). For a single-node cluster this value can be safely set to zero. Default value: 20. |
api.manager.querystring.passthrough | API Manager; HTTP | If set to true, query parameters are sent unmodified to the backend service, rather than performing any parameter mapping that may have been configured. |
See related alternative flag com.coreapireg.apimethod.querystring.passthrough introduced in 7.7.SP20201130 which also removes undefined query parameters from the back-end request. |
||
ALLOW_NULL_VALUES_FROM_DB | Database | Allow NULL values to be included in Database query result sets. Default value: false |
remoteTraceLimit | Trace; Logging | Sets the maximum number of lines that can be present in the deployment trace (which is displayed in PolicyStudio post-deployment). Default value: 1000. |
DOMAIN_STATUS_INTERVAL | Specifies the interval, in seconds, that the domain status is checked. If the Topology or AdminUsers files are out of sync an attempt is made to repair the domain. Note, only nodes marked as ‘alive’ are taken into account when repairing. Default value: 120. | |
OAUTH_ERROR_PROPERTIES_FILE | API Gateway; OAuth | Specifies the location of a property file that contains a list of error details pertaining to OAuth grants. This allows customers to override the error response strings. Default value: com/vordel/circuit/oauth/provider/grants/errors.properties . The file must contain the following property names: |
invalid_request | ||
unauthorized_client | ||
access_denied | ||
unsupported_response_type | ||
invalid_scope | ||
server_error | ||
temporarily_unavailable | ||
invalid_client | ||
invalid_grant | ||
unsupported_grant_type | ||
invalid_token | ||
insufficient_scope | ||
interaction_required | ||
login_required | ||
account_selection_required | ||
consent_required | ||
invalid_request_uri | ||
invalid_request_object | ||
request_not_supported | ||
request_uri_not_supported | ||
registration_not_supported | ||
VINSTDIR | An instance directory. Specifies the location of the running server instance. For API Gateway, this is the location where the server will run from, normally located in the /groups/<group-id>/<instance-id> directory. For a Node Manager, this is the location where the product has been installed. |
|
showclasses | Internal; PolicyStudio | In the policy view/pane, when enabled the internal Java class associated with a filter is displayed on the filter tooltip. |
ftpPassivePorts | API Gateway; FTP | Specifies the passive ports to be used for passive mode FTP data connections. You can define ports as single ports, or closed or open ranges. Multiple definitions can be separated by commas, for example: |
2300: only use port 2300 as the passive port | ||
2300-2399: use all ports in the range | ||
2300-: use all ports larger than 2300 | ||
2300, 2305, 2400-: use 2300 or 2305 or any port larger than 2400 | ||
ftpPassiveAddress | API Gateway; FTP | Specifies the address used for passive FTP connections. |
ftpPassiveExternalAddress | API Gateway; FTP | Specifies the passive address that will be returned to clients on the PASV command. |
com.vordel.strictUriSyntaxChecking | API Gateway; HTTP | When set to true, on receiving a HTTP request the request URI is parsed as per RFC 2396, primarily to validate against the list of excluded characters as listed on Excluded US-ASCII Characters. Default value: true. |
upgraderef | Internal; Policy Studio | Specifies the URL to an entity store used as a reference store for type information (for example, type definitions) during the import of a fragment. |
sslContextProtocol | API Gateway, API Manager, Node Manager, Policy Studio, and SSL | Specifies the SSL protocol used by any Node Manager-related clients: Policy Studio, Client scripts that use Node Manager APIs (for example, KPSAdmin, deploy_fragment, setup-apimanager), and when API Manager interfaces with the NodeManager router API to glean topology and virtualized service information. |
JMS_ROLLBACK_ENABLED | API Gateway; JMS | Specifies whether to rollback JMS messages read by the consumer. Default value: true. |
JMS_CONNECTION_THREAD_PATTERN | API Gateway; JMS | Specifies the regex pattern to use to determine whether to launch a separate thread to start the JMS session. Default value: (?i)weblogic |
avoidLDAPQueryEscaping | API Gateway; LDAP | Specifies whether the following characters are escaped when API Gateway performs an LDAP query: * → \2a , ( → \28) → \29 , \ → \5c , NUL → \00 . Default value: true. |
connectionFactoryNames | Specifies the connection factories that the sample client should use when creating a JMS connection. Default value is a comma-separated list connectionFactory, xAConnectionFactory, queueConnectionFactory, topicConnectionFactory . |
|
demo.hours | Analytics; Demo | Number of hours of historical data to generate for the metrics demo. If this property is not present, the demo is disabled. |
demo.apiMgr | API Manager; Analytics; Demo | Indicates that metrics data should appear to come from API Manager. If absent or set to ‘false’, data will appear to come from a normal API Gateway. Default value: false. |
kingsOfSOA | Internal; Policy Studio; Testing | Displays an additional ‘Testing’ item on the context menu of API Gateway tree node; provides a shortcut to all the available filter dialogs for quick testing. |
OAUTH_ACCESS_TOKEN_EXPIRATION_SECS | API Gateway; OAuth | Specifies the length of time, in seconds, that an OAuth access token is valid for. Not currently used in API Gateway, but exists if customers wish to generate a refresh token from scripts/policies using OAuth2RefreshToken.generate(length) . Default value: 43200. |
OAUTH_REFRESH_TOKEN_EXPIRATION_SECS | API Gateway; OAuth | Specifies the length of time, in seconds, that an OAuth refresh token is valid for. Not currently used in API Gateway, but exists if customers wish to generate an access token from scripts/policies using OAuth2AccessToken .generate(length) . Default value: 2592000 |
com.axway.oauth.acceptRequestScopes | API Gateway; OAuth | Specifies whether scopes present in the request are automatically accepted, if valid for client. Default value: false.
NoteIn the latest version of API Gateway, this setting has been incorporated into the OAuth 2.0 Authorization Code Flow filter. |
dochelper | Policy Studio; Internal | For debugging purposes, stores the help IDs of the filter pages associated with an item in the filter palette. |
openTrafficMaxFilesPerDir | API Gateway; Logging; Open Traffic | Specifies the maximum number of files that can exist in the Open Traffic Event Log storage directory. Default value: 5000 |
openTrafficWriteMethod | API Gateway, Logging | Specifies how Open Traffic Event Logs are written. Possible values: ASYNC_FILE_CHANNEL (default option), which writes logs asynchronously to disk, and FILE_CHANNEL , which writes logs synchronously to disk. |
openTrafficMaxAsyncOps | API Gateway; Logging; Open Traffic | Specifies the maximum number of asynchronous writes that can occur when persisting Open Traffic Event Logs to disk. This property is employed when ASYNC_FILE_CHANNEL is enabled. Default value: 16. |
openTrafficMaxAsyncCloseOps | API Gateway; Logging; Open Traffic | Specifies the maximum number of close operations that can occur when completing the writing of an Open Traffic Event Log; i.e. the maximum number of files that can be closed asynchronously. This property is employed when ASYNC_FILE_CHANNEL is enabled. Default value: 32. |
projectroot | Policy Studio | Specifies the directory (relative to user.home) where PolicyStudio projects will be stored. Default value: apiprojects. |
sendResponseInReflect | API Gateway; Filter Runtime; Reflect | When set to true, the behavior is to send the response as part of the filter processor, as opposed to sending the response after the filter has completed. Default value: false. |
caseSensitiveQueryParams | API Gateway; HTTP | Specifies whether case-sensitive query-string parameters are supported. For example, consider the following URL: http://localhost:8080/test?hello=world&Hello=world . When this property is specified, the gateway runtime will see two distinct parameters, hello and Hello , rather than just one that has two values. Default value: false. |
com.vordel.rbac.policy | API Gateway; Node Manager; RBAC | Specifies the ACL file to be used by the RBAC processor. By default the API Gateway uses $VINSTDIR/conf/acl.json and the Node Manager uses $VDISTDIR/conf/acl.json , both of which are set in $VDISTDIR/system/conf/jvm.xml . |
javascriptDelay | - | Specifies the number of milliseconds to wait for the webpage to load prior to generating the PDF report. Default value: 300000. |
schemaFullChecking | API Gateway; XML; Schema Validation | Specifies whether strict schema checking is performed when validating XML schemas. Default value: true. |
ExpandMissingAttributeInSelectorBehaviour | API Gateway; Selectors; Message Attributes; Runtime | When evaluating a selector with string components other than a top-level “${..} ” expansion, the expression evaluator coerces the constituent dynamic parts of the expression to strings, and subsequently returns a string. By default this uses Dictionary.toString() which results “[invalid field] ” being returned. When this property is specified, the behavior is as follows: |
REPLACE_LITERAL:foo expression evaluates to foo |
||
EMPTY_STRING expression evaluates to "" |
||
THROW_EXCEPTION expression evaluates to null |
||
Default value: LEAVE_ATTR | ||
ExpandMissingAttributeBehaviour | API Gateway; Selectors; Message Attributes; Runtime | The value specified for ExpandMissingAttributeBehaviour is the default value for ExpandMissingAttributeInSelectorBehaviour , meaning that customers can control what the default is. |
IGNORE_ENCODING | Specifies whether to ignore the configured encoding (default being utf-8 ) when configuring the Sentinel server external connection. Default value: false. |
|
urlEncodeInvalidQueryStringParamChars | API Gateway; HTTP | Specifies the list of characters that may be deemed invalid for query-string parameters, as per RFC 2396, meaning that those characters that raise a URISyntaxException when creating a java.net URI. Any of those characters listed are subsequently earmarked for encoding as per RFC 3986, Section 2.1, so as to maximize the chances of the URI being processed successfully. |
API_SERVER_TRANSACTION_COOKIE_NAME | API Gateway; Session Cookies | Specifies the name of the API Gateway transaction cookie. Default value: VIDTXN. |
API_SERVER_USER_COOKIE_NAME | API Gateway; Session Cookies; | Specifies the name of the API Gateway user session cookie. Default value: VIDUSR. |
vordel.trace.level | API Gateway; Trace; Logging | Used to set the trace level for the logger. Default value: DEBUG. |
vordel.trace.size.kb | API Gateway; Trace; Logging | Used to set the maximum trace file size for the logger. Default value: 10000. |
vordel.relative.trace.dir | API Gateway; Trace; Logging | Specifies the path to the logger trace file. The path is relative to user.dir. |
com.axway.sso.domain.name | API Manager; Single Sign-on | Specifies the cookie domain name, the name of the domain for which the cookie is valid. Used for single sign-on. The default value is an empty string, which means the onus is on the browser to construct the domain. |
ADD_SITEMINDER_LEGACY_ATTRIBUTES | API Gateway; Filter Runtime; Siteminder; Authentication; | Specifies whether to add legacy Siteminder attributes to the message whiteboard. Only Siteminder attributes in the form of a name/value pair are added. The list of attributes is placed in the ${attribute.lookup.list} message property. Individual attributes are added with the prefix ${user.propertyName} where propertyName is the name of the Siteminder property. Default value: false. |
dont.expect.100.continue | API Gateway; HTTP; Connection; ConnectToUrl | Controls whether an Expect header, with a value of 100-continue , is sent as part of a request to a backend service initiated by the API Gateway connection filters. Default value: false. |
version2.TransformerFactory | API Gateway | Specifies the fully qualified name of a provider class from a version 2+ XSLT transformer factory library to be used by the XSLT Transformation filter. This class must be added to the API Gateway’s classpath. The simplest way to add the class to the classphath is to drop the required JAR file into the INSTALL_DIR/apigateway/ext/lib directory , where INSTALL_DIR refers to the root of the API Gateway installation. The transformer factory is set using the following precedence rules: |
XSLT Transformation | 1. Use the factory specified at the filter-level. | |
Stylesheet | 2. If not present (or blank), check for version 1 XSLT, in which case use com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl . |
|
- | 3. Otherwise, use the factory specified by this property. | |
vordel.policy.wspoliciesDir | API Gateway; Web Services; WSPolicy | Specifies the directory, relative to $VDISTDIR/system/conf, from which to load WS-Policy constraint information (.properties files loaded and displayed in Policy Studio when configuring WS-Policy for a registered Web Service) and policies (WS-Policy XML documents) that are applied at runtime. |
VDISTDIR | - | A distribution directory. Specifies the location where the product has been installed. For an API Gateway this is the location where the product has been installed. For a Node Manager this is the location where the product has been installed. |
cloud.trial.duration | API Manager; Trial | API Manager Cloud Trial; Specifies the amount of time, in days, that the API Manager trial will last. |
file.upload.ignore | API Gateway; FTP | Regular expression that specifies the files to be ignored during an FTP transfer to API Gateway. Ignores .part suffixes by default as file upload filter uses .part as a temporary filename before renaming. Default value: .*\.part$ . |
internal.keep.temp.cert.files | Internal; API Gateway; Node Manager; Domain; Certificates | Specifies whether temporary certificate files, generated as part of Node Manager and API Gateway registration, remain on disk post setup. |
showesx | Internal; Policy Studio | When set to true, adds an additional item to the Window menu, allowing users to launch ESExplorer as an embedded view within PolicyStudio. Default value: false. |
auditLogOffloadNeverDuplicate | API Gateway; Logging; Audit | When set to true, specifies that if during an audit log rollover an error occurs (for example, the API Gateway instance is down), then the current audit log is not uploaded. Default value: false. |
showWorkspaceView | Internal; Policy Studio | When set to true, allows the Workspace view to be displayed in Policy Studio, primarily to help with issues regarding the internal workings of Visual Mapper. |
showEnvDecoratorColor | Internal; Policy Studio | Changes the background color of dialog panels to identify/highlight margin overruns caused by environmentalization decorations |
jmsReConnectOnConnFailure | JMS | Specifies whether a reconnection to the JMS server is performed when the configured JMS provider raises a connection error. Default value: true. |
jmsConnStartupAsync | JMS | Specifies whether the first JMS connection attempt is detached from the API Gateway startup sequence. When set to true, the API Gateway starts even if the JMS connection cannot be established. Default value: false. |
perform.unresolved.check | Configuration Studio | When set to true, checks for unresolved references when opening an archive (Policy Archive + Environment Archive) and reports an error if any exist. Default value: false. |
sleak | Internal; Policy Studio | Enables SWT resource profiling; Launches the S-Leak application in tandem with Policy Studio. |
xmleditorextras | Policy Studio | Augments the application preferences with additional entries for XML editing; XML > XML Catalog and XML > XML Files > Validation |
VApiRuntime.addFullApiConfiguration | API Manager; Runtime | When set to true, the entire Virtualized API model object is added to the message whiteboard for use in downstream policies. By default, this object is not added to the whiteboard as it can contain sensitive data which may potentially be vulnerable to selector injections. Default value: false. |
ApiClientCacheTagsSize | API Manager; Cache | Specifies the maximum size (in bytes) for application and organization tags that are maintained by the API Manager cache. Default value: 2048. |
auditLogRotateMaxFiles | API Gateway; Logging; Audit | Specifies the maximum number of audit log files to store on disk before the API Gateway starts to remove the oldest files. Default value: 50. |
jmsConnStartupTimeoutMillis | API Gateway; JMS | If JMS is configured not to reconnect on error, this property specifies the maximum amount of time to wait (in milliseconds) whilst attempting to establish the initial JMS connection. Establishing the connection is done using an exponential backoff algorithm starting at 50ms up to the maximum specified by this property. Default value: 10 * 60 * 1000 . |
jmsReConnectMaxInterval | API Gateway; JMS | If JMS is configured to reconnect on error, this property specifies the maximum amount of time to wait (in milliseconds) whilst attempting to reestablish the JMS connection. Reestablishing the connection is done using an exponential backoff algorithm starting at 100ms up to the maximum specified by this property. Default value: 60 * 1000 . |
passportConnPrefillMaxRetryIntervalMillis | API Gateway; Axway Passport | Specifies the maximum amount of time to wait (in milliseconds) whilst attempting to establish an initial Axway Passport connection. Establishing the connection is done using an exponential backoff algorithm starting at 500ms up to the maximum specified by this property. Default value: 3 * 60 * 1000 . |
PolicyStudio.MaxRecentProjectsCount | Policy Studio | Specifies the maximum number of recent projects to list on the Recent Projects tab in Policy Studio. Default value: 10. |
auditLogRotateFileSize | Logging; Audit | Specifies the maximum size, in bytes, of the audit log file, before it is closed and rolled over to a new file. Default value: 5L * 1024L * 1024L . |
jmsMsgRcvExceptionTimeoutMillis | API Gateway; JMS | Specifies the amount of time to wait (in milliseconds) prior to attempting to consume JMS messages from the configured queue, after a connection-related exception has occurred. Default value: 10 * 1000 . |
jmsMsgRcvInitialExceptionTimeoutMillis | API Gateway; JMS | Specifies the amount of time to wait (in milliseconds) prior to attempting to consume JMS messages from the configured queue after a non-connection-related exception has occurred. The initial value is calculated as follows: n * 2 * errorCount , where n is the value of this property. Default value: 10. |
jmsMsgRcvMaxExceptionTimeoutMillis | API Gateway; JMS | Specifies the maximum amount of time to wait (in milliseconds) prior to attempting to consume JMS messages from the configured queue after a non-connection-related exception has occurred. Default value: 10 * 1000 . |
7.5.3 SP1
No new Axway-defined Java system properties were introduced in this release.
7.5.3 SP2
Axway-defined Java system properties introduced in the 7.5.3 SP2 release
System Property | Context | Description |
---|---|---|
SKIP_KPS_SECONDARY_KEY_CHECK_FOR_CREATE | API Gateway; API Manager; KPS | Specifies whether or nor bad data can be imported via KPS. This involves the skipping of secondary key checks to allow data to be imported. Default value: false.
NoteThis option must only be enabled with guidance from Axway support. |
com.vordel.apimanager.uri.path.trailingSlash.preserve | API Manager; Runtime | Specifies whether the trailing slash in last component of the path of the URI must be preserved. |
7.5.3 SP3
Axway-defined Java system properties introduced in the 7.5.3 SP3 release
System Property | Context | Description |
---|---|---|
wsdlImport.suppressSchemaValidationErrors | API Gateway; API Manager; WSDL | Specifies whether schema validation errors, due to strict validation being performed, should be suppressed during the import/virtualization of semantically invalid WSDLs. If set to true, validation exceptions are logged, but not thrown. Default value: false. |
ConnectToUrlFilter.removePreviousConnections | API Gateway; Filter Runtime; HTTP; ConnectToURL | Specifies whether previous outbound HTTP connections (made using the ConnectToURL filter) are released. By default the API Gateway releases all connections when policy execution has completed. This means that if a ConnectToURL filter is invoked numerous times, the number of connections in the CLOSE_WAIT state can end up being very high. Configuring this property circumvents this issue. Default value: false. |
7.5.3 SP4
No new Axway-defined Java system properties were introduced in this release.
7.5.3 SP5
Axway-defined Java system properties introduced in the 7.5.3SP5 release
System Property | Context | Description |
---|---|---|
fastCoverage | Policy Studio; | Specifies whether optimized filter coverage is performed. Loading a complex policy that contains a large number of filters (including a high number of filters with success/failure paths) can take a long time. Setting this property to true can speed up the policy loading, but at the cost of a potentially inaccurate list of filter attributes being displayed. Default value: false. |
7.5.3 SP6
No new Axway-defined Java system properties were introduced in this release.
7.5.3 SP7
Axway-defined Java system properties introduced in the 7.5.3 SP7 release
System Property | Context | Description |
---|---|---|
com.axway.apimanager.fault.resetHeaders.http429 | API Manager; HTTP | Specifies whether response headers are reset/cleared when a HTTP 429 (Too Many Requests; i.e. when a quota has been exceeded) error occurs. Default value: false. |
com.axway.apimanager.fault.removeContentBody | API Manager; HTTP; Fault Handlers | Specifies whether to remove the reflected request body in an API Manager-generated 400, 404, 405 or 429 HTTP response. By default API Manager reflects the request body in generated responses for 400, 404, 405, and 429 HTTP errors that are not handled by Global Fault handlers. Setting this property to true circumvents this issue. Default value: false. |
distributed.ehcache.cache.reload.pause.secs | API Gateway; EHCache | Specifies the duration, in seconds, to pause before recreating caches. Configuration deploy can break distributed ehcache operations. Introducing a delay between re-creating the ehcache manager and the caches themselves resolves the issue. Default value: 5. |
OCSP_RSP_VALID_UNTIL_EXPIRATION | API Gateway; OCSP; Filter Runtime | If set to true, specifies that the OCSP response is valid until the nextUpdate field in the response. Default value: true. |
OCSP_RSP_VALID_UNTIL | API Gateway; OCSP; Filter Runtime | If OCSP_RSP_VALID_UNTIL_EXPIRATION property is set to false, this property specifies the expiry time for OCSP response. Default value: 0. |
OCSP_RSP_VALID_UNTIL_UNITS | API Gateway; OCSP; Filter Runtime | If OCSP_RSP_VALID_UNTIL_EXPIRATION property is set to false, this property specifies the the units relating to OCSP_RSP_VALID_UNTIL ; Possible values: ‘days’, ‘hours’, ‘minutes’, ‘seconds’. Default value: days . |
OCSP_RSP_VALID_FOR | API Gateway; OCSP; Filter Runtime | When an OCSP response with no validation date is encountered, this property specifies how long the OCSP response is valid for. Default value: 6. |
OCSP_RSP_VALID_FOR_UNITS | API Gateway; OCSP; Filter Runtime | When an OCSP response with no validation date is encountered, this property specifies the units relating to OCSP_RSP_VALID_FOR ; Possible values: ‘days’, ‘hours’, ‘minutes’, ‘seconds’. Default value: ‘hours’. |
Note
In the latest version of API Gateway, allOCSP
settings have been incorporated into the OCSP Client filter, and they no longer have any effect.
7.5.3 SP8
Axway-defined Java system properties introduced in the 7.5.3 SP8 release
System Property | Context | Description |
---|---|---|
pgpFailDecryptNoSignature | API Gateway; PGP; Filter Runtime | Specifies whether to raise a PGPException if ${content.body} contains an unsigned OnePass signature. Default value: false.
NoteThis property has been replaced by a product feature and is no longer used. |
com.axway.apimanager.fault.legacy | API Manager; Runtime; Fault Handlers | Specifies whether to invoke the API Gateway’s generic fault handler when one of the following errors occurs during the processing of an API request. When set to true only API Manager’s internal fault handler is invoked, otherwise both the API Gateway’s generic fault handler and the API Manager internal fault handler get invoked, in that order. Default value: false.
NoteAPI Manager’s internal fault handler is not to be confused with the fault handlers that are configurable via the API Manager UI. |
com.axway.websocket.policy.onclose | API Gateway; Websockets | Specifies the ShorthandKey to a policy that will get invoked when the Websocket connection has closed.
NoteIn the latest version of API Gateway, this setting has been incorporated into the Websocket resolver. |
7.5.3 SP9
Axway-defined Java system properties introduced in the 7.5.3 SP9 release
System Property | Context | Description |
---|---|---|
com.apimanager.application.oauth.restrictScopes | API Manager; OAuth; Scopes | When querying for application scopes, specifies whether to restrict scopes to those explicitly defined for the application (in API Manager, see Enable application scopes), as opposed to including all scopes defined for all APIs that the application has been granted access to.
NoteThis property has been removed from the product. An equivalent setting (Apply application scope restrictions) has been added to API Manager settings. |
com.axway.oauth.scopes.check.all.legacy | API Gateway; API Manager; OAuth | Specifies whether a request is rejected if additional scopes, not configured for OAuth inbound security, are present in the message. When set to true, additional scopes are permitted. Default value: false. |
com.axway.apimanager.csrf | API Manager; CSRF | Specifies whether CSRF checks are performed in API Manager. This property allows CSRF to be switched off. If set to false, CSRF is disabled. Default value: true. |
7.5.3 SP10
Axway-defined Java system properties introduced in the 7.5.3 SP10 release
System Property | Context | Description |
---|---|---|
com.axway.response.redirect.location.relative | API Manager; HTTP; Redirects | Specifies whether the Location header, as part of a 3030 response, contains a relative URI. If absolute URIs are required this property can be set to true. Default value: true. |
com.axway.apimanager.proxy.defaultPath | API Manager; Virtualization | In API Manager, this property specifies the default resource path for a Frontend (virtualized) API. Default value: /api |
com.axway.apimanager.eventtimestamp.ignorettl | API Manager; Cassandra; KPS | Specifies whether to ignore TTL (time-to-live) for timestamped events (API Manager’s PortalTimestamp table). If set to false, events are purged solely by API Manager, rather than Cassandra using TTL to expire data. In a multi-node setup, setting this property can circumvent synchronisation issues between Cassandra nodes, where TTL can prematurely expire data. Default value: false. |
com.axway.apimanager.api.data.cache | API Manager; Cache | Specifies whether to enable caching to improve general system performance and speed. External clients, API keys, and OAuth credentials caches are optimized so that updates to the cache no longer block API Manager runtime traffic, resulting in performance improvements for corresponding API Manager APIs. As a result of the non-blocking cache updates, API Manager memory consumption will increase, particularly in systems with large numbers of external clients, API keys or OAuth credentials. Default value: false. |
com.axway.apimanager.apiImport.secure.serverCertificateVerification | API Manager; Import | Specifies whether hostname verification is performed during the import of an API from an SSL-protected endpoint.This setting was introduced to allow the import of APIs from an endpoint protected by a self-signed certificate. Default value: false.
NoteIn the latest version of API Manager this setting has been incorporated into the API Manager UI, and it defaults to true. |
com.axway.apimanager.apiImport.secure.strictCertificateChecking | API Manager; Import | Specifies whether certificate validation is performed during the import of an API from an SSL-protected endpoint.This setting was introduced to allow the import of APIs from an endpoint protected by a self-signed certificate. Default value: false.
NoteIn the latest version of API Manager this setting has been incorporated into the API Manager UI, and it defaults to true. |
com.axway.soap.faultnamespace | API Gateway; WSDL; SOAP; Runtime | Specifies the namespace to be used when generating a SOAP Fault response. By default the fault namespace indicates that the SOAP fault originated from an Axway API Gateway. This property can be employed to circumvent any potential security risk. Default value: Soap Faults |
com.axway.apimanager.fault.global | API Manager; Runtime; Fault Handlers | Specifies whether to fallback to the API Gateway’s global fault handler when an error occurs during API request processing in API Manager. Default value: false.
NoteThis property has since been removed from the product. |
com.coreapireg.apimethod.contenttype.legacy | API Manager; Runtime | Specifies whether to perform Content-Type validation on incoming API Manager requests. API Manager generates a No Match For Request error when Content-Type is not equal to the API method MIME type. Setting this property to true disables this check. Default value: false. |
7.5.3 SP11
Axway-defined Java system properties introduced in the 7.5.3 SP11 release
System Property | Context | Description |
---|---|---|
com.axway.apigw.anm.http.proxyPort | API Gateway; Node Manager | Specifies the hostname of the proxy server to use when making a connection to the Node Manager. |
com.axway.apigw.anm.http.proxyHost | API Gateway; Node Manager | Specifies the port of the proxy server to use when making a connection to the Node Manager. |
7.5.3 SP12
Axway-defined Java system properties introduced in the 7.5.3 SP12 release
System Property | Context | Description |
---|---|---|
com.axway.apimanager.queue.ttl | API Manager; KPS; Cassandra | Specifies the time to live for records pertaining to users, organizations or applications requiring verification or approval. By setting this TTL property, Cassandra will automatically remove invalid or expired verification/approval requests from the database. This may be set in order to implement certain GDPR requirements. Default value: 604800 |
com.axway.apimanager.apiclient.cache.response.legacy | API Manager; Cache | Specifies whether to throw a HTTP 401 or 503 exception when the API Client cache is not available. If set to true, the legacy behavior is performed, and a 401 error is returned to the client when requesting items from the cache, otherwise a 503 error is returned. 401 errors may occur during cache initialization, particularly if there is a large number of items being read from Cassandra on startup. Default value: false. |
com.vordel.apimanager.swagger.method.singleslash.ignore | API Manager; Swagger; Virtualization | Specifies whether to remove / from the API method path so that it is not sent to the backend service. The removal will only occur when the method path is set to / . This will happen for both WSDL and REST services. Default value: false. |
com.axway.oauth.scopes.openid.allow | API Gateway; API Manager; OAuth; OpenID Connect | Specifies whether the openid scope is permitted when generating an access token. By default openid is always accepted as a valid scope in all OAuth configurations. Default value: true. |
com.axway.apigw.smime.sign.md | API Gateway; SMIME; Filter Runtime | Specifies the digest algorithm to be used by the SMIME Sign filter. The default SMIME digest algorithm can also be changed via ${com.axway.apigw.smime.sign.md} message attribute. The policy message attribute supersedes the Java system property. Default value: sha256. The following digest algorithms are supported: |
- sha1 | ||
- sha224 | ||
- sha256 | ||
- sha384 | ||
- sha512 | ||
The corresponding SMIME Content-Type header micalg attribute is set accordingly. |
7.5.3 SP13
Axway-defined Java system properties introduced in the 7.5.3 SP13 release
System Property | Context | Description |
---|---|---|
com.axway.coreapi.method.servicecontext.clientattr | API Manager; Runtime; Metrics; OAuth | This property was created for API Manager OAuth traffic. It controls the client attribute name to be written to the service context of the metrics/RTM event log. If set to true, the value of ${authentication.application.id} is written to the service context, otherwise the value of ${authentication.subject.id} is written. Default value: false. |
sftp.close.timeout | API Gateway; SFTP | Specifies the amount of time, in seconds, to wait while gracefully closing an SFTP connection. Default value: 5. |
mail.mime.charset | API Manager; Email | Specifies the charset used for emails sent by API Manager. Defaults to us-ascii . |
7.6.2
Axway-defined Java system properties introduced in the 7.6.2 release
System Property | Context | Description | |
---|---|---|---|
xmlSaxParserMaxPoolSize | API Gateway; XML; Filter Runtime | Specifies whether to create thread-local, that is, 1 instance per thread, or pooled cache of SAX parsers. If its value is greater than 0, a pooled cache is assumed. The following filters directly employ this property when set: WS-Security Policy Layout , XML Complexity . Default value: 0. |
|
schemaCacheSize | API Gateway; XML; Schema Validation; Filter Runtime | Specifies the size of the cache used by the Schema Validation filter. Schemas are stored in the cache as an optimization, so as not to generate them each time the filter is invoked (which has a large overhead). Least recently used items are evicted from the cache when the cache reaches capacity. Default value: 10. | |
lineFeed | API Gateway; Logging; Transaction Event | Specifies the the character to use as the line feed. Under the hood, this actually uses the line.separator system property. |
|
groupId | API Gateway; Logging; Transaction Event; Open Traffic | Specifies the identifier of the topology group, which is used to generate the name of the log file and also appears in the log header. | |
serviceId | API Gateway; Logging; Transaction Event; Open Traffic | Specifies the identifier of the topology service, which is used to generate the name of the log file. | |
hostname | API Gateway; Logging; Transaction Event | Specifies the hostname on which the API Gateway process is running. Written to the log header | |
domainId | Logging | Specifies the domain identifier in the topology. Written to the log header. | |
version | API Gateway; Logging; Transaction Event | Specifies the version of the API Gateway. Written to the log header. | |
event.log.group.name | API Gateway; Logging; Transaction Event | Specifies the name of group to which the API Gateway belongs. Written to the log header. | |
event.log.service.name | API Gateway; Logging; Transaction Event | Specifies the name of the API Gateway service. Written to the log header. | |
APIGatewayTxnEventLog.dir | API Gateway; Logging; Transaction Event | Specifies the directory in which the transaction event log files will reside. | |
APIGatewayOpenTrafficEventLog.dir | API Gateway; Logging; Open Traffic | Specifies the directory in which the open transaction event log files will reside. | |
APIGatewayOpenTrafficEventLog.maxFileSize | API Gateway; Logging; Open Traffic | Specifies the maximum size of an open traffic log file. | |
APIGatewayOpenTrafficEventLog.maxDiskSize | API Gateway; Logging; Open Traffic | Specifies the maximum amount of space open traffic log files can occupy on disk. | |
entityStore.typeFactory | Internal; API Gateway; Entity Store | com.vordel.es.EntityTypeFactoryImpl | Specifies a factory for creating Entity Stores. |
7.6.2 SP1
Axway-defined Java system properties introduced in the 7.6.2 SP1 release
System Property | Context | Description |
---|---|---|
OpenTrafficLog.configurationFile | API Gateway; Logging; Open Traffic | Specifies the location of the Open Traffic Log configuration file. Default value: ${VDISTDIR}/system/conf/loggers/openTrafficLog.yaml . |
7.6.2 SP2
No new Axway-defined Java system properties were introduced in this release.
7.6.2 SP3
No new Axway-defined Java system properties were introduced in this release.
7.6.2 SP4
No new Axway-defined Java system properties were introduced in this release.
7.6.2 SP5
Axway-defined Java system properties introduced in the 7.6.2 SP5 release
System Property | Context | Description |
---|---|---|
com.axway.apimanager.api.model.disable.confidential.fields | API Manager; Swagger; Export | Specifies whether fields containing sensitive information (e.g. passwords) should be serialized. Setting this property to false will result in authenticationProfile.parameters['password'] being present in a serialised export of a Frontend API. Default value: true. |
com.axway.json.parser.legacy | API Gateway; API Manager; JSON | Specifies whether the DeserializationFeature.FAIL_ON_TRAILING_TOKENS feature is configured for parsing JSON. This feature applies more rigour when parsing JSON payloads, thus preventing malformed JSON from being processed by the Gateway, and potentially sent on to backend services. Setting this property to true will relax the validation. Default value: false. |
7.7
No new Axway-defined Java system properties were introduced in this release.
7.7 SP1
Axway-defined Java system properties introduced in the 7.7 SP1 release
System Property | Context | Description |
---|---|---|
com.axway.apimanager.use404AuthSuccessNoMatch | API Manager; HTTP; Runtime | Specifies whether a HTTP 404 Not Found error response is sent to the client when an authenticated, but unsuccessful API match occurs. When set to false, this property will return an HTTP 403 No match found for request error. Default value: false. |
7.7 SP2
Axway-defined Java system properties introduced in the 7.7 SP2 release
System Property | Context | Description |
---|---|---|
com.axway.kps.cache.ignorenull | API Gateway; API Manager; Cassandra; KPS | Specifies whether items queried from Cassandra that are ’not found’ (that is, null) are stored in the KPS table cache. Not found/null items store an empty map in the cache. When this property is set to true and a null item is encountered, it will force a subsequent read from Cassandra. Default value: false. |
7.7 January 2020
No new Axway-defined Java system properties were introduced in this release.
7.7 March 2020
Axway-defined Java system properties introduced in the 7.7 20200330 release
System Property | Context | Description |
---|---|---|
com.vordel.apiportal.Organization.RegistrationToken.tokenLength | API Manager; User Registration | Specifies the length of the organization registration token. Default value: 32. |
7.7 May 2020
No new Axway-defined Java system properties were introduced in this release.
7.7 July 2020
Axway-defined Java system properties introduced in the 7.7 20200730 release
System Property | Context | Description |
---|---|---|
com.axway.apigw.request.headers.reflect | API Gateway; API Manager; | If set to false, incoming headers are not reflected (except for headers that are set or modified by policies). Default value: true. |
7.7 September 2020
Axway-defined Java system properties introduced in the 7.7 20200930 release
System Property | Context | Description |
---|---|---|
api.manager.orgadmin.selfservice.enabled | API Manager | Sets whether an org admin has self service enabled by default. Default value: false. |
7.7 November 2020
Axway-defined Java system properties introduced in the 7.7 20201130 release
System Property | Context | Description |
---|---|---|
com.coreapireg.apimethod.querystring.passthrough | API Manager | If set to true, query parameters are sent unmodified to the backend service. This flag also removes any undefined query parameters from the resulting backend request, unlike the 7.5.3 JVM property api.manager.querystring.passthrough , which passes all parameters to the backend. Default value: false. |
api.manager.orgadmin.selfservice.enabled | API Manager | This flag was originally introduced in the 7.7 20200930 release. If set to true, it now allows Organization Admins to manage the API life cycle of APIs in their orgs. |
com.axway.apimanager.configure.apis.nonblocking.enabled | API Manager | If set to true, API cache load and API catalog load are detached from boot sequence and triggered after it (this applies for both product startup and configuration deployment). API requests to catalog and virtualized APIs are held during the load time, and only performed after the load is finished. Default value: false. |
7.7 January 2021
Axway-defined Java system properties introduced in the 7.7 20210130 release
System Property | Context | Description |
---|---|---|
com.axway.apigw.sftp.knowninsecure.allow | API Gateway | If set to true, the embedded SFTP server will allow connection from clients using known insecure cipher suites. Default value: false. |
7.7 March 2021
Axway-defined Java system properties introduced in the 7.7 20210330 release
System Property | Context | Description |
---|---|---|
com.axway.apimanager.user.tlds | API Manager | Specifies a list of user defined top level domains to be included in domain valiation when adding a Trusted Certificate to an API Manager front-end API using a url. |
com.axway.apimanager.configure.catalog.parallel.enabled | API Manager | If set to true, enables multi-threaded load of API Catalog. Default value: true. |
com.vordel.coreapireg.runtime.broker.parameters.allowEmptyDefault | API Manager; Runtime | If set to true, empty query parameters are permitted by default unless the Swagger query parameter definition contains allowEmptyValue: false . Default value: false. |
7.7 May 2021
Axway-defined Java system properties introduced in the 7.7 20210530 release
System Property | Context | Description |
---|---|---|
http.proxyScheme | API Manager | Specifies the scheme to be used, HTTP or HTTPS, when importing an API from a URL through a HTTP Proxy or HTTPS Proxy Server. |
com.axway.apimanager.fault.legacy.soap | API Manager; WSDL; SOAP | If set to true, it will revert to the legacy error response codes for invalid SOAP 1.1 requests. Default value: false. |
com.vordel.oauthAuthorizationRecordsThreshold | API Manager | Specifies the threshold for the records displayed on OAuth Authorizations page. Default value: -1. |
7.7 August 2021
Axway-defined Java system properties introduced in the 7.7 20210830 release
System Property | Context | Description |
---|---|---|
jdk.xml.entityExpansionLimit | API Gateway | Specifies the XML Schema validation limit for the number of entity expansions. Default value: 64000. |
jdk.xml.maxOccurLimit | API Gateway | Specifies the XML Schema validation limit for the number of content model nodes. Default value: 5000. |
com.vordel.dwe.file.Service.includeConfDirectory | API Gateway | Specifies whether or not conf-dir and envSettings.props are included in the output of the API Gateway File API. |
com.axway.api.runtime.broker.parameters.skipRequiredValidation | API Manager | Allows required parameters validation to be skipped during processing of user requests. Defaults to ‘false’. |
com.axway.api.runtime.broker.parameters.skipEnumValidation | API Manager | Allows enum parameters validation to be skipped during processing of user requests. Defaults to ‘false’. |
com.axway.apigw.dbconnection.removeabandoned | API Gateway | Allows removal of abandoned connections if they exceed the abandoned connection timeout. Defaults to ’true’. |
com.axway.apigw.dbconnection.removeabandoned.timeoutms | API Gateway | Sets the abandoned connection timeout in milliseconds. Defaults to ‘300000’. |
com.axway.apigw.dbconnection.testonreturn | API Gateway | Allows validation of connections before they are returned to the pool. Defaults to ’true’. |
CASSANDRA_PROTOCOL_VERSION | Cassandra | Specifies which protocol version to set on the Cassandra driver. Allowable values are 3 and 4. Default value is 4. |
7.7 November 2021
Axway-defined Java system properties introduced in the 7.7 20211130 release
System Property | Context | Description |
---|---|---|
com.axway.api.runtime.management.allowRateLimit | API Manager | Allows customers to enable/disable the API Manager request rate limiter. Defaults to ’true’. |
com.axway.apigw.sso.auto.approval | API Manager SSO | Toggles whether SSO users are automatically approved or not. If set to false, a new SSO users must be approved by an API Manager Admin. Default value: ’true’ |
com.axway.apigw.sso.authorization | API Manager SSO | Toggles SSO authorizations ON or OFF. If set to false, the authorizations mapped from the SSO Users SAML assertion are ignored, and internally managed authorizations are used instead. Default value: ’true’ |
7.7 February 2022
Axway-defined Java system properties introduced in the 7.7 20220228 release
System Property | Context | Description |
---|---|---|
axway.rmi.socket.connect.timeout | API Gateway | A timeout to control how long a distributed Ehcache waits for a response for a synchronous update. A timeout value of 0 means no timeout. Defaults to 500 milliseconds. |
7.7 May 2022
Axway-defined Java system properties introduced in the 7.7 20220530 release
System Property | Context | Description |
---|---|---|
com.vordel.dwe.outputObsFoldedValuesAllowed | API Gateway | Allow output HTTP headers to contain obs-folded values. Default value: ‘false’ |
com.vordel.allowApiSecretModification | API Manager | When set to ’true’ the secret of an OAuth Credential or an API Key can be modified via the REST API. Default value: ‘false’ |
com.axway.apimanager.securitydevice.httpheaders.propagate | API Manager | When set to ’true’ the headers generated by the API Manager Inbound Security Invoke Policy Security device are propagated in http.headers for further API Manager processing overriding headers received in the request. Default value: ‘false’ |
com.axway.apimanager.securitydevice.authz.legacy.enabled | API Manager | When set to ’true’ allows you to store external client ids, API keys, or OAuth tokens in any of the Security Device token stores in API Manager Applications. Default value: ‘false’ |
7.7 August 2022
Axway-defined Java system properties introduced in the 7.7 20220830 release
System Property | Context | Description |
---|---|---|
com.axway.apigw.cookie.validation.ignore | API Gateway | Allow HTTP Cookie related filters to not enforce cookie validation as per RFC 6265. Default value: ‘false’ |
7.7 November 2022
Axway-defined Java system properties introduced in the 7.7 20221130 release
System Property | Context | Description |
---|---|---|
com.axway.apimanager.bypass.temporary.password.check | API Manager | Allow API Manager REST APIs to be invokable using temporary passwords generated via a password reset. When set to ’true’ temporary password checking is bypassed. Default value: ‘false’ |
com.axway.api.runtime.broker.contentType.formUrlEncoded.preserve | API Manager | If set to ’true’ the API Manager preserves attributes of the ‘application/x-www-form-urlencoded’ Content-Type header of user request messages to API Manager. Default value: ‘false’ |
com.axway.apimanager.api.export.cleartext.allowed | API Manager | If set to ’true’ the API Manager allows Frontend APIs to be exported as clear text. Setting this property to ’true’ may result in authenticationProfile.parameters['password'] being visible in the export file if it is not password protected. Default value: ‘false’ |
com.vordel.coreapireg.runtime.broker.parameters.allowEmptyDefault | API Manager | This property was introduced to the product in the March 21 (7.7 20210330) release, and it has been removed from the product in this release. An equivalent setting (Allow empty value ) has been added to API Manager settings. |
com.axway.api.runtime.broker.parameters.skipRequiredValidation | API Manager | This property was introduced to the product in the August 21 (7.7 20210830) release, and it has been removed from the product in this release. An equivalent setting (Skip required validation ) has been added to API Manager settings. |
com.axway.api.runtime.broker.parameters.skipEnumValidation | API Manager | This property was introduced to the product in the August 21 (7.7 20210830) release, and it has been removed from the product in this release. An equivalent setting (Skip enun validation ) has been added to API Manager settings. |