REST Properties

Jmix REST properties allow you to configure different aspects of the behavior of the generic REST endpoints.

Entities API

jmix.rest.default-max-fetch-size

Defines the default maximum amount of entity instances that are returned by the API.

Default value: 10000

jmix.rest.entity-max-fetch-size

Defines the default maximum amount of entity instances that are returned by the API for a particular entity.

The following example configures the entityMaxFetchSize value for two entities. For all other entities the value from jmix.rest.default-max-fetch-size is used.

jmix.rest.entity-max-fetch-size.sample_Product = 500
jmix.rest.entity-max-fetch-size.sample_Customer = 1000

jmix.rest.json-transformation-config

Property defining a file that contains a list of JSON transformations configurations used by the REST API when the client needs data in the format of some particular data model version.

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: none

jmix.rest.max-upload-size

Maximum file size (in bytes) that can be uploaded with the REST API.

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: 20971520 (20 Mb)

jmix.rest.optimistic-locking-enabled

Enables optimistic locking of entities with optimistic locking if the version attribute is provided in JSON.

Default value: false

jmix.rest.queries-config

Property defining a file that contains a list of JPQL queries available as part of the Entities API.

jmix.rest.queries-config = rest/sample/rest-queries.xml

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: none

jmix.rest.services-config

Property defining a file that contains a list of Service methods that are exposed via the Services API.

jmix.rest.services-config = rest/sample/rest-services.xml

The file is loaded using the Resources interface, so it can be located in the classpath or the configuration directory.

Default value: none

jmix.rest.response-fetch-plan-enabled

If set to true, the responseFetchPlan parameter with the fetch plan name can be passed in the create and update requests. In this case, the created/updated entity is reloaded with the specified fetch plan and returned as part of the response JSON.

If set to false, the response contains JSON with a minimal representation of the created/updated entity.

Default value: true

Security

jmix.rest.anonymous-url-patterns

Defines a comma-separated list of URL patterns, which should allow anonymous access.

Default value: none

jmix.rest.authenticated-url-patterns

Defines a comma-separated list of URL patterns of custom controllers that require the standard OAuth2 authentication.

Default value: none

jmix.security.oauth2.client-id

Defines an identifier of the REST API client. In this case, the client is not a platform user, but an application (some web portal or mobile app) that uses REST API. Client credentials are used for basic authentication when accessing the REST API token endpoint.

Default value: client

This value should be changed to some application specific random, long and non-guessable string.

jmix.security.oauth2.client-secret

Defines the secret for the REST API client. In this case, the client is not a platform user, but an application (some web portal or mobile app) that uses REST API. Client credentials are used for basic authentication when accessing the REST API token endpoint.

The application property value in addition to the actual password value (e.g., secret), must contain an identifier of the Password Encoder (e.g., {noop}). More information about the Password Encoder Mechanism can be found in the Spring Security documentation.

When the Token retrieval request is send for authentication, the Password Encoder identifier must not be part of the request value. Only secret is part of the request.

Default value: {noop}secret

This value should be changed to some application specific random, long and non-guessable string.

jmix.security.oauth2.client-authorized-grant-types

Authorized grant types.

Default value: password,external,refresh_token

jmix.security.oauth2.client-token-expiration-time-sec

Access token expiration time in seconds.

Default value: 43200 (12 hours)

jmix.security.oauth2.client-refresh-token-expiration-time-sec

Refresh token expiration time in seconds.

Default value: 31536000 (365 days)

jmix.security.oauth2.dev-mode

Development mode allows using of REST API without an authentication token. Default user that is used for all REST API invocation in the dev mode is specified in the jmix.security.oauth2.dev-username property.

Default value: false

jmix.security.oauth2.dev-username

Username that is used for development mode. See jmix.security.oauth2.dev-mode.

jmix.security.oauth2.token-masking-enabled

If true, tokens are masked in application logs.

Default value: true

jmix.security.oauth2.reuse-refresh-token

Whether to reuse refresh tokens until they are expired.

Default value: true

jmix.security.oauth2.support-refresh-token

Whether to support refresh tokens.

Default value: true