REST API configuration options - CustomerID
There is a single service account that can access the REST API (Application Programming Interface) in the system. The username, password, and the permissible source host are defined in this section.
These configurations are available in the eidm2.properties
file.
rest.passwordauthentication.enabled
This property defines whether REST API can be accessed by using API user account credentials rest.username
and rest.password
either via HTTP Basic Authentication or in request URL parameters. There are two possible values, see also REST API authentication:
true
: REST API can be accessed by using API user account credentials, OAuth2 is an additional optionfalse
: REST API cannot be accessed by using API user account credentials but OAuth2 is the only option
Initially, this less insecure authentication method shall be enabled by default but it is recommended to switch to the more secure OAuth2 based authentication and disable authentication with API user account credentials.
Default is true
Example:
rest.passwordauthentication.enabled = false
rest.oauth2.client.uuid
NOTE: this property is included in the eidm2_generated.properties
file and there is no reason to modify or reset it in eidm2.properties
. See Setup template on Linux / Setup template on Windows.
rest.oauth2.client.secret
NOTE: this property is included in the eidm2_generated.properties
file and there is no reason to modify or reset it in eidm2.properties
. See Setup template on Linux / Setup template on Windows.
rest.oauth2.introspection.url
NOTE: this property is included in the eidm2_generated.properties
file and there is no reason to modify or reset it in eidm2.properties
. See Setup template on Linux / Setup template on Windows.
rest.oauth2.client.pool.size
If you need to change the size of the connection pool available for REST API OAuth2 authentication token introspection requests you can add the setting to specify an integer value.
Default is 50
.
Example:
rest.oauth2.client.pool.size = 100
rest.username
This property is obsolete in case of OAuth2 based authentication, see REST API authentication.
This property defines the username that will be used for authentication when performing REST API calls. Usually this property is included in the eidm2_generated.properties
file and there is no reason to modify it or reset it.
Default is restuser
Example:
rest.username = restuser
rest.password
This property is obsolete in case of OAuth2 based authentication, see REST API authentication.
This property defines the password that will be used for authentication when performing REST API calls. It is recommended that the password is at least 32 characters long. Usually this property is included in the eidm2_generated.properties
file and there is no reason to modify it or reset it unless you want to increase security and change the password to a longer one. If you change the password then you should make sure that you also change it in the win32.config
file (or linux.config
file if Ubisecure CustomerID is installed on a Linux machine). You may also have to run setup again after changing the password as some scripts that use REST services might not work after the password change and before running setup to complete it.
Default is secret
. Do not use this default value. Always set your own or use the generated value.
Example:
rest.password = secret
rest.roles.recursion
This property defines if user roles are listed recursively or if just the direct memberships are included. There are two possible values:
true
: User roles are listed recursively.false
: Just the direct memberships are included.
Default is true
.
Example:
rest.roles.recursion = true
rest.inviter.email
This optional property defines the email address for REST "inviter". When emails are sent because a REST call has been made this is the email address that is included in the mail text as the sender of the email. If not configured email notification(s) will not be sent for REST "inviter".
Possible values are: Any valid email address.
Default is <not set>
Example:
rest.inviter.email = firstname.lastname@organization.com