Configuration REST API

Setting the base URL (domain) of the IQ Server. This property is for user-facing links and is required for sending emails, following links in pull requests and CI servers, and connecting to reports in most integrations.

Property: baseUrl

Default: null

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"baseUrl": "https://example.sonatype.com/"}' https://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=baseUrl"

Session timeout value in minutes for IQ Server. The user receives a browser notifications when the session is about to expire.

Property: sessionTimeout

Default: 30

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"sessionTimeout": 30}' https://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=sessionTimeout"

When set to true, IQ Server treats inbound requests as originating from the baseURL instead of on inbound HTTP request headers to ignore a misconfigured upstream reverse proxy.

We recommend fixing the upstream server to send properly formatted forwarded headers instead of using this setting.

Property: forceBaseUrl

Default: false

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"forceBaseUrl": true}' https://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=forceBaseUrl"

This property prevents clickjacking by adding an HTTP Content-Security-Policy (CSP) frame-ancestors directive to specify the domains or parent URLs that can frame the current resource. The property 'self' is appended to this list.

The default null value sets no restriction on the allowed domain or parent URLs. Any domain can frame the resource. Setting the property with a list of domains or parent URLs passed as JSON.

Property: frameAncestorsAllowlist

Default: null

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"frameAncestorsAllowlist": ["*first.com","second.*"]}' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=frameAncestorsAllowlist"

The maximum number of threads that can be used for the EventBus.

The EventBus is used to asynchronously post various events (e.g. policy evaluation, entity management, license/security vulnerability overrides, etc).

These events are consumed by various services (e.g. webhooks, source control, etc).

Property: eventBus.maxThreadPoolSize

Default: 500

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"eventBus.maxThreadPoolSize": 500}' https://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=eventBus.maxThreadPoolSize"

The user-agent header is a header in a request for web access sent under the HTTP protocol. This header identifies the software program that was used to send the request. A custom fragment may be added to the end of the "user-agent" for HTTP calls. This fragment may be used with network firewalls in managing traffic from the IQ Server.

Property: userAgentSuffix

Default: null

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"userAgentSuffix ": "Approved" }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=userAgentSuffix"

Enables/disables cross-site request forgery protection. The default is set to true to increase security.

Property: csrfProtection

Default: true

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"csrfProtection": true }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=csrfProtection"

This property points to the Sonatype Data Services to receive up-to-date information. This value may be updated when a static remote IP is needed while configuring access through firewall rules. This value should not be changed unless directly by the Sonatype Support team.

Property: hdsUrl

Default: https://clm.sonatype.com/

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"hdsUrl": "https://clm.sonatype.com/" }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=hdsUrl"

This is the passphrase used to encrypt webhooks sent by IQ Server. Webhooks are used for notification integrations such as JIRA or with custom scripts. We recommend changing the default passphrase when using webhooks.

Property: webhookSecretPassphrase

Default: ^d1swM!FF&qQ

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"webhookSecretPassphrase": "S0natyp3_R0ckz!" }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=webhookSecretPassphrase"

See Waived Component Upgrade Monitoring to learn more about this feature.

Property: waivedComponentUpgradeMonitoringEnabled

Default: false

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"waivedComponentUpgradeMonitoringEnabled": true }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=waivedComponentUpgradeMonitoringEnabled"

Continuous Monitoring updates the report for applications not built regularly by performing an analysis from the most recent scan files. As each report may take a few minutes to run, this process should start in off-peak hours after the maintenance backup is made. The number represents the hour of the day with 0 starting at the system time of midnight. Note that the actual process begins on a random minute before or after the chosen hour to limit the load on Sonatype servers.

Property: policyMonitoringHour

Default: 0 ; hour of the day ranging from (0-23)

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"policyMonitoringHour": 2 }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=policyMonitoringHour"

List of usernames passed as JSON. This property is used to control the access to the public API.

When set, only the users specified in the list are allowed to make API calls. Set this property to null for unrestricted API access to authenticated users.

Property: apiAccessAllowList

Default: null

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"apiAccessAllowList": "[\"user1\",\"user2\"]" }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=apiAccessAllowList"

This parameter adjusts the limit for the number of clauses (query parameters) in the advanced search's Lucene query. Wildcard or open ended searches result in a large number of clauses that may have performance implications. The limit is in place to keep searches from overloading the server.

This parameter is relevant when non-admin users perform advanced searches across large numbers of organizations or applications. When the query generated contains too many clauses, an issue may occur. Adjusting the clause count controls the limit to avoid the error message.

The clause count limit for Advanced Search queries.

Property: maxAdvancedSearchClauseCount

Default: 2048

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"maxAdvancedSearchClauseCount": 5000 }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=maxAdvancedSearchClauseCount"

The delimiter for the Advanced Search API when exporting to a CSV file.

Property: advancedSearchCSVExportDelimiter

Default: , (a comma)

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"advancedSearchCSVExportDelimiter":"," }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=advancedSearchCSVExportDelimiter"

Allows the IQ instance to send non-anonymized telemetry data to Sonatype. This data is used to generate Data Insights. Disabling this property will cause a degraded user experience.

Property: ADVANCED_REPORTING_INSIGHTS_ENABLED

Default: true

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"ADVANCED_REPORTING_INSIGHTS_ENABLED": true }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=ADVANCED_REPORTING_INSIGHTS_ENABLED"

Reduces the data being consumed through the API when more than one Lifecycle stage is commonly used by setting the specific stageId for which success metrics are retrieved.

Allowed values: source , build , stage-release , release , operate

Property: successMetricsStageId

Default: null

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"successMetricsStageId": "stage-release" }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=successMetricsStageId"

The default (null) behavior will delete the previous scan files whenever a new scan is done.

When set to withReports the previous scan files are retained. Scan files are managed with their associated report files during the Data Retention clean-up process.

See Promote Scan REST API to learn more.

Property: purgeScanFiles

Default: null; Supports: withReports and null.

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"purgeScanFiles": "withReports" }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=purgeScanFiles"

Enables observed license detection for additional ecosystems for users of Lifecycle with Advanced Legal Pack (ALP) add-on. This setting was set to false for IQ Server versions installed before release 165 but newer instances default to true.

Property: alpObservedLicenseDetectionEnabled

Default: true

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"alpObservedLicenseDetectionEnabled": true }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=alpObservedLicenseDetectionEnabled"

The custom quarantined message to display when a component fails a Repository Firewall policy. This message may be up to 500 chars and include URLs.

See Custom Quarantine Message to learn more.

Property: quarantinedItemCustomMessage

Default: null

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"quarantinedItemCustomMessage": "This is a custom message." }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=quarantinedItemCustomMessage"

Set the frequently the Repository Firewall checks components quarantined in the past 14 days for updated metadata.

Scheduling interval (in minutes) for Automatic Quarantine Release. The minimum value supported is 30 minutes.

Property: automaticQuarantineReleaseTimeIntervalInMinutes

Default: 60

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"automaticQuarantineReleaseTimeIntervalInMinutes": 120 }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=automaticQuarantineReleaseTimeIntervalInMinutes"

Expiration time for quarantine reports

Property: quarantinedComponentReportExpirationTimeInHours

Default: 12

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"quarantinedComponentReportExpirationTimeInHours": 2 }' http://localhost:8070/api/v2/config

curl -u admin:admin123 -X GET "https://localhost:8070/api/v2/config?property=quarantinedComponentReportExpirationTimeInHours"