> ## Documentation Index
> Fetch the complete documentation index at: https://tyk.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Environment Variables and Configuration
> Configuration reference for the Tyk Enterprise Developer Portal
To configure the Tyk Enterprise Developer Portal, you can use either a config file or environment variables.
The table below provides a reference to all options available to you when configuring the portal.
### Environment Variable Type Mapping
When configuring Tyk components using environment variables, it's important to understand how different data types are represented. The type of each variable is based on its definition in the Go source code. This section provides a guide on how to format values for common data types.
| Go Type | Environment Variable Format | Example |
| ------------------------ | ------------------------------------------ | -------------------------------------------------------------------- |
| `string` | A regular string of text. | `TYK_GW_SECRET="mysecret"` |
| `int`, `int64` | A whole number. | `TYK_GW_LISTENPORT=8080` |
| `bool` | `true` or `false`. | `TYK_GW_USEDBAPPCONFIG=true` |
| `[]string` | A comma-separated list of strings. | `TYK_PMP_PUMPS_STDOUT_FILTERS_SKIPPEDAPIIDS="api1,api2,api3"` |
| `map[string]string` | A comma-separated list of key:value pairs. | `TYK_GW_GLOBALHEADERS="X-Tyk-Test:true,X-Tyk-Version:1.0"` |
| `map[string]interface{}` | A JSON string representing the object. | `TYK_GW_POLICIES_POLICYSOURCE_CONFIG='{"connection_string": "..."}'` |
For complex types like `map[string]interface{}`, the value should be a valid JSON string. For `[]string` and `map[string]string`, ensure there are no spaces around the commas unless they are part of the value itself.
## Portal settings
This section explains the general portal settings, including which port it will be listening on, how often it should synchronize API Products and plans with the Tyk Dashboard, and so on.
Most of these settings are optional, except for the PORTAL\_LICENSEKEY. If you don't specify these settings, the default values will be used.
However, you can leverage the settings below to customize the deployment of your portal.
### Sample storage setting section via config file
```json theme={null}
{
"HostPort": 3001,
"RefreshInterval": 10,
"LicenseKey": "your-license-key",
"Theming": {
"Theme": "default",
"Path": "./themes"
},
"ProductDocRenderer": "stoplight",
"LogLevel": "debug",
"LogFormat": "dev",
"SSOCustomLoginURL": "https://your-idp.example.com/login",
"TLSConfig": {
"Enable": true,
"InsecureSkipVerify": true,
"Certificates": [
{
"Name": "localhost",
"CertFile": "portal.crt",
"KeyFile": "portal.key"
}
],
"MinVersion": "772"
},
"PortalAPISecret": "your-portal-api-secret"
}
```
### Sample storage setting section via environment variables
```.ini theme={null}
PORTAL_HOSTPORT=3001
PORTAL_REFRESHINTERVAL=10
PORTAL_LICENSEKEY=your-license-key
PORTAL_THEMING_THEME=default
PORTAL_THEMING_PATH=./themes
PORTAL_DOCRENDERER=stoplight
PORTAL_LOG_LEVEL=debug
PORTAL_LOG_FORMAT=dev
PORTAL_SSO_CUSTOM_LOGIN_URL=https://your-idp.example.com/login
PORTAL_TLS_ENABLE=true
PORTAL_TLS_INSECURE_SKIP_VERIFY=true
PORTAL_TLS_CERTIFICATES = '[{"Name": "localhost","CertFile": "portal.crt","KeyFile": "portal.key"}]'
PORTAL_API_SECRET=your-portal-api-secret
```
### PORTAL\_HOSTPORT
**Config file:** HostPort
**Type:** `int`
**Description**: The port on which the portal will run inside the container. Not required. If it is not specified, the default value is 3001.
### PORTAL\_REFRESHINTERVAL
**Config file:** RefreshInterval
**Type:** `int`
**Description**: How the portal will synchronise API Products and plans with the Tyk Dashboard. The value is specified in minutes.
Not required. If it is not specified, the default value is 10.
### PORTAL\_LICENSEKEY
**Config file:** LicenseKey
**Type:** `string`
**Description**: A license key that Tyk provides. Required to start the portal.
### PORTAL\_THEMING\_THEME
**Config file:** Theming.Theme
**Type:** `string`
**Description**: The name of a theme the portal should use after the start-up. You can change this later via the Themes UI.
It's not required to specify, as the portal comes with only one theme named `default`; therefore, PORTAL\_THEMING\_THEME defaults to `default`.
However, if you have already created [a theme](/5.12/portal/customization#) and want the portal to use when it starts for the first time, then you can use this setting to achieve that.
### PORTAL\_THEMING\_PATH
**Config file:** Theming.Path
**Type:** `string`
**Description**: Defines a folder where themes are located. Depending on the storage type that you use, you can specify either a relative or an absolute path:
* If you use the `fs` storage type, you can specify both a relative path (e.g., `./themes`) and an absolute path (e.g., `/themes`)
* If you use the `s3` or `db` storage type, however, you can only use an absolute path (e.g., `/themes`).
The default value for this variable is `./themes`, so it's important to redefine it if you plan to use the `s3` or `db` storage types.
### PORTAL\_THEMING\_DISABLE\_UPLOAD
**Config file:** Theming.DisableUpload
**Type:** `boolean`
**Description**: Disables uploading theme via the UI. The default value is `false`.
### PORTAL\_MAX\_UPLOAD\_SIZE
**Config file:** MaxUploadSize
**Type:** `int`
**Description**: Defines the maximum size in bytes of a theme file that can be uploaded via the UI. The default value is 33554432 bytes (32 mb).
Please note that the size of individual files should not exceed 5 MB. If the size of any individual file in a theme exceeds 5 MB, the theme will not be uploaded, even if the total size of all files is less than `PORTAL_MAX_UPLOAD_SIZE`.
### PORTAL\_DOCRENDERER
**Config file:** ProductDocRenderer
**Type:** `string`
**Options:**
* `stoplight` to use Stoplight as a documentation renderer;
* `redoc` to use Redoc as a documentation renderer.
**Description**: Use this setting to specify which OAS documentation renderer to use to render the OpenAPI Specification. Not required. If it is not specified, the default value is `stoplight`.
### PORTAL\_DCR\_LOG\_ENABLED
**Config file:** DCRLogEnabled
**Type:** `boolean`
**Description**: When enabled, the portal will print raw responses from the OAuth2.0 Identity Provider for the DCR flow.
Raw responses from the Identity Providers may contain sensitive information; therefore, we recommend enabling this option only for debugging purposes. Available options are:
* `true` for enabling the detailed logs;
* `false` for disabling the detailed logs.
The default value is `false`.
## Audit log settings
This section explains how to configure the audit log in the portal. When the audit log is enabled, each admin's action will leave a trace in the *portal.log* file located in the directory specified by the `PORTAL_AUDIT_LOG_ENABLE` setting.
### PORTAL\_AUDIT\_LOG\_ENABLE
**Config file:** AuditLog.Enable
**Type:** `boolean`
**Description**: Enables the audit log capability. The default value is `false`.
### PORTAL\_AUDIT\_LOG\_PATH
**Config file:** AuditLog.Path
**Type:** `string`
**Description**: Path to a directory with the audit log file. When audit log is enabled, the portal will create a file called `portal.log` in that directory. All admin actions will be reflected in that file.
## Session management
This section explains how to configure session management for the portal. Using the settings below, you can configure:
* Name of the portal's session cookie.
* Various aspects of cookie security, including: should it be sent using a TLS-encrypted connection,and is it accessible by JavaScript API on the client-side?
* Cookie encryption key.
* Cookie lifetime.
### PORTAL\_SESSION\_NAME
**Config file:** Session.Name
**Type:** `string`
**Description**: Name of the portal's cookie. The default value is `portal-session`.
### PORTAL\_SESSION\_SECURE
**Config file:** Session.Secure
**Type:** `boolean`
**Description**: Controls whether the portal adds the `Secure` attribute to the `Set-Cookie` header in all responses from the portal's backend, except for the admin APIs. It's important to note that if the connection between the portal and the browser is not secured with TLS, the browser will ignore the `Secure` attribute.
We recommend enabling TLS and setting this attribute to `true` for all production environments. The default value is `false`.
### PORTAL\_SESSION\_HTTPONLY
**Config file:** Session.HttpOnly
**Type:** `boolean`
**Description**: Controls whether the portal adds the `HttpOnly` attribute to the `Set-Cookie` header in all responses from the portal's backend, except for the admin APIs. This cookie attribute controls if the cookie is only accessible at the server and not by JavaScript on the client side.
This is a security measure to prevent XSS attacks.
We recommend setting it to `true` in production environments. The default value is `true`.
### PORTAL\_SESSION\_SAMESITE
**Config file:** Session.SameSite
**Type:** `string`
**Description**: Controls the value of the `SameSite` attribute for the portal’s cookie. The portal adds the `SameSite` attribute with the value specified in `PORTAL_SESSION_SAMESITE` to the `Set-Cookie` header in all responses from the portal's backend, except for the admin APIs.
Available options are:
* `None`;
* `Lax`;
* `Strict`.
The default value is `Strict`. If the value specified in the `PORTAL_SESSION_SAMESITE` setting does not match any of the above-mentioned options, it defaults to `Strict`.
### PORTAL\_SESSION\_KEY
**Config file:** Session.Key
**Type:** `string`
**Description**: The cookie encryption key. The default value is a random 32-bytes string.
### PORTAL\_SESSION\_LIFETIME
**Config file:** Session.LifeTime
**Type:** `int`
**Description**: The lifetime of the portal's session in seconds. The default value is 604800 seconds (7 days).
## PORTAL\_SESSION\_IDLE\_TIMEOUT
**Config file:** Session.IdleTimeout
**Type:** `int`
**Description**: The duration in seconds before a portal session is considered idle. A session is deemed idle when there is no user activity, such as clicks, navigation, or input. Once the idle timeout is reached, the session will expire, requiring the user to log in again. The default value is 3600 seconds (1 hour).
### PORTAL\_ENABLE\_HTTP\_PROFILER
**Config file:** EnableHttpProfiler
**Type:** `boolean`
**Description**: Enables debugging of the portal by exposing the Golang profiling information at `/debug/pprof/`. The default value is `false`.
**Profiling**
We recommend using the profiler only in non-production environments. Be sure to disable it in production by setting `PORTAL_ENABLE_HTTP_PROFILER` to `false`.
### PORTAL\_LOG\_LEVEL
**Config file:** LogLevel
**Type:** `string`
**Description**: Defines the log level, available options are:
* debug
* info
* warn
* error
* dpanic
* panic
* fatal
### PORTAL\_LOG\_FORMAT
**Config file:** LogFormat
**Type:** `string`
**Description**: Defines the log format, available options are:
* `dev` for verbose human-readable output
* `prod` for output in json format.
### PORTAL\_TLS\_ENABLE
**Config file:** TLSConfig.Enable
**Type:** `boolean`
**Description**: Enables TLS. The default value is `false`.
### PORTAL\_TLS\_INSECURE\_SKIP\_VERIFY
**Config file:** TLSConfig.InsecureSkipVerify
**Type:** `boolean`
**Description**: Skip verification of self-signed certificates.
### PORTAL\_TLS\_MIN\_VERSION
**Config file:** TLSConfig.MinVersion
**Type:** `string`
**Description**: Minimum TLS version. Defaults to 769 (TLS 1.0).
Values for TLS Versions:
| TLS Version | Value to Use |
| :---------- | :----------- |
| 1.0 | 769 |
| 1.1 | 770 |
| 1.2 | 771 |
| 1.3 | 772 |
### PORTAL\_TLS\_MAX\_VERSION
**Config file:** TLSConfig.MaxVersion
**Type:** `string`
**Description**: Maximum TLS version. Defaults to 772 (TLS 1.3).
Values for TLS Versions:
| TLS Version | Value to Use |
| :---------- | :----------- |
| 1.0 | 769 |
| 1.1 | 770 |
| 1.2 | 771 |
| 1.3 | 772 |
### PORTAL\_TLS\_CIPHER\_SUITES
**Config file:** TLSConfig.CipherSuites
**Type:** `[]string`
**Description**: Array of allowed cipher suites as defined at [https://golang.org/pkg/crypto/tls/#pkg-constants](https://golang.org/pkg/crypto/tls/#pkg-constants).
### PORTAL\_TLS\_CERTIFICATES
**Config file:** TLSConfig.Certificates
**Type:** `json`
**Description**: JSON (or JSON-formatted string in case of environment variable) containing a list of certificates. Each certificate is defined by three properties:
* Name
* CertFile
* KeyFile
### PORTAL\_API\_SECRET
**Config file:** PortalAPISecret
**Type:** `string`
**Description**: API secret for enabling [Single Sign-on (SSO) flow](/5.12/tyk-stack/tyk-developer-portal/enterprise-developer-portal/managing-access/enable-sso) with the Tyk Identity Broker.
You can specify any string value in this setting. Omit this setting if you don't require SSO.
### PORTAL\_SSO\_CUSTOM\_LOGIN\_URL
**Config file:** SSOCustomLoginURL
**Type:** `string`
**Description**: Redirects the portal login page to a custom SSO login URL. When set, GET requests to `/auth/password/login` are automatically redirected to this URL, and the portal's "Log in" button points to it. This is useful when using an Identity Provider (IDP) based login/SSO profile, as it allows you to bypass the default portal password login page and direct users to your external IDP login page instead. This setting only affects the login page redirect; user registration and password reset pages remain unchanged.
## Response Headers Configuration
This section explains how to configure custom HTTP response headers that will be added to all responses from the Portal.
### PORTAL\_RESPONSE\_HEADERS
**Config file:** ResponseHeaders
**Type:** `[]{Key: string, Value: string}`
**Description**: Configures custom HTTP response headers that will be added to all responses from the Portal. The value must be a JSON array of objects containing Key and Value fields.
**Example configuration via environment variable:**
```bash theme={null}
export PORTAL_RESPONSE_HEADERS='[{"Key":"X-Frame-Options", "Value":"DENY"}, {"Key":"Content-Security-Policy", "Value":"default-src '\''self'\''"}]'
```
**Example configuration via config file:**
```json theme={null}
{
"ResponseHeaders": [
{
"Key": "X-Frame-Options",
"Value": "DENY"
},
{
"Key": "Content-Security-Policy",
"Value": "default-src 'self'"
}
]
}
```
**Common use cases include:**
* Security headers (`X-Frame-Options`, `Content-Security-Policy`)
* CORS headers
* Cache control headers
* Custom application headers
If the JSON format is invalid, the Portal will return an error message indicating the correct format:
```
Invalid value for PORTAL_RESPONSE_HEADERS. Valid Format: '[{"Key": "header-key", "Value": "value-for-given-key"}]'
```
## Storage settings
Using variables from this section, you can configure storage for the portal's CMS assets, such as themes, images, and Open API Specification files. The portal supports two types of storage:
* S3 volume;
* And filesystem.
### Sample storage setting section via config file
```json theme={null}
{
"Storage": "s3",
"S3": {
"AccessKey": "your-access-key",
"SecretKey": "your-secret-key",
"Region": "sa-east-1",
"Endpoint": "https://s3.sa-east-1.amazonaws.com",
"Bucket": "your-portal-bucket",
"ACL": "private",
"PresignURLs": true
}
}
```
### Sample storage setting section via environment variables
```.ini theme={null}
PORTAL_STORAGE=s3
PORTAL_S3_AWS_ACCESS_KEY_ID=your-access-key
PORTAL_S3_AWS_SECRET_ACCESS_KEY=your-secret-key
PORTAL_S3_REGION=sa-east-1
PORTAL_S3_ENDPOINT=your-portal-bucket
PORTAL_S3_BUCKET=https://s3.sa-east-1.amazonaws.com
PORTAL_S3_ACL=private
PORTAL_S3_PRESIGN_URLS=true
```
### PORTAL\_STORAGE
**Config file:** Storage
**Type:** `string`
**Options:**
* `fs` to use file system storage type;
* `db` to use the portal's main database. If the `db` is selected as a storage type, the portal application will create appropriate structure in the database that
* `s3` to use S3 volume for storing the portal assets.
**Description**: Defines which type of storage to use for the portal's CMS assets. Not required. If it is not specified, the default value is `fs`.
### PORTAL\_S3\_AWS\_ACCESS\_KEY\_ID
**Config file:** S3.AccessKey
**Type:** `string`
**Description**: Access key for your S3 bucket. This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_S3\_AWS\_SECRET\_ACCESS\_KEY
**Config file:** S3.SecretKey
**Type:** `string`
**Description**: Secret access key for your S3 bucket. This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_S3\_REGION
**Config file:** S3.Region
**Type:** `string`
**Description**: AWS region where the S3 bucket is hosted. E.g., `sa-east-1`. This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_S3\_ENDPOINT
**Config file:** S3.Endpoint
**Type:** `string`
**Description**: URL to object storage service. E.g., `https://s3.sa-east-1.amazonaws.com` or `https://play.min.io`. This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_S3\_BUCKET
**Config file:** S3.Bucket
**Type:** `string`
**Description**: Name of the S3 bucket. Required only for the `s3` storage type. This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_S3\_ACL
**Config file:** S3.ACL
**Type:** `string`
**Description**: ACL permissions are set on the bucket, with options including `private`, `public-read`, `public-read-write`, and `authenticated-read`.
If the bucket uses a policy to set permissions, you should leave the ACL value empty. This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_S3\_PRESIGN\_URLS
**Config file:** S3.PresignURLs
**Type:** `string`
**Description**: The PresignURLs option instructs the client to retrieve presigned URLs for the objects.
This is particularly useful if the bucket is private and you need to access the object directly, such as when displaying an image on a web page.
This option is only required for the `s3` storage type and will be ignored for the `fs` and `db` storage types.
### PORTAL\_ASSETS\_CACHE\_DISABLE
**Config file:** AssetsCache.Disable
**Type:** `boolean`
**Description**: If the storage type is set to `db`, an in-memory cache will be used for the themes storage. This configuration disables the assets cache. The default value is `false`.
## TLS configuration
This section explains the TLS configuration settings to enable connection to the portal's UI over HTTPS.
### PORTAL\_TLS\_ENABLE
**Config file:** TLSConfig.Enable
**Type:** `boolean`
**Description**: Enables or disables connection over HTTPS. When TLS is enabled, the portal will expect a TLS certificate to be provided via *PORTAL\_TLS\_CERTIFICATES*.
When TLS is enabled and no certificates are provided, the portal won't start. The default value is `false`.
### PORTAL\_TLS\_CERTIFICATES
**Config file:** TLSConfig.Certificates
**Type:** `string`
**Description**: A JSON-formatted string that provides the hostname, in addition to the paths to a TLS certificate and key file:
* `Name`: The hostname of the portal. This should match the hostname of the certificate file.
* `CertFile`: The path to a TLS certificate file in the CRT format for the specified hostname.
* `KeyFile`: The path to a TLS key file for the specified hostname.
Example:
```json theme={null}
[{"Name": "tyk.io","CertFile": "portal.crt","KeyFile": "portal.key"}]
```
## Database connection settings
This section provides a reference for the database connection settings used in the portal.
### Sample database connection setting section via config file
```json theme={null}
{
"Database": {
"Dialect": "mysql",
"ConnectionString": "admin:secr3t@(localhost:3308)/portal?charset=utf8&parseTime=True&loc=Local",
"EnableLogs": true,
"MaxRetries": 3,
"RetryDelay": 2000,
"MaxOpenConnections": 20,
"MaxIdleConnections": 2,
"ConnectionMaxLifetime": 180000
}
}
```
### Sample database connection setting section via environment variables
```.ini theme={null}
PORTAL_DATABASE_DIALECT="mysql"
PORTAL_DATABASE_CONNECTIONSTRING="admin:secr3t@(localhost:3308)/portal?charset=utf8&parseTime=True&loc=Local"
PORTAL_DATABASE_ENABLELOGS=true
PORTAL_DATABASE_MAXRETRIES=3
PORTAL_DATABASE_RETRYDELAY=5000
PORTAL_DATABASE_MAX_OPEN_CONNECTIONS=20
PORTAL_DATABASE_MAX_IDLE_CONNECTIONS=2
PORTAL_DATABASE_CONNECTION_MAX_LIFETIME=180000
```
### PORTAL\_DATABASE\_DIALECT
**Config file:** Database.Dialect
**Type:** `string`
**Description**: A database will be used to store the portal data. Available dialects are:
* `mysql`
* `postgres`
* `sqlite3`
### PORTAL\_DATABASE\_CONNECTIONSTRING
**Config file:** Database.ConnectionString
**Type:** `string`
**Description**: Connection string to the selected database. This setting must be present if the `PORTAL_DATABASE_DIALECT` is specified.
### PORTAL\_DATABASE\_ENABLELOGS
**Config file:** Database.EnableLogs
**Type:** `boolean`
**Description**: Enables logging connection to the database. We recommend disabling this in production environments.
### PORTAL\_DATABASE\_MAXRETRIES
**Config file:** Database.MaxRetries
**Type:** `int`
**Description**: Defines how many times the portal will retry to connect to the database. Optional, the default value is 3.
### PORTAL\_DATABASE\_RETRYDELAY
**Config file:** Database.RetryDelay
**Type:** `int`
**Description**: Defines the delay between connect attempts (in milliseconds). Optional. Default value: 5000.
### PORTAL\_DATABASE\_MAX\_OPEN\_CONNECTIONS
**Config file:** Database.MaxOpenConnections
**Type:** `int`
**Description**: Defines the maximum number of concurrent connections that the database can handle from the application. When the number of open connections reaches this limit, new requests will wait until a connection becomes available. Optional. Default value: unlimited.
### PORTAL\_DATABASE\_MAX\_IDLE\_CONNECTIONS
**Config file:** Database.MaxIdleConnections
**Type:** `int`
**Description**: Defines the maximum number of idle connections in the database connection pool. Idle connections are open but not currently being used. Keeping some idle connections can improve performance by reducing the time it takes to establish a new connection when demand increases. Optional. Default value: 2.
### PORTAL\_DATABASE\_CONNECTION\_MAX\_LIFETIME
**Config file:** Database.ConnectionMaxLifetime
**Type:** `int`
**Description**: Defines the maximum lifetime of a connection in milliseconds. This setting is optional. If not specified, the default value is 1800000 milliseconds (30 minutes). If set to `0`, the connection lifetime is unlimited, meaning connections are reused indefinitely unless closed due to errors or manually by the application.
## CORS settings
This section explains how to configure [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) for the portal.
### PORTAL\_CORS\_ENABLE
**Config file:** CORS.Enable
**Type:** `boolean`
**Description**: Enables or disables the CORS settings for the portal. When disabled, no CORS settings are applied.
In other words, any cross-origin request will be denied. When enabled, the below defined CORS settings are applied. The default value is `false`.
### PORTAL\_CORS\_ALLOWED\_ORIGINS
**Config file:** CORS.AllowedOrigins
**Type:** `[string]`
**Description**: A list of origin domains to allow access from. Wildcards are also supported, e.g. \[`*.foo.com`] will allow access from any domain that ends with *.foo.com*.
By default, no origins are allowed. To apply this setting, an array of the allowed origins.
To configure using a configuration file:
```json theme={null}
{
"CORS": {
"AllowedOrigins": ["*.foo.com","*.bar.com"]
}
}
```
To configure using an environment variable:
```console theme={null}
PORTAL_CORS_ALLOWED_ORIGINS=*.foo.com,*.bar.com
```
### PORTAL\_CORS\_ALLOWED\_HEADERS
**Config file:** CORS.AllowedHeaders
**Type:** `[string]`
**Description**: Headers that are allowed within a request. To apply this setting, specify an array of the allowed headers. By default, no headers are allowed.
To configure using a configuration file:
```json theme={null}
{
"CORS": {
"AllowedHeaders": ["X-Method-Override","X-API-Key"]
}
}
```
To configure using an environment variable:
```console theme={null}
PORTAL_CORS_ALLOWED_HEADERS=X-Method-Override,X-API-Key
```
### PORTAL\_CORS\_ALLOWED\_METHODS
**Config file:** CORS.AllowedMethods
**Type:** `[string]`
**Description**: A list of methods that are allowed access. To apply this setting, specify an array of the allowed methods. By default, `GET` and `POST` methods are allowed.
To configure using a configuration file:
```json theme={null}
{
"CORS": {
"AllowedMethods": ["GET", "POST", "HEAD"]
}
}
```
To configure using an environment variable:
```console theme={null}
PORTAL_CORS_ALLOWED_METHODS=GET,POST,HEAD
```
### PORTAL\_CORS\_MAX\_AGE
**Config file:** CORS.MaxAge
**Type:** `int`
**Description**: Indicates how long the results of a preflight request can be cached. The default value is `0`, which stands for no max age.
### PORTAL\_DISABLE\_CSRF\_CHECK
**Config file:** DisableCSRFCheck
**Type:** `bool`
**Description**: When set to `true`, disables CSRF protection for all routes. By default, CSRF protection is enabled to prevent cross-site request forgery attacks. Only disable this in development environments or when you have alternative security measures in place.
### PORTAL\_CORS\_ALLOW\_CREDENTIALS
**Config file:** CORS.AllowCredentials
**Type:** `boolean`
**Description**: Indicates whether the request can include user credentials like cookies, HTTP authentication, or client-side SSL certificates. The default is `false`.
### PORTAL\_TIB\_ENABLED
**Config file:** TIB.Enable
**Type:** `boolean`
**Description**: Enables or disables the Tyk Identity Broker (TIB) integration. When disabled, it will not appear in the UI. The default value is `false`.
### PORTAL\_NOTIFICATIONS\_JOB\_FREQUENCY
**Config file:** NotificationsJobFrequency
**Type:** `int`
**Description**: Defines the frequency of the notifications job that fetches notifications from the portal's database in minutes. The default value is `30` minutes.
## Webhooks settings
This section explains how to configure webhooks in the portal.
### PORTAL\_WEBHOOKS\_SECRET
**Config file:** Webhooks.Secret
**Type:** `string`
**Description**: The global secret key used to sign all outgoing webhooks.
### PORTAL\_WEBHOOKS\_PAUSE\_DURATION
**Config file:** Webhooks.PauseDuration
**Type:** `int`
**Description**: The duration (in seconds) to pause a webhook after a failed delivery attempt before retrying. Defaults to 5 seconds.
### PORTAL\_WEBHOOKS\_CACHE\_EXPIRATION
**Config file:** Webhooks.CacheExpiration
**Type:** `int`
**Description**: The expiration time (in seconds) for the webhook cache.
### PORTAL\_WEBHOOKS\_CACHE\_CLEANUP\_INTERVAL
**Config file:** Webhooks.CacheCleanupInterval
**Type:** `int`
**Description**: The interval (in seconds) at which the webhook cache is cleaned up. Defaults to 5 seconds.
### PORTAL\_WEBHOOKS\_DISPATCH\_TIMEOUT
**Config file:** Webhooks.DispatchTimeout
**Type:** `int`
**Description**: The timeout (in seconds) for dispatching a single webhook request.
### PORTAL\_WEBHOOKS\_TOTAL\_WORKERS
**Config file:** Webhooks.TotalWorkers
**Type:** `int`
**Description**: The number of worker goroutines used to process webhooks concurrently. Defaults to 10.
### PORTAL\_WEBHOOKS\_PROVIDER
**Config file:** Webhooks.Provider
**Type:** `string`
**Description**: The storage provider used for managing webhooks (for example, `db`).
### PORTAL\_WEBHOOKS\_DISABLE
**Config file:** Webhooks.Disable
**Type:** `bool`
**Description**: A boolean flag (`true` or `false`) that disables webhooks entirely when set to `true`.
## Sample config file
```json theme={null}
{
"HostPort": 3001,
"RefreshInterval": 10,
"LicenseKey": "your-license-key",
"Theming": {
"Theme": "default",
"Path": "./themes"
},
"ProductDocRenderer": "stoplight",
"LogLevel": "debug",
"LogFormat": "dev",
"SSOCustomLoginURL": "https://your-idp.example.com/login",
"TLSConfig": {
"Enable": true,
"InsecureSkipVerify": true,
"Certificates": [
{
"Name": "localhost",
"CertFile": "portal.crt",
"KeyFile": "portal.key"
}
]
},
"PortalAPISecret": "your-portal-api-secret",
"Storage": "s3",
"S3": {
"AccessKey": "your-access-key",
"SecretKey": "your-secret-key",
"Region": "sa-east-1",
"Endpoint": "https://s3.sa-east-1.amazonaws.com",
"Bucket": "your-portal-bucket",
"ACL": "private",
"PresignURLs": true
},
"Database": {
"Dialect": "mysql",
"ConnectionString": "admin:secr3t@(localhost:3308)/portal?charset=utf8&parseTime=True&loc=Local",
"EnableLogs": true,
"MaxRetries": 3,
"RetryDelay": 2000
},
"TIB": {
"Enable": true
}
}
```
## Sample .env file
```ini theme={null}
PORTAL_HOSTPORT=3001
PORTAL_REFRESHINTERVAL=10
PORTAL_LICENSEKEY=your-license-key
PORTAL_THEMING_THEME=default
PORTAL_THEMING_PATH=./themes
PORTAL_DOCRENDERER=stoplight
PORTAL_LOG_LEVEL=debug
PORTAL_LOG_FORMAT=dev
PORTAL_SSO_CUSTOM_LOGIN_URL=https://your-idp.example.com/login
PORTAL_TLS_ENABLE=true
PORTAL_TLS_INSECURE_SKIP_VERIFY=true
PORTAL_TLS_CERTIFICATES = '[{"Name": "localhost","CertFile": "portal.crt","KeyFile": "portal.key"}]'
PORTAL_API_SECRET=your-portal-api-secret
PORTAL_STORAGE=s3
PORTAL_S3_AWS_ACCESS_KEY_ID=your-access-key
PORTAL_S3_AWS_SECRET_ACCESS_KEY=your-secret-key
PORTAL_S3_REGION=sa-east-1
PORTAL_S3_ENDPOINT=your-portal-bucket
PORTAL_S3_BUCKET=https://s3.sa-east-1.amazonaws.com
PORTAL_S3_ACL=private
PORTAL_S3_PRESIGN_URLS=true
PORTAL_DATABASE_DIALECT="mysql"
PORTAL_DATABASE_CONNECTIONSTRING="admin:secr3t@(localhost:3308)/portal?charset=utf8&parseTime=True&loc=Local"
PORTAL_DATABASE_ENABLELOGS=true
PORTAL_DATABASE_MAXRETRIES=3
PORTAL_TIB_ENABLED=true
```