Skip to main content
Skip table of contents

Advanced API Management Settings

On this page you can find some additional advanced settings that can be configured for API Management.

After having saved your changes, do not forget to restart the API Management containers to apply the changed configuration to your installation.

Settings for Gateway Certificate Management

As per default, we use Java truststore cacerts of the gateway container to encrypt the connection between the API Management gateway and the backend APIs.
If you want to use a different truststore, you can configure this using the following settings in your docker configuration file .env:

Please uncomment all setting values in the certificate section - otherwise not all keystores will be set properly.

Setting

Description

Default Value

KEYSTORE_TRUSTSTORE_PATH

Specify the path to the certificates in the docker container.

Do not change this setting!

/usr/src/apiman/apiman-distro-vertx/certs/

GATEWAY_BACKEND_KEYSTORE

Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and the backend for unmanaged APIs.

apiman.jks

GATEWAY_BACKEND_TRUSTSTORE

apiman.jks

GATEWAY_CLIENT_KEYSTORE

Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and clients, e.g. a browser.

apiman.jks

GATEWAY_CLIENT_TRUSTSTORE

apiman.jks

GATEWAY_ES_KEYSTORE

Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and Elasticsearch.

apiman.jks

GATEWAY_ES_TRUSTSTORE

apiman.jks

GATEWAY_KEYCLOAK_KEYSTORE

Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and Keycloak.

apiman.jks

GATEWAY_KEYCLOAK_TRUSTSTORE

apiman.jks

Security Settings

If you do not want to go with the default TLS protocols, you can define a dedicated set of TLS protocols in your docker configuration file .env:

Setting

Description

Default Value

TLS_ALLOWED_PROTOCOLS

Specify a set of allowed TLS protocols as a comma separated list.

TLSv1.1,TLSv1.2

This setting will only affect the main containers, as there are: keycloak, gateway and ui. The other containers are not affected.

If you want to change the value for one container only, this can be done in the docker-compose.yml.
We do not recommend to change the compose files, though. If this file changes with an API Management update, you will have to merge your changes, or they will be gone.

Policy Settings

Setting

Description

Default Value

MAX_CACHE_SIZE_IN_MB

7.5.0 Define the maximum cache size to use for the Caching Resources policy per gateway in megabytes.

10

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.