Editing the configuration file
A configuration file for the REST API named config.json is stored in the helix-alm-rest-api\config directory in the Helix ALM application directory (e.g., C:\Program Files\Perforce\Helix ALM\helix-alm-rest-api\config).
Edit this file to change settings used by the API, such as the API or Helix ALM host computer address and port number, https information, and RSA key exchange information.
If settings are missing from the file when you upgrade the REST API Server, they are added and the old file is backed up with the date and 'old' added to the filename (e.g., config_2018-05-29_15-09.old.json).
| Setting | Controls: | Example value |
|---|---|---|
| Allow HTTP | If http is allowed. Only https is allowed by default. | "allowHTTP": false,
|
| REST API hostname, addresses to bind to, and ports |
REST API computer hostname, addresses or devices to bind to, and port number.
|
"hostname": "localhost",
"bindAddresses": ["::", "0.0.0.0"],
"httpsPort": "8443",
|
| https private key, public certificate, and key passphrase | Location of certificate files. The key.pem and cert.pem files are automatically created in this location the first time the REST API Server starts if they do not already exist. If you want to use your own signed certificates, you can replace the default ones. | "httpsPrivateKeyLocation": "./config/certificates/key.pem",
|
| Helix ALM Server hostname and port | IP address or domain name of the computer hosting the Helix ALM Server and the port number. These values are automatically set the first time the REST API is installed. Port numbers must be strings. | "helixAlmHostName": "127.0.0.1",
|
| RSA key exchange certificate location | Location of public key file used for RSA key exchange. If RSA key exchange is enabled for the Helix ALM Server in the security options in the Helix ALM Server Admin Utility, the public key file must be downloaded, stored in a directory accessible to the API, and the directory must be updated in this setting. | "helixAlmCertificateFileLocation": "",
|
| Temporary directory location | Location to store uploaded files when the REST API is receiving and sending them to the Helix ALM Server. | "temporaryDirectory": "./temp",
|
| Cache location and maximum size | Location of cached files for sending to clients so they do not have to be retrieved again from the Helix ALM Server. The maximum size (in megabytes) controls how large the directory can be before the oldest files are deleted. | "cacheDirectory": "./cache",
"maxCacheSize": 4096,
|
| Maximum request size | Maximum request size that the REST API Server will accept before rejecting it because it is too large. Default is 25 MB. | "maxRequestSize": 25
|
| Maximum connection timeout | Maximum time (in minutes) the REST API waits before considering a socket inactive and forcing it to disconnect. Increase this value to give the Helix ALM Server more time to process longer requests. Default value is 20 minutes. | "clientConnectionTimeout ": 20,
|
| Maximum NodeJS memory usage | Maximum system memory (in megabytes) used by NodeJS that the REST API allows in megabytes. Default is 2 GB. | "maxMemoryUsage": 2048,
|
| Debugging flags | How debugging information is logged, which can be used for troubleshooting any issues with the REST API Server. If enabled, information is logged to the HelixALMRESTAPI.txt file in the helix-alm-rest-api directory in the Helix ALM application directory. | "debugMemoryUsage": false, |
| CORS origin |
Support for the Cross-Origin Resource Sharing standard. Specifies how the 'Access-Control-All-Origin' header is returned on responses. Use:
|
"corsOrigin": "wysicorp.com",
|
| Rate limit | Number of requests that the REST API Server allows per Helix ALM project and IP address per minute. Valid values are 30 - 240. Default value is 60 requests. See Rate limits. | "rateLimit": 60,
|
| Configuration file version | Version of the configuration file. Do not change. | "confVersion": 1
|
| HTTP headers sent with HTTP responses | HTTP headers sent with every HTTP response. Common security-related headers are configured by default, but you can define others. If you do not want to use the configured security headers, delete the name and value pairs instead of commenting them out. | "httpResponseHeaders": {
|
| HTTP headers sent with HTTPS responses | HTTP headers sent with every HTTPS response. Common security-related headers are configured by default, but you can define others. If you do not want to use the configured security headers, delete the name and value pairs instead of commenting them out. | "httpsResponseHeaders": {
|
Example file
{
// Allow HTTP
// - Allow HTTP is disabled by default
"allowHTTP": false,
// Helix ALM REST API Hostname and http/https port numbers
"hostname": "localhost",
"bindAddresses": ["::", "0.0.0.0"],
"httpsPort": "8443",
"httpPort": 8900,
// Https private key, public certificate, and key passphrase (if key was encrypted)
"httpsPrivateKeyLocation": "./config/certificates/key.pem",
"httpsPrivateKeyPassPhrase": "",
"httpsPublicCertificateLocation": "./config/certificates/cert.pem",
// Helix ALM Server Hostname and port
"helixAlmHostName": "127.0.0.1",
"helixAlmPort": "99",
// If the Helix ALM Server is setup to use RSA key exchange the Public Key File for the
// server will need to be downloaded and copied to this path to allow the REST API
// to communicate with the server
"helixAlmCertificateFileLocation": "",
"temporaryDirectory": "./temp",
"cacheDirectory": "./cache",
"maxCacheSize": 4096,
// Maximum size (in megabytes) of a request accepted by the Helix ALM REST API server
"maxRequestSize": 25,
// How long (in minutes) will the REST API wait before considering a socket inactive and forcing it to disconnect.
// Increasing this can allow the Helix ALM Server more time to process long requests.
"clientConnectionTimeout": 20,
// Additional debugging flags to assist in debugging any issues encountered with
// the REST API NodeJS application
"additionalLogging": false, // Log additional debug information
// How much RAM (in megabytes) can the process use before it is killed.
"maxMemoryUsage": 2048,
// Should the RAM usage be logged in detail?
"debugMemoryUsage": false,
// Configures the CORS origin returned via the Access-Control-Allow-Origin header
"corsOrigin": "*",
// Configure the rate limit, this is the limit for how many requests are allowed per minute
"rateLimit": 60,
// Do not change this value, this indicates the 'version' of this configuration file.
"confVersion": 1,
// Additional HTTP headers sent with every HTTP response
"httpResponseHeaders": {
"content-security-policy": "default-src 'none'; frame-ancestors 'none'",
"x-frame-options": "DENY",
"x-xss-protection": "1; mode=block",
"x-content-type-options": "nosniff"
},
// Additional HTTP headers sent with every HTTPS response
"httpsResponseHeaders": {
"content-security-policy": "default-src 'none'; frame-ancestors 'none'",
"x-frame-options": "DENY",
"x-xss-protection": "1; mode=block",
"x-content-type-options": "nosniff",
"strict-transport-security": "max-age=31536000; includeSubDomains; preload"
}