Securing the API Explorer
The REST API Explorer serves up interactive REST API documentation. The API Explorer can help you identify endpoints, and run REST calls against those endpoints. To protect production servers from unauthorized API descriptor requests, IDM requires authentication, by default. The property authEnabled
protects static web resources from public view.
{ "enabled" : true, "authEnabled" : true, "urlContextRoot" : "/api", "defaultDir" : "&{idm.install.dir}/ui/api/default", "extensionDir" : "&{idm.install.dir}/ui/api/extension" }
To completely disable the API Explorer, set the following property in your resolver/boot.properties
file:
openidm.apidescriptor.enabled=false