REST Properties

Jmix REST properties allow you to configure different aspects of the behavior of the generic REST endpoints.

Entities API

jmix.rest.default-max-fetch-size

Defines the default maximum amount of entity instances that are returned by the API.

Default value: 10000

jmix.rest.entity-max-fetch-size

Defines the default maximum amount of entity instances that are returned by the API for a particular entity.

The following example configures the entityMaxFetchSize value for two entities. For all other entites the value from jmix.rest.default-max-fetch-size is taken into consideration.

jmix.rest.entity-max-fetch-size.sample_Product = 500
jmix.rest.entity-max-fetch-size.sample_Customer = 1000

jmix.rest.json-transformation-config

Property defining a file that contains a list of JSON transformations configurations used by the REST API when the client needs data in the format of some particular data model version.

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: none

jmix.rest.max-upload-size

Maximum file size (in bytes) that can be uploaded with the REST API.

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: 20971520 (20 Mb)

jmix.rest.optimistic-locking-enabled

Enables optimistic locking of entities with optimistic locking if the version attribute is provided in JSON.

Default value: false

jmix.rest.queries-config

Property defining a file that contains a list of JPQL queries available as part of the Entities API.

jmix.rest.queries-config = rest/sample/rest-queries.xml

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: none

jmix.rest.services-config

Property defining a file that contains a list of Service methods that are exposed via the Services API.

jmix.rest.services-config = rest/sample/rest-services.xml

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: none

jmix.rest.response-fetch-plan-enabled

If set to true, the responseFetchPlan parameter with the fetch plan name can be passed in the create and update requests. In this case, the created/updated entity is reloaded with the specified fetch plan and returned as part of the response JSON.

If set to false, the response contains JSON with a minimal representation of the created/updated entity.

Default value: true

Security

jmix.security.oauth2.client-id

Defines an identifier of the REST API client. In this case, the client is not a platform user, but an application (some web portal or mobile app) that uses REST API. Client credentials are used for basic authentication when accessing the REST API token endpoint.

Default value: client

This value should be changed to some application specific random, long and non-guessable string.

jmix.security.oauth2.client-secret

Defines the secret for the REST API client. In this case, the client is not a platform user, but an application (some web portal or mobile app) that uses REST API. Client credentials are used for basic authentication when accessing the REST API token endpoint.

The application property value in addition to the actual password value (e.g., secret), must contain an identifier of the Password Encoder (e.g., {noop}). More information about the Password Encoder Mechanism can be found in the Spring Security documentation.

When the Token retrieval request is send for authentication, the Password Encoder identifier must not be part of the request value. Only secret is part of the request.

Default value: {noop}secret

This value should be changed to some application specific random, long and non-guessable string.

jmix.rest.anonymous-url-patterns

Defines a comma-separated list of URL patterns, which should allow anonymous access.

Default value: none

jmix.rest.authenticated-url-patterns

Defines a comma-separated list of URL patterns of custom controllers that require the standard OAuth2 authentication.

Default value: none