Secure the API Explorer
The REST API Explorer serves up interactive REST API documentation. The API Explorer can help you identify endpoints, and run REST calls against those endpoints. To protect production servers from unauthorized API descriptor requests, IDM requires authentication, by default. The property authEnabled
protects static web resources from public view.
Default
ui.context-api.json
file{
"enabled" : true,
"authEnabled" : true,
"urlContextRoot" : "/api",
"defaultDir" : "&{idm.install.dir}/ui/api/default",
"extensionDir" : "&{idm.install.dir}/ui/api/extension"
}
To disable the API Explorer, set the following property in your resolver/boot.properties
file:
openidm.apidescriptor.enabled=false