Application properties Windows, Linux
1Gateway is a Spring Boot application. Spring properties can be used to configure the server:
https://docs.spring.io/spring-boot/appendix/application-properties/index.html
This document lists all of the application properties supported by 1Gateway.
1Gateway ships with a default setup defined in the application properties file found in the root folder of your installation. You can modify the properties to adjust how 1Gateway behaves.
Springboot properties
1Gateway is built on the Spring Boot framework, which uses a standardized set of properties to manage core server behavior. These settings allow you to define the underlying infrastructure requirements, such as security protocols, database connection strings (MongoDB), messaging broker details (RabbitMQ), and SSL/TLS certificate configurations for secure communication.
| Key | Description | Default value |
|---|---|---|
| spring.security.oauth2.resourceserver.jwt.issuer-uri | OAuth/OpenID configuration endpoint | — |
| spring.rabbitmq.ssl.enabled | Enable SSL support | — |
| spring.rabbitmq.host | RabbitMQ host | localhost |
| spring.rabbitmq.port | RabbitMQ port | — |
| spring.rabbitmq.username | RabbitMQ username | guest |
| spring.rabbitmq.password | RabbitMQ password | guest |
| spring.mongodb.uri | MongoDB connection URI | mongodb://localhost:27017/1gateway |
| spring.servlet.multipart.max-file-size | Max file size | 1024MB |
| spring.servlet.multipart.max-request-size | Max request size | 1024MB |
| server.port | HTTPS port | 8080 |
| server.ssl.key-store | Path to keystore | — |
| server.ssl.key-store-password | Keystore password | — |
| server.ssl.key-store-type | Keystore type | PKCS12 |
| server.ssl.key-alias | Certificate alias | — |
| server.ssl.key-password | Private key password | — |
1Gateway properties
These application-specific properties control the internal logic and orchestration engine of 1Gateway. Use these configurations to fine-tune system behavior, including message retry intervals, audit trail retention policies, plugin repository synchronization, and authentication levels for specific API endpoints.
application.rabbitmq
Class: com.faciligate.queue.rabbit.v4.properties.RabbitMqProperties
| Key | Description | Default value |
|---|---|---|
| batch-size | The batch size to use when sending messages | 10 |
| dead-letter-exchange | The RabbitMQ exchange where the dead letter queue will be defined | 1gateway-dlq |
| dead-letter-queue | The name of the dead letter queue | dlq |
| dead-letter-queue-enabled | Create and enable the dead letter queue during startup | true |
| dead-letter-topic | The topic to use when sending dead letter messages | dead.letter |
| initial-interval | The initial interval in milliseconds between retries | 1000 |
| max-delay | The maximum delay in milliseconds when throttling | 0 |
| max-interval | The maximum interval between retries | 30000 |
| max-retry-attempts | How many times should a message be retried before being sent to the dead letter queue | 1 |
| multiplier | The multiplier to use for the interval between retries | 1.5 |
| stopthrottle | Number of messages queued before the producer is stopped | 0 |
| throttle | Number of messages queued before the producer is throttled | 0 |
application.audit
Class: com.faciligate.audit.configuration.AuditProperties
| Key | Description | Default value |
|---|---|---|
| action-message | Deprecated | false |
| action-mongo-db | Deprecated | false |
| audit-collection | The name of the audit trail collection. If auditProvider is mongodb, this is the name of the collection. | audit |
| audit-history-collection | The name of the audit history trail collection. If auditProvider is mongodb, this is the name of the collection. | auditHistory |
| audit-history-retention | How long do we want to keep history audit logs in days | 300 |
| audit-path | The path to the audit trail. If auditProvider is filesystem, this is the path to the audit trail. | /data/audit |
| audit-provider | Where do we want to store the audit trail. Options are: mongodb, filesystem, none | mongodb |
| audit-retention | How long do we want to keep audit logs in days | 30 |
| audit-retention-path | Where do we want to store old audit logs in the file system. If no path is provided, the retention policy will not be applied to old logs. | |
| config-message | Deprecated | false |
| config-mongo-db | Deprecated | true |
| log-collection | The name of the REST dialog log collection. If logProvider is mongodb, this is the name of the collection. | log |
| log-path | The path to the REST dialog log. If logProvider is filesystem, this is the path to the log. | /data/audit |
| log-provider | Where do we want to store the REST dialog log. Options are: mongodb, filesystem, none | filesystem |
| log-retention | How long do we want to keep REST dialog logs in days | 30 |
| login-message | Deprecated | false |
| login-mongo-db | Deprecated | false |
| message | [Ljava.lang.Object;@4dbca6e4 | |
| mongo | The audit destinations (mongo, message) with their filters The filter format is type.action.objecttype.objectname Any of the fields can be replaced with a * to match any value Leading * can be omitted Example: action..plugin. or action.*.plugin will match all plugin actions type is one of: action, login, record, config, error action is one of: delete, create, activate, deactivate, purgue, retry, config, login objecttype is one of: plugin, mapper, queue, message, user objectname is the name of the object | [Ljava.lang.Object;@423e05ec |
| record-log | When to store logs. Options are: always, never, error | always |
| record-message | Deprecated | false |
| record-mongo-db | Deprecated | false |
application.message.option
Class: com.faciligate.MessageOptionProperties
| Key | Description | Default value |
|---|---|---|
| address-format | Address format can be "endpoint" or "subscriber". Only relevant if a subscriberId is set. | endpoint |
| audit | Deprecated | false |
| audithistory | Deprecated | false |
| feedback | Deprecated | false |
| idmap | Deprecated | subscriber |
| legacytopic | Use legacy topic format "origin.messagetype.phase" - for compatibiility with old systems The new format is "origin.destination.messagetype" | false |
| restaudit | Deprecated | false |
| transactional | Deprecated | false |
application.aop
Class: com.faciligate.instrumentation.AopProperties
| Key | Description | Default value |
|---|---|---|
| classes | Internal use only | com.faciligate.routing.RoutingService |
| methodcount | Internal use only | 1 |
| methods | Internal use only | |
| packages | Internal use only | com.faciligate.api |
application.rabbitmq.remote
Class: com.faciligate.queue.rabbit.v4.properties.RabbitRemoteExchangeProperties
| Key | Description | Default value |
|---|---|---|
| enabled | Should the remote exchange be enabled - really only used for 1Bonding deployments | false |
| exchange-name | The RabbitMQ exchange for remote connections | |
| host | The RabbitMQ host for remote connections | |
| management-port | The RabbitMQ management port - use only if the user has admin permissions | |
| management-url | ||
| password | The RabbitMQ password for remote connections | |
| port | The RabbitMQ port for remote connections | |
| props | ||
| publish | Should messages be sent to the remote exchange | false |
| ssl | Should the remote exchange use SSL | false |
| ssl-version | SSL version to use for the remote host. Only used if SSL is enabled | TLSv1.2 |
| subscribe | Should messages be received from the remote exchange | false |
| timeout | The timeout for the RabbitMQ connection in milliseconds | 1000 |
| username | The RabbitMQ user for remote connections | |
| virtual-host | The RabbitMQ vhost for remote connections |
application.plugin.repository
Class: com.faciligate.plugin.repository.RepositoryProperties
| Key | Description | Default value |
|---|---|---|
| password | The password of the repository | |
| url | The url of the repository | |
| user | The user of the repository |
application.rabbitmq.local
Class: com.faciligate.queue.rabbit.v4.properties.RabbitLocalExchangeProperties
| Key | Description | Default value |
|---|---|---|
| enabled | Should the local exchange be enabled | true |
| exchange-name | The RabbitMQ exchange for local connections | |
| host | The RabbitMQ host for local connections | |
| management-port | The RabbitMQ management port - use only if the user has admin permissions | |
| management-url | ||
| password | The RabbitMQ password for local connections | |
| port | The RabbitMQ port for local connections | |
| props | ||
| publish | Should messages be sent to the local exchange | false |
| ssl | Should the local exchange use SSL | false |
| ssl-version | SSL version to use for the local host. Only used if SSL is enabled | TLSv1.2 |
| subscribe | Should messages be received from the local exchange | false |
| timeout | The timeout for the RabbitMQ connection in milliseconds | 1000 |
| username | The RabbitMQ user for local connections | |
| virtual-host | The RabbitMQ vhost for local connections |
application
Class: com.faciligate.ApplicationProperties
| Key | Description | Default value |
|---|---|---|
| ai-api-key | The API key for AI services. | |
| app-name | The name of the application. | |
| authenticate | Enable Authentication for 1Gateway. Possible values: false,basic,oauth false: No authentication is required. The rest of the authentication properties will be ignored. basic: Basic authentication is required. oauth: OAuth2 authentication is required. Alternatively, for backwards compatibility, you can set application.authenticate=true, which will also enable Basic Authentication. | |
| authenticate-mongodb | Configures authentication for the /api/v4/mongo. Possible values: false, strict, token, strictToken. False means the authenticated user can access all MongoDB collections. If strict, the authenticated user can access only the collections that match their username. If token, the endpoint is open and the API key must belong to a user and must not be expired. If strictToken, the endpoint is open and the API key must belong to a user, must not be expired, and the user's name must match the collection name. | false |
| authenticate-queue | Configures authentication for the /api/v3/message/queue and /api/v4/message/queue endpoints. Possible values: false, strict, token, strictToken. False means the authenticated user can access all queues. If strict, the name of the logged in user must match the queue name. If token, the endpoint is open and the API key must belong to a user and must not be expired. If strictToken, the endpoint is open and the API key must belong to a user, must not be expired, and the user's name must match the queue name. | false |
| authenticate-send | This configures authentication for the /send endpoint, which is used for webhooks. If strict, the endpoint /send verifies that the logged-in user's name matches the webhook parameter. Possible values: false,strict The user always needs to be in the role webhook. Anything else is ignored. Default: false | |
| authenticate-send-no-auth | Enable SendNoAuth authentication. If this property is set, the authenticate-webhook property is ignored. Possible values: false,true,token,strict If false, the endpoint /sendNoAuth gives a 404. This is the default. If true, the endpoint is open without the need for a token or apiKey. If token, the apiKey must belong to a user and must not be expired. If strict, the apiKey must belong to a user, must not be expired, and the user's name must match the webhook parameter. Default: false | |
| authenticate-webhook | @deprecated: Enable Webhook Authentication. If false, the endpoint /sendNoAuth is enabled with no security. If strict, same as authenticate-send=strict. If true, the endpoint /sendNoAuth is disabled. ossible values false,true,strict Default: false | false |
| authorization-url | The URL for authorization. This property is used by the UI if oAuth is enabled. | |
| backupfolder | @deprecated As of version 4.2, the backup directory configuration will be managed within a JSON file located in the "data/config" folder. This property will be removed in a future release. @since 4.2 @see /data/config/backup.json | |
| catalog-path | The path to the data/catalog directory. This contains runtime artifacts including: • Installed plugins: All currently installed plugins. • Plugin logos: Logo assets for plugins. • Schemas: NormalizedAlarm, NormalizedIncident, and custom schemas. • Archive: Historical record of installed items. | |
| client-id | The client ID for the application. This property is used by the UI if oAuth is enabled. | |
| config-filetypes | The list of configuration file types. | |
| config-path | The path to the configuration files. | |
| core-name | The name of the core. | |
| delayed-startup | Indicates if the startup should be delayed. | false |
| delayed-startup-in-millis | The delay in milliseconds for the startup. | |
| demo | Indicates if the application is running in demo mode. | false |
| demo-catalog-path | The path to the demo catalog file. | |
| domain | The domain of the application. | |
| enable-experimental-features | Indicates if experimental features are enabled. | false |
| encryption-key | The encryption key for encrypted text. | |
| environment | Internal use only. | |
| errorhandling-legacy | Indicates if legacy error handling is enabled. | true |
| grouping | The grouping of the plugins. Default is "endpoint". Set to "plugin" to group by the first word of the plugin name. | endpoint |
| http-client-timeout | The timeout for the HTTP client. | 60 |
| initial-password | The initial password for the application. | |
| initial-user | The initial user for the application. | |
| instance-id | The instance ID of the application. | |
| instance-name | The instance name of the application. | |
| keep-last-transactions | The number of transactions to keep. | 25 |
| log-path | The path to the log files. | |
| logout-url | The URL for logout. This property is used by the UI if oAuth is enabled. | |
| main-config-path | The path to the main configuration file. | |
| mantain-cmdb | Indicates if the CMDB should be maintained. | false |
| maxhops | The maximum number of hops. | 20 |
| non-proxy-hosts | The non-proxy hosts. | |
| proxy-authentication | Indicates if proxy authentication is enabled. | false |
| proxy-enabled | Indicates if the proxy is enabled. Possible values: true, false Default: false. | false |
| proxy-host | The host for the proxy. | |
| proxy-password | The password for the proxy. | |
| proxy-port | The port for the proxy. | 0 |
| proxy-username | The username for the proxy. | |
| repourl | The URL for the plugin repository. | https://repo.1bonding.com |
| staging-config-path | The path to the staging configuration file. | |
| startup-time | The startup time of the application. | 0 |
| subscriber-id | The subscriber ID for the application. | |
| token-url | The URL for token retrieval. This property is used by the UI if oAuth is enabled. | |
| topic-prefix | The prefix for topics. | |
| use-latest-plugin-version | Indicates if the latest plugin version should be used. | true |
| user-settings-path | The path to the user settings. | |
| version | The 1Gateway version |
crypto.keystore
Class: com.faciligate.security.config.KeyStoreProperties$Keystore
| Key | Description | Default value |
|---|---|---|
| password | Keystore password. | verySecret |
| path | Path to the keystore file. | data/keystore |
crypto.self
Class: com.faciligate.security.config.KeyStoreProperties$Self
| Key | Description | Default value |
|---|---|---|
| alias | Alias for the self-signed certificate. | self |
| dn | Subject DN for the self-signed certificate. | CN=Mapper, OU=Integration, O=YourOrg, L=City, C=US |
| key-password | Key password for the self-signed certificate. | superSecret |