Advanced API Management Settings

On this page you can find some additional advanced settings that can be configured for API Management.

After having saved your changes, do not forget to restart the API Management containers to apply the changed configuration to your installation.

Settings for Gateway Certificate Management

As per default, we use Java truststore cacerts of the gateway container to encrypt the connection between the API Management gateway and the backend APIs.
If you want to use a different truststore, you can configure this using the following settings in your docker configuration file .env:

Please uncomment all setting values in the certificate section - otherwise not all keystores will be set properly.

Setting	Description	Default Value
`KEYSTORE_TRUSTSTORE_PATH`	Specify the path to the certificates in the docker container. Do not change this setting!	`/usr/src/apiman/apiman-distro-vertx/certs/`
`GATEWAY_BACKEND_KEYSTORE`	Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and the backend for unmanaged APIs.	`apiman.jks`
`GATEWAY_BACKEND_TRUSTSTORE`		`apiman.jks`
`GATEWAY_CLIENT_KEYSTORE`	Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and clients, e.g. a browser.	`apiman.jks`
`GATEWAY_CLIENT_TRUSTSTORE`		`apiman.jks`
`GATEWAY_ES_KEYSTORE`	Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and Elasticsearch.	`apiman.jks`
`GATEWAY_ES_TRUSTSTORE`		`apiman.jks`
`GATEWAY_KEYCLOAK_KEYSTORE`	Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and Keycloak.	`apiman.jks`
`GATEWAY_KEYCLOAK_TRUSTSTORE`		`apiman.jks`

Security Settings

If you do not want to go with the default TLS protocols, you can define a dedicated set of TLS protocols in your docker configuration file .env:

Setting	Description	Default Value
^{TLS_ALLOWED_PROTOCOLS}	Specify a set of allowed TLS protocols as a comma separated list.	^{TLSv1.1,TLSv1.2}

This setting will only affect the main containers, as there are: keycloak, gateway and ui. The other containers are not affected.

If you want to change the value for one container only, this can be done in the docker-compose.yml.
We do not recommend to change the compose files, though. If this file changes with an API Management update, you will have to merge your changes, or they will be gone.

Policy Settings

Setting	Description	Default Value
^{MAX_CACHE_SIZE_IN_MB}	7.5.0 Define the maximum cache size to use for the Caching Resources policy per gateway in megabytes.	¹⁰