General settings

The top-level General settings screen in Policy Studio enables you to set global configuration settings to optimize the behavior of API Gateway for your environment.

To configure these settings, in the Policy Studio tree, select the Server Settings node, and click General. To confirm updates to these settings, click Apply changes at the bottom right of the screen.

After changing any settings, you must deploy to API Gateway for the changes to be enforced. You can do this in the Policy Studio main menu by selecting Server > Deploy. Alternatively, click the Deploy button in the toolbar, or press F6.

Settings

You can configure the following settings in the General screen:

Setting Description
Tracing level Enables you to set the trace level for API Gateway at runtime. Select the appropriate option from the drop-down list. Defaults to INFO.
Active timeout When the API Gateway receives a large HTTP request, it reads the request off the network when it becomes available. If the time between reading successive blocks of data exceeds the Active Timeout specified in milliseconds, API Gateway closes the connection. This guards against a host closing the connection in the middle of sending data.

For example, if the host's network connection is pulled out of the machine while in the middle of sending data to API Gateway. When API Gateway has read all the available data off the network, it waits the Active Timeout period before closing the connection. Defaults to 30000 milliseconds.

You can configure this setting on a per-host basis using the Remote Hosts interface. For more details, see the API Gateway Policy Developer Guide.

Date format

Configures the format of the date for the purposes of transaction audit logging and historic metrics. Defaults to MM.dd.yyyy HH:mm:ss,SSS. For more details on this format, see http://docs.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html.

See also Transaction audit log settings.

Cache refresh interval Configures the number of seconds that the server caches data loaded from an external source before refreshing data from that source. Defaults to 5 seconds. To disable the cache, set this to 0. This cache applies to attributes retrieved from external databases, LDAP directories, internal user stores, and IBM Tivoli. It also applies to query results for authentication against LDAP or databases, and to certificate revocation lists for certificate validation (CRL and XKMS only).
Transaction timeout A configurable transaction timeout that detects slow HTTP attacks (slow header write, slow body write, slow read) and rejects any transaction that keeps the worker threads occupied for an excessive amount of time. The default value is 240000 milliseconds.
Maximum sent bytes per transaction The maximum number of bytes sent in a transaction. This is a configurable maximum length for the transmitted data on transactions that API Gateway can handle. This helps to prevent denial-of-service (DoS) attacks. This setting limits the entire amount of data sent over the link, regardless of whether it consists of body, headers, or request line. The default value is 10 MB (10485760 bytes).
Maximum received bytes per transaction

The maximum number of bytes received in a transaction. This is a configurable maximum length for the received data on transactions that API Gateway can handle. This helps to prevent denial-of-service (DoS) attacks. This setting limits the entire amount of data received over the link, regardless of whether it consists of body, headers, or request line. The default value is 10 MB (10485760 bytes).

Note   In a multi-datacenter environment with a large number of APIs and a large volume of data, you may need to increase this value to optimize the performance of the API Manager web console.
Idle timeout API Gateway supports HTTP 1.1 persistent connections. The Idle Timeout specified in milliseconds is the time that API Gateway waits after sending a message over a persistent connection before it closes the connection.

Typically, the host tells API Gateway that it wants to use a persistent connection. API Gateway acknowledges this instruction and decides to keep the connection open for a certain amount of time after sending the message to the host. If the connection is not reused within the Idle Timeout period, API Gateway closes the connection. Defaults to 15000 milliseconds.

You can configure this setting on a per-host basis using the Remote Hosts interface. For more details, see the API Gateway Policy Developer Guide.

LDAP service provider Specifies the service provider used for looking up an LDAP server (for example, com.sun.jndi.ldap.LdapCtxFactory). The provider is typically used to connect to LDAP directories for certificate and attribute retrieval.
Maximum memory per request

The maximum amount of memory in bytes that API Gateway can allocate to each request. This setting helps protect against denial of service caused by undue pressure on memory.

You also can configure this setting at the HTTP/S interface level. For more details, see the API Gateway Policy Developer Guide.

Tip   As a general rule for XML messages, if you need to process a message of size N, you should allocate 6–7 times N amount of memory.
Realm Specifies the realm for authentication purposes.
Schema pool size Sets the size of the Schema Parser pool.
Server brand Specifies the branding to be used in API Gateway.
SSL session cache size Specifies the number of idle SSL sessions that can be kept in memory. You can use this setting to improve performance because the slowest part of establishing the SSL connection is cached. A new connection does not need to go through full authentication if it finds its target in the cache. Defaults to 32.

If there are more than 32 simultaneous SSL sessions, this does not prevent another SSL connection from being established, but means that no more SSL sessions are cached. A cache size of 0 means no cache, and no outbound SSL connections are cached.

Token drift time Specifies the number of seconds drift allowed for WS-Security tokens. This is important in cases where API Gateway is checking the date on incoming WS-Security tokens. It is likely that the machine on which the token was created is out-of-sync with the machine on which API Gateway is running. The drift time allows for differences in the respective machine clock times.
Allowed number of operations to limit XPath transforms Specifies the total number of node operations permitted in XPath transformations. Complex XPath expressions (or those constructed together with content to produce expensive processing) might lead to a denial-of-service risk. Defaults to 4096.
Input encodings Click the browse button to specify the HTTP content encodings that API Gateway instance can accept from peers. The available content encodings include gzip and deflate. Defaults to no context encodings. For more details, see the API Gateway Policy Developer Guide.
Output encodings Click the browse button to specify the HTTP content encodings that API Gateway instancecan apply to outgoing messages. The available content encodings include gzip and deflate. Defaults to no context encodings. For more details, see the API Gateway Policy Developer Guide.
Server's SSL cert's name must match name of requested server Ensures that the certificate presented by the server matches the name of the host address being connected to. This prevents host spoofing and man-in-the-middle attacks. This setting is enabled by default.
Send desired server name to server during TLS negotiation Specifies whether to add a field to outbound TLS/SSL calls that shows the name that the client used to connect. For example, this can be useful if the server handles several different domains, and needs to present different certificates depending on the name that the client used to connect. This setting is not selected by default.
Add correlation ID to outbound headers Specifies whether to insert the correlation ID in outbound messages. For the HTTP transport, this means that an X-CorrelationID header is added to the outbound message. This is a transaction ID that is tagged to each message transaction that passes through API Gateway, and which is used for traffic monitoring in the API Gateway Manager web console.

You can use the correlation ID to search for messages in the console. You can also access the its value using the id message attribute in an API Gateway policy. An example correlation ID value is Id-54bbc74f515d52d71a4c0000. This setting is selected by default.

Related Links