Latest Default Configuration Reference
This is the latest default configuration reference for NpgsqlRest version 3.4.4.
json
/*
3.4.4 Default Configuration Template
*/
{
//
// The application name used to set the application name property in connection string by "NpgsqlRest.SetApplicationNameInConnection" or the "NpgsqlRest.UseJsonApplicationName" settings.
// It is the name of the top-level directory if set to null.
//
"ApplicationName": null,
//
// Production or Development
//
"EnvironmentName": "Production",
//
// Specify the urls the web host will listen on. See https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.hosting.hostingabstractionswebhostbuilderextensions.useurls?view=aspnetcore-8.0
//
"Urls": "http://localhost:8080",
//
// Logs at startup, format placeholders:
// {time} - startup time
// {urls} - listening on urls
// {version} - current version
// {environment} - EnvironmentName
// {application} - ApplicationName
//
// Note: This message is logged at Information level. To disable this message, set to empty string.
//
"StartupMessage": "Started in {time}, listening on {urls}, version {version}",
//
// Configuration settings
//
"Config": {
//
// Expose current configuration to the endpoint for debugging and inspection. Note, the password in the connection string is not exposed.
// "ExposeAsEndpoint": "/config" or set to null to disable.
//
"ExposeAsEndpoint": null,
//
// Add the environment variables to configuration.
// When enabled, environment variables will override the settings in this configuration file but can be overridden by command line arguments.
// Complex hierarchical keys can be defined using double underscore as a separator.
// For example, "ConnectionStrings__Default" environment variable will override the "ConnectionStrings.Default" setting in this configuration file.
//
"AddEnvironmentVariables": false,
//
// When set, configuration values will be parsed for environment variables in the format {ENV_VAR_NAME}
// and replaced with the value of the environment variable when available.
//
"ParseEnvironmentVariables": true,
//
// Path to a .env file containing environment variables.
// When AddEnvironmentVariables or ParseEnvironmentVariables is true and this file exists,
// variables from this file will be loaded and made available for configuration parsing.
// Format: KEY=VALUE (one per line)
//
"EnvFile": null
},
//
// List of named connection strings to PostgreSQL databases.
// The "Default" connection string is used when no connection name is specified.
// For connection string definition see https://www.npgsql.org/doc/connection-string-parameters.html
//
"ConnectionStrings": {
"Default": "Host={PGHOST};Port=5432;Database={PGDATABASE};Username={PGUSER};Password={PGPASSWORD}"
},
//
// Additional connection settings and options.
//
"ConnectionSettings": {
//
// Sets the ApplicationName connection property in the connection string to the value of the ApplicationName configuration.
// Note: This option is ignored if the UseJsonApplicationName option is enabled.
//
"SetApplicationNameInConnection": true,
//
// Sets the ApplicationName connection property dynamically on every request in the following format:
// {"app":"<ApplicationName>","uid":"<user_id>","id":"<NpgsqlRest.ExecutionIdHeaderName>"}
// Note: The ApplicationName connection property is limited to 64 characters.
//
"UseJsonApplicationName": false,
//
// Test any connection string before initializing the application and using it. The connection string is tested by opening and closing the connection.
//
"TestConnectionStrings": true,
//
// Connection open retry options.
//
"RetryOptions": {
"Enabled": true,
//
// Retry sequence in seconds. Accepts decimal numbers (0.25 is quarter of a second). The length of the array determines the maximum number of retries.
//
"RetrySequenceSeconds": [1, 3, 6, 12],
//
// Error codes that will trigger a retry when opening a connection. See https://www.postgresql.org/docs/current/errcodes-appendix.html
//
"ErrorCodes": [
"08000", "08003", "08006", "08001", "08004", // Connection failure codes
"55P03", // Lock not available
"55006", // Object in use
"53300", // Too many connections
"57P03", // Cannot connect now
"40001" // Serialization failure (can be retried)
]
},
//
// The connection name in ConnectionStrings configuration that will be used to execute the metadata query. If this value is null, the default connection string will be used.
//
"MetadataQueryConnectionName": null,
//
// Set the search path to this schema before executing the metadata query function.
// When null (default), no search path is set and the server's default search path is used.
//
// This is needed when using non superuser connection roles with limited schema access and mapping the metadata function to a specific schema.
// If the connection string contains the same "Search Path=" it will be skipped.
//
"MetadataQuerySchema": null,
// Any: Any successful connection is acceptable.
// Primary: Server must not be in hot standby mode (pg_is_in_recovery() must return false).
// Standby: Server must be in hot standby mode (pg_is_in_recovery() must return true).
// PreferPrimary: First try to find a primary server, but if none of the listed hosts is a primary server, try again in Any mode.
// PreferStandby: First try to find a standby server, but if none of the listed hosts is a standby server, try again in Any mode.
// ReadWrite: Session must accept read-write transactions by default (that is, the server must not be in hot standby mode and the default_transaction_read_only parameter must be off).
// ReadOnly: Session must not accept read-write transactions by default (the converse).
// see https://www.npgsql.org/doc/failover-and-load-balancing.html
"MultiHostConnectionTargets": {
// all connections use the same target mode
"Default": "Any",
// per connection overrides { "name": "Primary|Standby|Any|PreferPrimary|PreferStandby|ReadWrite|ReadOnly" }
"ByConnectionName": { }
}
},
//
// Enable to invoke UseKestrelHttpsConfiguration. See https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.hosting.webhostbuilderkestrelextensions.usekestrelhttpsconfiguration?view=aspnetcore-8.0
//
"Ssl": {
"Enabled": false,
//
// Adds middleware for redirecting HTTP Requests to HTTPS. See https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.httpspolicybuilderextensions.usehttpsredirection?view=aspnetcore-8.0
//
"UseHttpsRedirection": true,
//
// Adds middleware for using HSTS, which adds the Strict-Transport-Security header. See https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.hstsbuilderextensions.usehsts?view=aspnetcore-2.1
//
"UseHsts": true
},
//
// Data protection settings. Encryption/decryption settings for Auth Cookies, Antiforgery tokens and custom data protection needs.
//
"DataProtection": {
"Enabled": true,
//
// Set to null to use the current "ApplicationName" value.
// This value determines encryption type or class. Meaning, different application names will not be able to decrypt each other's data.
//
"CustomApplicationName": null,
//
// Sets the default lifetime in days of keys created by the data protection system.
// Represents a number of days how long before keys are rotated.
//
"DefaultKeyLifetimeDays": 90,
//
// Data protection location: "Default", "FileSystem" or "Database"
//
// Note: When running on Linux, using Default location means keys will not be persisted.
// When keys are lost on restart, encrypted tokens (auth) will also not work on restart.
// Linux users should use FileSystem or Database storage.
//
"Storage": "Default",
//
// FileSystem storage path. Set to a valid path when using FileSystem.
// Note: When running in Docker environment, the path must be a Docker volume path to persist the keys.
//
"FileSystemPath": "./data-protection-keys",
//
// GetAllElements database command. Expected to return rows with a single column of type text.
//
"GetAllElementsCommand": "select get_data_protection_keys()",
//
// StoreElement database command. Receives two parameters: name and data of type text. Doesn't return anything.
//
"StoreElementCommand": "call store_data_protection_keys($1,$2)",
//
// Configure encryption algorithms for data protection keys or null to use the default algorithm.
// Values: AES_128_CBC, AES_192_CBC, AES_256_CBC, AES_128_GCM, AES_192_GCM, AES_256_GCM
//
"EncryptionAlgorithm": null,
//
// Configure validation algorithms for data protection keys or null to use the default algorithm.
// Values: HMACSHA256, HMACSHA512
//
"ValidationAlgorithm": null,
//
// Key encryption method: "None", "Certificate", or "Dpapi" (Windows only)
// None: Keys are not encrypted at rest (default)
// Certificate: Keys are encrypted using an X.509 certificate
// Dpapi: Keys are encrypted using Windows Data Protection API (Windows only)
//
"KeyEncryption": "None",
//
// Path to the X.509 certificate file (.pfx) when using Certificate key encryption.
//
"CertificatePath": null,
//
// Password for the certificate file. Can be null for certificates without password.
// For security, consider using environment variable reference: "${CERT_PASSWORD}"
//
"CertificatePassword": null,
//
// When using Dpapi key encryption, set to true to protect keys to the local machine.
// If false (default), keys are protected to the current user account.
//
"DpapiLocalMachine": false
},
//
// Uncomment to configure Kestrel web server and to add certificates
// See https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-9.0
//
"Kestrel": {
// "Endpoints": {
// "Http": {
// "Url": "http://localhost:5000"
// },
// "HttpsInlineCertFile": {
// "Url": "https://localhost:5001",
// "Certificate": {
// "Path": "<path to .pfx file>",
// "Password": "$CREDENTIAL_PLACEHOLDER$"
// }
// },
// "HttpsInlineCertAndKeyFile": {
// "Url": "https://localhost:5002",
// "Certificate": {
// "Path": "<path to .pem/.crt file>",
// "KeyPath": "<path to .key file>",
// "Password": "$CREDENTIAL_PLACEHOLDER$"
// }
// },
// "HttpsInlineCertStore": {
// "Url": "https://localhost:5003",
// "Certificate": {
// "Subject": "<subject; required>",
// "Store": "<certificate store; required>",
// "Location": "<location; defaults to CurrentUser>",
// "AllowInvalid": "<true or false; defaults to false>"
// }
// },
// "HttpsDefaultCert": {
// "Url": "https://localhost:5004"
// }
// },
// "Certificates": {
// "Default": {
// "Path": "<path to .pfx file>",
// "Password": "$CREDENTIAL_PLACEHOLDER$"
// }
// },
// "Limits": {
// "MaxConcurrentConnections": 100,
// "MaxConcurrentUpgradedConnections": 100,
// "MaxRequestBodySize": 30000000,
// "MaxRequestBufferSize": 1048576,
// "MaxRequestHeaderCount": 100,
// "MaxRequestHeadersTotalSize": 32768,
// "MaxRequestLineSize": 8192,
// "MaxResponseBufferSize": 65536,
// "KeepAliveTimeout": "00:02:00",
// "RequestHeadersTimeout": "00:00:30",
// "Http2": {
// "MaxStreamsPerConnection": 100,
// "HeaderTableSize": 4096,
// "MaxFrameSize": 16384,
// "MaxRequestHeaderFieldSize": 8192,
// "InitialConnectionWindowSize": 65535,
// "InitialStreamWindowSize": 65535,
// "MaxReadFrameSize": 16384,
// "KeepAlivePingDelay": "00:00:30",
// "KeepAlivePingTimeout": "00:01:00",
// "KeepAlivePingPolicy": "WithActiveRequests"
// },
// "Http3": {
// "MaxRequestHeaderFieldSize": 8192
// }
// },
// "DisableStringReuse": false,
// "AllowAlternateSchemes": false,
// "AllowSynchronousIO": false,
// "AllowResponseHeaderCompression": true,
// "AddServerHeader": true,
// "AllowHostHeaderOverride": false
},
//
// Thread pool configuration settings for optimizing application performance
//
"ThreadPool": {
//
// Minimum number of worker threads in the thread pool. Set to null to use system defaults.
//
"MinWorkerThreads": null,
//
// Minimum number of completion port threads. Set to null to use system defaults.
//
"MinCompletionPortThreads": null,
//
// Maximum number of worker threads in the thread pool. Set to null to use system defaults.
//
"MaxWorkerThreads": null,
//
// Maximum number of completion port threads. Set to null to use system defaults.
//
"MaxCompletionPortThreads": null
},
//
// Authentication and Authorization settings
//
"Auth": {
//
// Enable Cookie Auth
//
"CookieAuth": false,
//
// Authentication scheme name for cookie authentication. Set to null to use default.
//
"CookieAuthScheme": null,
//
// Number of days the cookie remains valid.
//
"CookieValidDays": 14,
//
// Custom name for the authentication cookie. Set to null to use default.
//
"CookieName": null,
//
// Path scope for the authentication cookie. Set to null to use default.
//
"CookiePath": null,
//
// Domain scope for the authentication cookie. Set to null to use default.
//
"CookieDomain": null,
//
// Allow multiple concurrent sessions for the same user.
//
"CookieMultiSessions": true,
//
// Make cookie accessible only via HTTP (not JavaScript).
//
"CookieHttpOnly": true,
//
// Enable Microsoft Bearer Token Auth (proprietary format, not JWT)
//
"BearerTokenAuth": false,
//
// Authentication scheme name for bearer token authentication. Set to null to use default.
//
"BearerTokenAuthScheme": null,
//
// Number of hours before bearer token expires.
//
"BearerTokenExpireHours": 1,
// POST { "refresh": "{{refreshToken}}" }
"BearerTokenRefreshPath": "/api/token/refresh",
//
// Enable standard JWT (JSON Web Token) Bearer Authentication
//
"JwtAuth": false,
//
// Authentication scheme name for JWT authentication. Set to null to use default "JwtBearer".
//
"JwtAuthScheme": null,
//
// Secret key used to sign JWT tokens. Must be at least 32 characters for HS256.
// IMPORTANT: Use a strong, unique secret in production. Store securely (e.g., environment variable).
//
"JwtSecret": null,
//
// JWT issuer (iss claim). Identifies the principal that issued the JWT.
//
"JwtIssuer": null,
//
// JWT audience (aud claim). Identifies the recipients that the JWT is intended for.
//
"JwtAudience": null,
//
// Number of minutes before JWT access token expires. Default is 60 minutes.
//
"JwtExpireMinutes": 60,
//
// Number of days before JWT refresh token expires. Default is 7 days.
//
"JwtRefreshExpireDays": 7,
//
// Validate the issuer (iss) claim. Set to true if JwtIssuer is configured.
//
"JwtValidateIssuer": false,
//
// Validate the audience (aud) claim. Set to true if JwtAudience is configured.
//
"JwtValidateAudience": false,
//
// Validate the token lifetime (exp claim). Default is true.
//
"JwtValidateLifetime": true,
//
// Validate the signing key. Default is true.
//
"JwtValidateIssuerSigningKey": true,
//
// Clock skew to apply when validating token lifetime. Format: PostgreSQL interval.
// Default is 5 minutes to account for clock differences between servers.
//
"JwtClockSkew": "5 minutes",
//
// URL path for JWT token refresh endpoint. POST with { "refreshToken": "..." }
// Returns new access token and refresh token pair.
//
"JwtRefreshPath": "/api/jwt/refresh",
//
// Enable external auth providers
//
"External": {
"Enabled": false,
//
// sessionStorage key to store the status of the external auth process returned by the signin page.
// The value is HTTP status code (200 for success, 401 for unauthorized, 403 for forbidden, etc.)
//
"BrowserSessionStatusKey": "__external_status",
//
// sessionStorage key to store the message of the external auth process returned by the signin page.
//
"BrowserSessionMessageKey": "__external_message",
//
// Path to the signin page to handle the external auth process. Redirect to this page to start the external auth process.
// Format placeholder {0} is the provider name in lowercase (google, linkedin, github, etc.)
//
"SigninUrl": "/signin-{0}",
//
// Sign in page template. Format placeholders {0} is the provider name, {1} is the script to redirect to the external auth provider.
//
"SignInHtmlTemplate": "<!DOCTYPE html><html><head><meta charset=\"utf-8\" /><title>Talking To {0}</title></head><body>Loading...{1}</body></html>",
//
// URL to redirect after the external auth process is completed. Usually this is resolved from the request automatically. Except when it's not.
//
"RedirectUrl": null,
//
// Path to redirect after the external auth process is completed.
//
"ReturnToPath": "/",
//
// Query string key to store the path to redirect after the external auth process is completed.
// Use this to set dynamic return path. If this query string key is not found, the ReturnToPath value is used.
//
"ReturnToPathQueryStringKey": "return_to",
//
// Login command to execute after the external auth process is completed. There are five positional and optional parameters:
// $1 - external login provider (if parameter exists, type text).
// $2 - external login email (if parameter exists, type text).
// $3 - external login name (if parameter exists, type text).
// $4 - external login JSON data received (if parameter exists, type text, JSON or JSONB).
// $5 - client browser analytics JSON data (if parameter exists, type text, JSON or JSONB).
//
// The command uses the same rules as the login enabled routine.
// See: "NpgsqlRest.“LoginPath"
//
"LoginCommand": "select * from external_login($1,$2,$3,$4,$5)",
//
// Browser client analytics data that will be sent as JSON to external auth command as the 5th parameter if supplied.
//
"ClientAnalyticsData": "{timestamp:new Date().toISOString(),timezone:Intl.DateTimeFormat().resolvedOptions().timeZone,screen:{width:window.screen.width,height:window.screen.height,colorDepth:window.screen.colorDepth,pixelRatio:window.devicePixelRatio,orientation:screen.orientation.type},browser:{userAgent:navigator.userAgent,language:navigator.language,languages:navigator.languages,cookiesEnabled:navigator.cookieEnabled,doNotTrack:navigator.doNotTrack,onLine:navigator.onLine,platform:navigator.platform,vendor:navigator.vendor},memory:{deviceMemory:navigator.deviceMemory,hardwareConcurrency:navigator.hardwareConcurrency},window:{innerWidth:window.innerWidth,innerHeight:window.innerHeight,outerWidth:window.outerWidth,outerHeight:window.outerHeight},location:{href:window.location.href,hostname:window.location.hostname,pathname:window.location.pathname,protocol:window.location.protocol,referrer:document.referrer},performance:{navigation:{type:performance.navigation?.type,redirectCount:performance.navigation?.redirectCount},timing:performance.timing?{loadEventEnd:performance.timing.loadEventEnd,loadEventStart:performance.timing.loadEventStart,domComplete:performance.timing.domComplete,domInteractive:performance.timing.domInteractive,domContentLoadedEventEnd:performance.timing.domContentLoadedEventEnd}:null}}",
//
// Client IP address that will be added to the client analytics data under this JSON key.
//
"ClientAnalyticsIpKey": "ip",
//
// External providers
//
"Google": {
//
// visit https://console.cloud.google.com/apis/ to configure your Google app and get your client id and client secret
//
"Enabled": false,
"ClientId": "",
"ClientSecret": "",
"AuthUrl": "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id={0}&redirect_uri={1}&scope=openid profile email&state={2}",
"TokenUrl": "https://oauth2.googleapis.com/token",
"InfoUrl": "https://www.googleapis.com/oauth2/v3/userinfo",
"EmailUrl": null
},
"LinkedIn": {
//
// visit https://www.linkedin.com/developers/apps/ to configure your LinkedIn app and get your client id and client secret
//
"Enabled": false,
"ClientId": "",
"ClientSecret": "",
"AuthUrl": "https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={0}&redirect_uri={1}&state={2}&scope=r_liteprofile%20r_emailaddress",
"TokenUrl": "https://www.linkedin.com/oauth/v2/accessToken",
"InfoUrl": "https://api.linkedin.com/v2/me",
"EmailUrl": "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements//(handle~))"
},
"GitHub": {
//
// visit https://github.com/settings/developers/ to configure your GitHub app and get your client id and client secret
//
"Enabled": false,
"ClientId": "",
"ClientSecret": "",
"AuthUrl": "https://github.com/login/oauth/authorize?client_id={0}&redirect_uri={1}&state={2}&allow_signup=false",
"TokenUrl": "https://github.com/login/oauth/access_token",
"InfoUrl": "https://api.github.com/user",
"EmailUrl": null
},
"Microsoft": {
//
// visit https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade to configure your Microsoft app and get your client id and client secret
// Documentation: https://learn.microsoft.com/en-us/entra/identity-platform/
//
"Enabled": false,
"ClientId": "",
"ClientSecret": "",
"AuthUrl": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id={0}&redirect_uri={1}&scope=openid%20profile%20email&state={2}",
"TokenUrl": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
"InfoUrl": "https://graph.microsoft.com/oidc/userinfo",
"EmailUrl": null
},
"Facebook": {
//
// visit https://developers.facebook.com/apps/ to configure your Facebook app and get your client id and client secret
// Documentation: https://developers.facebook.com/docs/facebook-login/
//
"Enabled": false,
"ClientId": "",
"ClientSecret": "",
"AuthUrl": "https://www.facebook.com/v20.0/dialog/oauth?response_type=code&client_id={0}&redirect_uri={1}&scope=public_profile%20email&state={2}",
"TokenUrl": "https://graph.facebook.com/v20.0/oauth/access_token",
"InfoUrl": "https://graph.facebook.com/me?fields=id,name,email",
"EmailUrl": null
}
}
},
//
// Serilog settings
//
"Log": {
//
// See https://github.com/serilog/serilog/wiki/Configuration-Basics#minimum-level
// Verbose, Debug, Information, Warning, Error, Fatal.
// Note: NpgsqlRest logger applies to main application logger, which will, by default have the name defined in the ApplicationName setting.
//
"MinimalLevels": {
"NpgsqlRest": "Information",
"System": "Warning",
"Microsoft": "Warning"
},
//
// Enable logging to console output.
//
"ToConsole": true,
//
// Minimum log level for console output: Verbose, Debug, Information, Warning, Error, Fatal.
//
"ConsoleMinimumLevel": "Verbose",
//
// Enable logging to file system.
//
"ToFile": false,
//
// File path for log files.
//
"FilePath": "logs/log.txt",
//
// Maximum size limit for log files in bytes before rolling to a new file.
//
"FileSizeLimitBytes": 30000000,
//
// Minimum log level for file output: Verbose, Debug, Information, Warning, Error, Fatal.
//
"FileMinimumLevel": "Verbose",
//
// Maximum number of log files to retain.
//
"RetainedFileCountLimit": 30,
//
// Create a new log file when size limit is reached.
//
"RollOnFileSizeLimit": true,
//
// Enable logging to PostgreSQL database.
//
"ToPostgres": false,
// $1 - log level text, $2 - message text, $3 - timestamp with tz in utc, $4 - exception text or null, $5 - source context
//
// PostgreSQL command to execute for database logging. Parameters: $1=level, $2=message, $3=timestamp, $4=exception, $5=source.
//
"PostgresCommand": "call log($1,$2,$3,$4,$5)",
//
// Minimum log level for PostgreSQL output: Verbose, Debug, Information, Warning, Error, Fatal.
//
"PostgresMinimumLevel": "Verbose",
//
// Enable OpenTelemetry protocol (OTLP) logging output. Requires an OTLP collector endpoint.
//
"ToOpenTelemetry": false,
"OTLPEndpoint": "http://localhost:4317",
"OTLPProtocol": "Grpc", // "Grpc" or "HttpProtobuf"
"OTLResourceAttributes": {
"service.name": "{application}", // application name from the ApplicationName setting
"service.version": "1.0", // application version, set to a static value or use a build process to update it
"service.environment": "{environment}" // environment name from the EnvironmentName setting
},
"OTLPHeaders": {},
"OTLPMinimumLevel": "Verbose",
//
// See https://github.com/serilog/serilog/wiki/Formatting-Output
//
"OutputTemplate": "[{Timestamp:HH:mm:ss.fff} {Level:u3}] {Message:lj} [{SourceContext}]{NewLine}{Exception}"
},
//
// Response compression settings
//
"ResponseCompression": {
//
// Enable response compression for HTTP responses.
//
"Enabled": false,
//
// Enable response compression for HTTPS responses.
//
"EnableForHttps": false,
//
// Use Brotli compression algorithm when supported by client.
//
"UseBrotli": true,
//
// Use Gzip compression as fallback when Brotli is not supported.
//
"UseGzipFallback": true,
//
// Compression level: Optimal, Fastest, NoCompression, SmallestSize.
//
"CompressionLevel": "Optimal",
//
// MIME types to include for compression.
//
"IncludeMimeTypes": [
"text/plain",
"text/css",
"application/javascript",
"text/html",
"application/xml",
"text/xml",
"application/json",
"text/json",
"image/svg+xml",
"font/woff",
"font/woff2",
"application/font-woff",
"application/font-woff2"
],
//
// MIME types to exclude from compression.
//
"ExcludeMimeTypes": []
},
//
// Antiforgery Token Configuration: Protects against Cross-Site Request Forgery (CSRF) attacks by validating unique tokens for state-changing requests (POST, PUT, DELETE, etc.)
//
"Antiforgery": {
"Enabled": false,
// Use null to use the default cookie name (unique for every request and starts with ".AspNetCore.Antiforgery.")
"CookieName": null,
// Name of the hidden form field containing the antiforgery token
"FormFieldName": "__RequestVerificationToken",
// HTTP header name where the token can be sent (useful for AJAX requests)
"HeaderName": "RequestVerificationToken",
// When true, skips reading tokens from form body (forces header-only validation)
"SuppressReadingTokenFromFormBody": false,
// When true, disables automatic X-Frame-Options header generation
// The X-Frame-Options header helps prevent clickjacking attacks
// Only set to true if you're handling frame protection elsewhere
"SuppressXFrameOptionsHeader": false
},
//
// Static files settings
//
"StaticFiles": {
"Enabled": false,
"RootPath": "wwwroot",
//
// List of static file patterns that will require authorization.
// File paths are relative to the RootPath property and pattern matching is case-insensitive.
// Pattern can include wildcards or question marks. For example: *.html, /user/*, etc
//
"AuthorizePaths": [],
"UnauthorizedRedirectPath": "/",
"UnauthorizedReturnToQueryParameter": "return_to",
"ParseContentOptions": {
//
// Enable or disable the parsing of the static files.
// When enabled, the static files will be parsed and the tags will be replaced with the values from the claims collection.
// The tags are in the format: {claimType} where claimType is the name of the claim that will be replaced with the value from the claims collection.
//
"Enabled": false,
//
// List of claims types used. These will be parsed to NULL if not found in the claims collection or user is not authenticated.
//
"AvailableClaims": [],
//
// Set to true to cache the parsed files in memory. This will improve the performance of the static files. It only applies to parsed content.
// Note: caching will occur before parsing, it applies only to templates, not parsed content.
//
"CacheParsedFile": true,
//
// Headers to be added to the response for static files. Set to null or empty array to ignore.
//
"Headers": [ "Cache-Control: no-store, no-cache, must-revalidate", "Pragma: no-cache", "Expires: 0" ],
//
// List of static file patterns that will parse the content and replace the tags with the values from the claims collection.
// File paths are relative to the RootPath property and pattern matching is case-insensitive.
// Pattern can include wildcards or question marks. For example: *.html, *.htm, *.txt, *.json, *.xml, *.css, *.js
//
"FilePaths": [ "*.html" ],
//
// Name of the configured Antiforgery form field name to be used in the static files (see Antiforgery FormFieldName setting).
//
"AntiforgeryFieldName": "antiForgeryFieldName",
//
// Value of the Antiforgery token if Antiforgery is enabled.
//
"AntiforgeryToken": "antiForgeryToken"
}
},
//
// Cross-origin resource sharing
//
"Cors": {
//
// Enable Cross-Origin Resource Sharing (CORS) support.
//
"Enabled": false,
//
// List of allowed origins for CORS requests. Empty array allows no origins.
//
"AllowedOrigins": [],
//
// List of allowed HTTP methods for CORS requests.
//
"AllowedMethods": [
"*"
],
//
// List of allowed headers for CORS requests.
//
"AllowedHeaders": [
"*"
],
//
// Allow credentials (cookies, authorization headers) in CORS requests.
//
"AllowCredentials": true,
//
// Maximum age in seconds for preflight request caching (10 minutes).
//
"PreflightMaxAgeSeconds": 600
},
//
// Command retry strategies and options for client and middleware commands.
//
"CommandRetryOptions": {
"Enabled": true,
"DefaultStrategy": "default",
"Strategies": {
"default": {
//
// Retry sequence in seconds. Accepts decimal numbers (0.25 is quarter of a second). The length of the array determines the maximum number of retries.
//
"RetrySequenceSeconds": [0, 1, 2, 5, 10],
//
// Error codes that will trigger a retry when executing a command. See https://www.postgresql.org/docs/current/errcodes-appendix.html
//
"ErrorCodes": [
// Serialization failures (MUST retry for correctness)
"40001", // serialization_failure
"40P01", // deadlock_detected
// Connection issues (Class 08)
"08000", // connection_exception
"08003", // connection_does_not_exist
"08006", // connection_failure
"08001", // sqlclient_unable_to_establish_sqlconnection
"08004", // sqlserver_rejected_establishment_of_sqlconnection
"08007", // transaction_resolution_unknown
"08P01", // protocol_violation
// Resource constraints (Class 53)
"53000", // insufficient_resources
"53100", // disk_full
"53200", // out_of_memory
"53300", // too_many_connections
"53400", // configuration_limit_exceeded
// System errors (Class 58)
"57P01", // admin_shutdown
"57P02", // crash_shutdown
"57P03", // cannot_connect_now
"58000", // system_error
"58030", // io_error
// Lock acquisition issues (Class 55)
"55P03", // lock_not_available
"55006", // object_in_use
"55000" // object_not_in_prerequisite_state
]
}
}
},
//
// Caching options for routines that support caching. Currently, routines that return a single result set can be cached. Returning table or "setof" cannot be cached.
// To enable caching for a routine, add the following comment annotation to the routine:
// cached [ param1, param2, param3 [, ...] ] - parameters are optional, if no parameters are specified, all parameters are used for cache key.
// cache_expires [ value ] or cache_expires_in [ value ] - accepts PostgreSQL interval format (for example: '5 minutes' or '5min', '1 second' or '1s', etc.). Default is forever (no expiration).
//
"CacheOptions": {
"Enabled": false,
//
// Cache type: Memory, Redis, or Hybrid
// - Memory: In-process memory cache (fastest, single instance only)
// - Redis: Distributed Redis cache (slower, shared across instances)
// - Hybrid: Uses Microsoft.Extensions.Caching.Hybrid which provides:
// - Automatic stampede protection to prevent multiple concurrent requests from hitting the database
// - Optional Redis L2 backend (enable with HybridCacheUseRedisBackend: true) for sharing cache across instances
// - Without Redis, works as in-memory cache with stampede protection
//
"Type": "Memory",
//
// When memory cache is used, this value determines how often the cache will be pruned for expired items (in seconds).
//
"MemoryCachePruneIntervalSeconds": 60,
//
// Redis configuration string. Used when Type is "Redis", or when Type is "Hybrid" with UseRedisBackend: true.
// See: https://stackexchange.github.io/StackExchange.Redis/Configuration.html
//
"RedisConfiguration": "localhost:6379,abortConnect=false,ssl=false,connectTimeout=10000,syncTimeout=5000,connectRetry=3",
//
// Maximum number of rows that can be cached for set-returning functions.
// If a result set exceeds this limit, it will not be cached (but will still be returned).
// Set to 0 to disable caching for sets entirely. Set to null for unlimited (use with caution).
//
"MaxCacheableRows": 1000,
//
// When true, cache keys longer than HashKeyThreshold characters are hashed to a fixed-length SHA256 string (64 characters).
// This reduces memory usage for long cache keys and improves Redis performance with large keys.
// Recommended for Redis cache or when caching routines with many/large parameters.
//
"UseHashedCacheKeys": false,
//
// Cache keys longer than this threshold (in characters) will be hashed when UseHashedCacheKeys is true.
// Keys shorter than this threshold are stored as-is for better debuggability.
//
"HashKeyThreshold": 256,
//
// When set, creates an additional invalidation endpoint for each cached endpoint.
// The invalidation endpoint has the same path with this suffix appended.
// For example, if a cached endpoint is /api/my-endpoint/ and this is set to "invalidate",
// an invalidation endpoint /api/my-endpoint/invalidate will be created.
// Calling the invalidation endpoint with the same parameters removes the cached entry.
//
"InvalidateCacheSuffix": null,
//
// --- Hybrid Cache specific options (only used when Type is "Hybrid") ---
//
// When true, uses Redis as the L2 (secondary/distributed) cache backend.
// When false (default), HybridCache uses in-memory only but still provides stampede protection.
// Stampede protection prevents multiple concurrent requests from hitting the database when cache expires.
//
"HybridCacheUseRedisBackend": false,
//
// Maximum length of cache keys in characters. Keys longer than this will be rejected.
// Default: 1024
//
"HybridCacheMaximumKeyLength": 1024,
//
// Maximum size of cached payloads in bytes.
// Default: 1048576 (1 MB)
//
"HybridCacheMaximumPayloadBytes": 1048576,
//
// Default expiration for cached entries (both L1 and L2). Accepts PostgreSQL interval format.
// Examples: '5 minutes', '1 hour', '30 seconds'
// If not set, individual endpoint cache_expires annotations are used, or entries don't expire.
//
"HybridCacheDefaultExpiration": null,
//
// Expiration for L1 (in-memory) cache. If not set, uses DefaultExpiration value.
// Set this shorter than DefaultExpiration to refresh local cache more frequently from Redis.
// Accepts PostgreSQL interval format.
//
"HybridCacheLocalCacheExpiration": null
},
//
// Parameter validation options for validating endpoint parameters before database execution.
// Validation rules can be referenced in comment annotations using "validate _param using rule_name" syntax.
//
"ValidationOptions": {
"Enabled": true,
//
// Named validation rules that can be referenced in comment annotations.
// Default rules: not_null, not_empty, required, email
//
// Each rule can have:
// - Type: NotNull, NotEmpty, Required, Regex, MinLength, MaxLength
// - Pattern: Regular expression pattern for Regex type
// - MinLength: Minimum length for MinLength type
// - MaxLength: Maximum length for MaxLength type
// - Message: Error message with placeholders {0}=original name, {1}=converted name, {2}=rule name
// - StatusCode: HTTP status code to return (default: 400)
//
"Rules": {
"not_null": {
"Type": "NotNull",
"Message": "Parameter '{0}' cannot be null",
"StatusCode": 400
},
"not_empty": {
"Type": "NotEmpty",
"Message": "Parameter '{0}' cannot be empty",
"StatusCode": 400
},
"required": {
"Type": "Required",
"Message": "Parameter '{0}' is required",
"StatusCode": 400
},
"email": {
"Type": "Regex",
"Pattern": "^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$",
"Message": "Parameter '{0}' must be a valid email address",
"StatusCode": 400
}
}
},
//
// Rate Limiter settings to limit the number of requests from clients.
//
"RateLimiterOptions": {
"Enabled": false,
"StatusCode": 429,
"StatusMessage": "Too many requests. Please try again later.",
"DefaultPolicy": null,
// Policy types: FixedWindow, SlidingWindow, BucketWindow, Concurrency
"Policies": [{
// see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#fixed
"Type": "FixedWindow",
"Enabled": false,
"Name": "fixed",
"PermitLimit": 100,
"WindowSeconds": 60,
"QueueLimit": 10,
"AutoReplenishment": true
}, {
// see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#sliding-window-limiter
"Type": "SlidingWindow",
"Enabled": false,
"Name": "sliding",
"PermitLimit": 100,
"WindowSeconds": 60,
"SegmentsPerWindow": 6,
"QueueLimit": 10,
"AutoReplenishment": true
}, {
// see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#token-bucket-limiter
"Type": "TokenBucket",
"Enabled": true,
"Name": "bucket",
"TokenLimit": 100,
"TokensPerPeriod": 10,
"ReplenishmentPeriodSeconds": 10,
"QueueLimit": 10,
"AutoReplenishment": true
}, {
// see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#concurrency-limiter
"Type": "Concurrency",
"Enabled": true,
"Name": "concurrency",
"PermitLimit": 10,
"QueueLimit": 5,
"OldestFirst": true
}]
},
//
// Error handling options for NpgsqlRest middleware
//
"ErrorHandlingOptions": {
// Remove Type URL from error responses. Middleware automatically sets a default Type URL based on the HTTP status code that points to the RFC documentation.
"RemoveTypeUrl": false,
// Remove TraceId field from error responses. Useful in development and debugging scenarios to correlate logs with error responses.
"RemoveTraceId": true,
//
// Default policy name to use from the ErrorCodePolicies section.
//
"DefaultErrorCodePolicy": "Default",
//
// Timeout error mapping when command timeout occurs (see NpgsqlRest CommandTimeout setting).
//
"TimeoutErrorMapping": {"StatusCode": 504, "Title": "Command execution timed out", "Details": null, "Type": null}, // timeout error case -> 504 Gateway Timeout
//
// Named policies for mapping of PostgreSQL error codes to HTTP Status Codes.
//
// If routine raises these PostgreSQL error codes, endpoint will return these HTTP Status Codes.
// See https://www.postgresql.org/docs/current/errcodes-appendix.html
// Exception is timeout, which is not a PostgreSQL error code, but a special case when command timeout occurs.
//
// - StatusCode: HTTP status code to return.
// - Title: Optional title field in response JSON. When null, actual error message is used.
// - Details: Optional details field in response JSON. When null, PostgreSQL Error Code is used.
// - Type: Optional types field in response JSON. A URI reference [RFC3986] that identifies the problem type. Set to null to use default. Or RemoveTypeUrl to true to disable.
//
"ErrorCodePolicies": [{
"Name": "Default",
"ErrorCodes": {
"42501": {"StatusCode": 403, "Title": "Insufficient Privilege", "Details": null, "Type": null}, // query_canceled -> 403 Forbidden
"57014": {"StatusCode": 205, "Title": "Cancelled", "Details": null, "Type": null}, // query_canceled -> 205 Reset Content
"P0001": {"StatusCode": 400, "Title": null, "Details": null, "Type": null}, // raise_exception -> 400 Bad Request
"P0004": {"StatusCode": 400, "Title": null, "Details": null, "Type": null} // assert_failure -> 400 Bad Request
}
}]
},
//
// NpgsqlRest HTTP Middleware General Configuration
//
"NpgsqlRest": {
//
// Connection name to be used from the ConnectionStrings section or NULL to use the first available connection string.
//
"ConnectionName": null,
//
// Allow using multiple connections from the ConnectionStrings section. When set to true, the connection name can be set for individual Routines.
// Some routines might use the primary database connection string, while others might want to use a read-only connection string from the replica servers.
//
"UseMultipleConnections": false,
//
// Command timeout, after which the command will be cancelled and default timeout error policy will be applied. (see ErrorCodePolicies)
// Value is in PostgreSQL interval format (for example: '30 seconds' or '30s', '1 minute' or '1min', etc.) or `null` to use the default timeout of 30 seconds.
//
"CommandTimeout": null,
//
// Filter schema names similar to this parameter or `null` to ignore this parameter.
//
"SchemaSimilarTo": null,
//
// Filter schema names NOT similar to this parameter or `null` to ignore this parameter.
//
"SchemaNotSimilarTo": null,
//
// List of schema names to be included or `null` to ignore this parameter.
//
"IncludeSchemas": null,
//
// List of schema names to be excluded or `null` to ignore this parameter.
//
"ExcludeSchemas": null,
//
// Filter names similar to this parameter or `null` to ignore this parameter.
//
"NameSimilarTo": null,
//
// Filter names NOT similar to this parameter or `null` to ignore this parameter.
//
"NameNotSimilarTo": null,
//
// List of names to be included or `null` to ignore this parameter.
//
"IncludeNames": null,
//
// List of names to be excluded or `null` to ignore this parameter.
//
"ExcludeNames": null,
//
// Configure how the comment annotations will behave. `Ignore` will create all endpoints and ignore comment annotations. `ParseAll` will create all endpoints and parse comment annotations to alter the endpoint. `OnlyWithHttpTag` (default) will only create endpoints that contain the `HTTP` tag in the comments and then parse comment annotations.
//
"CommentsMode": "OnlyWithHttpTag",
//
// The URL prefix string for every URL created by the default URL builder or `null` to ignore the URL prefix.
//
"UrlPathPrefix": "/api",
//
// Convert all URL paths to kebab-case from the original PostgreSQL names.
//
"KebabCaseUrls": true,
//
// Convert all parameter names to camel case from the original PostgreSQL paramater names.
//
"CamelCaseNames": true,
//
// When set to true, it will force all created endpoints to require authorization. Authorization requirements for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"RequiresAuthorization": true,
//
// When this value is true, all connection events are logged (depending on the level). This is usually triggered by the PostgreSQL RAISE statements.
// Set to false to turn off logging these events.
//
"LogConnectionNoticeEvents": true,
//
// MessageOnly - Log only connection messages. FirstStackFrameAndMessage - Log first stack frame and the message. FullStackAndMessage - Log full stack trace and message.
//
"LogConnectionNoticeEventsMode": "FirstStackFrameAndMessage",
//
// Set this option to true to log information for every executed command and query (including parameters and parameter values) in debug level.
//
"LogCommands": false,
//
// Set this option to true to include parameter values when logging commands. This only applies when `LogCommands` is true.
//
"LogCommandParameters": false,
//
// When not null, forces a method type for all created endpoints. Method types are `GET`, `PUT`, `POST`, `DELETE`, `HEAD`, `OPTIONS`, `TRACE`, `PATCH` or `CONNECT`. When this value is null (default), the method type is always `GET` when the routine volatility option is not volatile or the routine name starts with, `get_`, contains `_get_` or ends with `_get` (case-insensitive). Otherwise, it is `POST`. This option for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"DefaultHttpMethod": null,
//
// When not null, sets the request parameter position (request parameter types) for all created endpoints. Values are `QueryString` (parameters are sent using query string) or `BodyJson` (parameters are sent using JSON request body). When this value is null (default), request parameter type is `QueryString` for all `GET` and `DELETE` endpoints, otherwise, request parameter type is `BodyJson`. This option for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"DefaultRequestParamType": null,
//
// Sets the default behavior for handling NULL values in query string parameters.
// - `Ignore` (default): No special handling - empty strings stay as empty strings, "null" literal stays as "null" string.
// - `EmptyString`: Empty query string values are interpreted as NULL values. This limits sending empty strings via query strings.
// - `NullLiteral`: Literal string "null" (case insensitive) is interpreted as NULL value.
// This option for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"QueryStringNullHandling": "Ignore",
//
// Sets the default behavior for plain text responses when the execution returns NULL from the database.
// - `EmptyString` (default): Returns an empty string response with status code 200 OK.
// - `NullLiteral`: Returns a string literal "NULL" with status code 200 OK.
// - `NoContent`: Returns status code 204 NO CONTENT.
// This option for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"TextResponseNullHandling": "EmptyString",
//
// Configure how to send request headers to PostgreSQL routines execution:
// - `Ignore` (default) don't send any request headers to routines.
// - `Context` sets a context variable for the current session `context.headers` containing JSON string with current request headers. This executes `set_config('context.headers', headers, false)` before any routine executions.
// - `Parameter` sends request headers to the routine parameter defined with the `RequestHeadersParameterName` option. Parameter with this name must exist, must be one of the JSON or text types and must have the default value defined. This option for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"RequestHeadersMode": "Parameter",
//
// Name of the context variable that will receive the request headers when RequestHeadersMode is set to Context.
//
"RequestHeadersContextKey": "request.headers",
//
// Sets a parameter name that will receive a request headers JSON when the `Parameter` value is used in `RequestHeadersMode` options. A parameter with this name must exist, must be one of the JSON or text types and must have the default value defined. This option for individual endpoints can be changed with the `EndpointCreated` function callback, or by using comment annotations.
//
"RequestHeadersParameterName": "_headers",
//
// Add the unique NpgsqlRest instance id request header with this name to the response or set to null to ignore.
//
"InstanceIdRequestHeaderName": null,
//
// Custom request headers dictionary that will be added to NpgsqlRest requests. Note: these values are added to the request headers dictionary before they are sent as a context or parameter to the PostgreSQL routine and as such not visible to the browser debugger.
//
"CustomRequestHeaders": {
},
//
// Name of the request ID header that will be used to track requests. This is used to correlate requests with server event streaming connection ids.
//
"ExecutionIdHeaderName": "X-NpgsqlRest-ID",
//
// Default server-sent event notice message level: INFO, NOTICE, WARNING.
// When SSE path is set, generate SSE events for PostgreSQL notice messages with this level or higher.
// This can be overridden for individual endpoints using comment annotations.
//
"DefaultServerSentEventsEventNoticeLevel": "INFO",
//
// Collection of custom server-sent events response headers that will be added to the response when connected to the endpoint that is configured to return server-sent events.
//
"ServerSentEventsResponseHeaders": {
},
//
// Options for handling PostgreSQL routines (functions and procedures)
//
"RoutineOptions": {
//
// Name separator for parameter names when using custom type parameters.
// Parameter names will be in the format: {ParameterName}{CustomTypeParameterSeparator}{CustomTypeFieldName}. When NULL, default underscore is used.
// This is used when using custom types for parameters. For example: with "create type custom_type1 as (value text);" and parameter "_p custom_type1", this name will be merged into "_p_value"
//
"CustomTypeParameterSeparator": null,
//
// List of PostgreSQL routine language names to include. If NULL, all languages are included. Names are case-insensitive.
//
"IncludeLanguages": null,
//
// List of PostgreSQL routine language names to exclude. If NULL, "C" and "INTERNAL" are excluded by default. Names are case-insensitive.
//
"ExcludeLanguages": null,
//
// When true, composite type columns in return tables are serialized as nested JSON objects.
// For example, a table column "req" of type "my_request(id int, name text)" becomes {"req": {"id": 1, "name": "test"}}
// instead of the default flat structure {"id": 1, "name": "test"}.
// Default is false for backward compatibility.
//
"NestedJsonForCompositeTypes": false,
//
// When true, nested composite types and arrays of composite types within composite fields
// are serialized as JSON objects/arrays instead of PostgreSQL tuple strings.
// For example, a nested composite "(1,x)" becomes {"id":1,"name":"x"} and
// an array of composites ["(1,a)","(2,b)"] becomes [{"id":1,"name":"a"},{"id":2,"name":"b"}].
// Default is true.
//
"ResolveNestedCompositeTypes": true
},
//
// Options for different upload handlers and general upload settings
//
"UploadOptions": {
"Enabled": false,
"LogUploadEvent": true,
"LogUploadParameters": false,
//
// Handler that will be used when upload handler or handlers are not specified.
//
"DefaultUploadHandler": "large_object",
//
// Gets or sets a value indicating whether the default upload metadata parameter should be used.
//
"UseDefaultUploadMetadataParameter": false,
//
// Name of the default upload metadata parameter. This parameter is used to pass metadata to the upload handler. The metadata is passed as a JSON object.
//
"DefaultUploadMetadataParameterName": "_upload_metadata",
//
// Gets or sets a value indicating whether the default upload metadata context key should be used.
//
"UseDefaultUploadMetadataContextKey": false,
//
// Name of the default upload metadata context key. This key is used to pass the metadata to the upload handler. The metadata is passed as a JSON object.
//
"DefaultUploadMetadataContextKey": "request.upload_metadata",
//
// Upload handlers specific settings.
//
"UploadHandlers": {
//
// General settings for all upload handlers
//
"StopAfterFirstSuccess": false,
// csv string containing mime type patters, set to null to ignore
"IncludedMimeTypePatterns": null,
// csv string containing mime type patters, set to null to ignore
"ExcludedMimeTypePatterns": null,
"BufferSize": 8192, // Buffer size for the upload handlers file_system and large_object, in bytes. Default is 8192 bytes (8 KB).
"TextTestBufferSize": 4096, // Buffer sample size for testing textual content, in bytes. Default is 4096 bytes (4 KB).
"TextNonPrintableThreshold": 5, // Threshold for non-printable characters in the text buffer. Default is 5 non-printable characters.
"AllowedImageTypes": "jpeg, png, gif, bmp, tiff, webp", // Comma-separated list of allowed image types when checking images.
//
// When set, authenticated user claims are included in the row metadata JSON parameter ($4) under this key name.
// Set to null or empty string to disable adding claims to row metadata. Example: "claims" adds {"claims": {...}} to metadata.
// Access in SQL: (_meta->'claims'->>'name_identifier')
//
"RowCommandUserClaimsKey": "claims",
//
// Enables upload handlers for the NpgsqlRest endpoints that uses PostgreSQL Large Objects API
//
"LargeObjectEnabled": true,
"LargeObjectKey": "large_object",
"LargeObjectCheckText": false,
"LargeObjectCheckImage": false,
//
// Enables upload handlers for the NpgsqlRest endpoints that uses file system
//
"FileSystemEnabled": true,
"FileSystemKey": "file_system",
"FileSystemPath": "/tmp/uploads",
"FileSystemUseUniqueFileName": true,
"FileSystemCreatePathIfNotExists": true,
"FileSystemCheckText": false,
"FileSystemCheckImage": false,
//
// Enables upload handlers for the NpgsqlRest endpoints that uploads CSV files to a row command
//
"CsvUploadEnabled": true,
"CsvUploadKey": "csv",
"CsvUploadCheckFileStatus": true,
"CsvUploadDelimiterChars": ",",
"CsvUploadHasFieldsEnclosedInQuotes": true,
"CsvUploadSetWhiteSpaceToNull": true,
//
// $1 - row index (1-based), $2 - parsed value text array, $3 - result of previous row command, $4 - JSON metadata for upload
//
"CsvUploadRowCommand": "call process_csv_row($1,$2,$3,$4)",
//
// Enables upload handlers for the NpgsqlRest endpoints that uploads Excel files to a row command
//
"ExcelUploadEnabled": true,
"ExcelKey": "excel",
"ExcelSheetName": null, // null to use the first available
"ExcelAllSheets": false,
"ExcelTimeFormat": "HH:mm:ss",
"ExcelDateFormat": "yyyy-MM-dd",
"ExcelDateTimeFormat": "yyyy-MM-dd HH:mm:ss",
"ExcelRowDataAsJson": false,
//
// $1 - row index (1-based), $2 - parsed value text array, $3 - result of previous row command, $4 - JSON metadata for upload
//
"ExcelUploadRowCommand": "call process_excel_row($1,$2,$3,$4)"
}
},
//
// Authentication options for NpgsqlRest endpoints
//
"AuthenticationOptions": {
//
// Authentication type used with the Login endpoints to set the authentication type for the new `ClaimsIdentity` created by the login. This value must be set to non-null when using login endpoints, otherwise, the following error will raise: `SignInAsync when principal.Identity.IsAuthenticated is false is not allowed when AuthenticationOptions.RequireAuthenticatedSignIn is true.` If the value is not set and the login endpoint is present, it will automatically get the database name from the connection string.
//
"DefaultAuthenticationType": null,
//
// The default column name in the data reader which will be used to read the value to determine the success or failure of the login operation. If this column is not present, the success is when the endpoint returns any records. If this column is present, it must be either a boolean to indicate success or a numeric value to indicate the HTTP Status Code to return. If this column is present and retrieves a numeric value, that value is assigned to the HTTP Status Code and the login will authenticate only when this value is 200.
//
"StatusColumnName": "status",
//
// The default column name in the data reader which will be used to read the value of the authentication scheme of the login process. If this column is not present in the login response the default authentication scheme is used. Return new value to use a different authentication scheme with the login endpoint.
//
"SchemeColumnName": "scheme",
//
// The default column name in the data reader which will return a response body message for the login operation where writing to body is possible.
//
"BodyColumnName": "body",
//
// The default column name in the data reader which will set the response content type for the login operation where writing to body is possible.
//
"ResponseTypeColumnName": "application/json",
//
// The default column name in the data reader which will be used to read the value of the hash of the password.
// If this column is present, the value will be used to verify the password from the password parameter.
// Password parameter is the first parameter which name contains the value of PasswordParameterNameContains.
// If verification fails, the login will fail and the HTTP Status Code will be set to 404 Not Found.
//
"HashColumnName": "hash",
//
// The default name of the password parameter.
// The first parameter which name contains this value will be used as the password parameter.
// This is used to verify the password from the password parameter when login endpoint returns a hash of the password (see HashColumnName).
//
"PasswordParameterNameContains": "pass",
//
// Default claim type for user id.
//
"DefaultUserIdClaimType": "user_id",
//
// Default claim type for username.
//
"DefaultNameClaimType": "user_name",
//
// Default claim type for user roles.
//
"DefaultRoleClaimType": "user_roles",
//
// If true, return any response from auth endpoints (login and logout) if response hasn't been written by auth handler. For cookie auth, this will return full record to response as returned by the routine. For bearer token auth, this will be ignored because bearer token auth writes its own response (with tokens). This option will also be ignored if message column is present (see BodyColumnName option).
//
"SerializeAuthEndpointsResponse": false,
//
// Don't write real parameter values when logging parameters from auth endpoints and obfuscate instead. This prevents user credentials including password from ending up in application logs.
//
"ObfuscateAuthParameterLogValues": true,
//
// Command that is executed when the password verification fails. There are three positional and optional parameters:
// - $1: Authentication scheme used for the login (if parameter exists, type text).
// - $2: User id used for the login (if parameter exists, type text).
// - $3: Username used for the login (if parameter exists, type text).
//
"PasswordVerificationFailedCommand": null,
//
// Command that is executed when the password verification succeeds. There are three positional and optional parameters:
// - $1: authentication scheme used for the login (if parameter exists, type text).
// - $2: user id used for the login (if parameter exists, type text).
// - $3: username used for the login (if parameter exists, type text).
//
"PasswordVerificationSucceededCommand": null,
//
// Enable setting authenticated user claims to context variables automatically. See ContextKeyClaimsMapping and ClaimsJsonContextKey options. You can set this individually for each request by using UserContext endpoint property or user_context comment annotation.
// Note: For proxy endpoints, when user_context is enabled, these values are also forwarded as HTTP headers to the upstream proxy using the context key names.
//
"UseUserContext": false,
//
// Mapping of context keys to user claim names. Keys are the context variable names and values are the user claim names. When <see cref="UseUserContext"/> is enabled, the user claims from will be automatically mapped to the context variables.
//
"ContextKeyClaimsMapping": {
"request.user_id": "user_id",
"request.user_name": "user_name",
"request.user_roles": "user_roles"
},
//
// Context key that is used to set context variable for all available user claims. When this option is not null, and user is authenticated, the user claims will be serialized to JSON value and set to the context variable.
//
"ClaimsJsonContextKey": null,
//
// IP address context key that is used to set context variable for the IP address. When this option is not null, the IP address will be set to the context variable when <see cref="UseUserContext"/> is enabled and even when user is not authenticated.
//
"IpAddressContextKey": "request.ip_address",
//
// Enable mapping authenticated user claims to parameters by name automatically. See ParameterNameClaimsMapping and ClaimsJsonParameterName options. You can set this individually for each request by using UseUserParameters endpoint property or user_parameters comment annotation.
// Note: For proxy endpoints, when user_params is enabled, these values are also forwarded as query string parameters to the upstream proxy.
//
"UseUserParameters": false,
//
// Mapping of parameter names to user claim names. Keys are the parameter names and values are the user claim names. When <see cref="UseUserParameters"/> is enabled, the user claims from will be automatically mapped to the parameters.
//
"ParameterNameClaimsMapping": {
"_user_id": "user_id",
"_user_name": "user_name",
"_user_roles": "user_roles"
},
//
// Parameter name that is used to set value for all available user claims. When this option is not null, and user is authenticated, the user claims will be serialized to JSON value and set to the parameter with this name.
//
"ClaimsJsonParameterName": "_user_claims",
//
// IP address parameter name that is used to set parameter value for the IP address. When this option is not null, the IP address will be set to the parameter when <see cref="UseUserContext"/> is enabled and even when user is not authenticated.
//
"IpAddressParameterName": "_ip_address",
//
// Url path that will be used for the login endpoint. If NULL, the login endpoint will not be created.
// Login endpoint expects a PostgreSQL command that will be executed to authenticate the user that follow this convention:
//
// - Must return at least one record when authentication is successful. If no records are returned endpoint will return 401 Unauthorized.
// - If record is returned, the authentication is successful, if not set in StatusColumnName column otherwise.
// - All records will be added to user principal claim collection where column name is claim type and column value is claim value,
// except for four special columns defined in StatusColumnName, SchemeColumnName, BodyColumnName and HashColumnName options:
//
// - If "StatusColumnName" is present in the returned record, it must be either boolean (true for success, false for failure) or numeric (HTTP Status Code, 200 for success, anything else for failure). If not present, the success is when the endpoint returns any records.
// - If "SchemeColumnName" is present in the returned record, it must be text value that defines the authentication scheme to use for the login.
// - If "BodyColumnName" is present in the returned record, it must be text value that defines the message to return to the client as response body where possible. This only works for authentication that doesn't write response body (cookie authentication).
// - If "HashColumnName" is present in the returned record, it must be text value that defines the hash of the password. Password parameter is the first parameter which name contains the value of PasswordParameterNameContains option. If verification fails, the login will fail and the HTTP Status Code will be set to 404 Not Found.
//
"LoginPath": null,
//
// Url path that will be used for the logout endpoint. If NULL, the logout endpoint will not be created.
// Login endpoint expects a PostgreSQL command that performs the logout or the sign-out operation.
//
// If the routine doesn't return any data, the default authorization scheme is signed out.
// Any values returned will be interpreted as scheme names (converted to string) to sign out.
//
"LogoutPath": null,
//
// Settings for basic authentication support.
// Basic authentication is a simple authentication scheme built into the HTTP protocol.
// It expects request header `Authorization: Basic base64(username:password)` where username and password are the credentials for the user.
//
"BasicAuth": {
//
// Enable or disable the Basic Authentication support.
//
"Enabled": false,
//
// The default realm for the Basic Authentication. If not set, "NpgsqlRest" will be used.
//
"Realm": null,
//
// Default users dictionary for the Basic Authentication. Key is the username and value is the password or password hash depending on the UseDefaultPasswordHasher option.
// Users can be set on individual endpoints using multiple annotations: basic_authentication [ username ] [ password ]
//
"Users": { },
//
// When using Basic Authentication, set this to Required to enforce SSL/TLS connection.
// Use Warning to issue a warning in the log when connection is not secure.
// Use Ignore to allow Basic Authentication (debug level log will show a warning).
//
"SslRequirement": "Required", // Ignore, Warning, Required
//
// Use default password hasher for Basic Authentication to verify the password when Password is set on endpoint or options.
// When this is true, Password set in configuration, endpoint or header (depending on PasswordHashLocation) is expected to be a hashed with default hasher.
//
"UseDefaultPasswordHasher": true,
//
// PostgreSQL command executed when the Basic Authentication is challenged.
// Same convention applies as with "LoginPath" command. See "NpgsqlRest.LoginPath" option for details.
// Use this command to validate the username and password and/or return user claims.
//
// Positional parameters:
// - $1: Username from basic authentication header (if parameter exists, type text).
// - $2: Password from basic authentication header (if parameter exists, type text).
// - $3: Password is valid, true or false. If endpoint or configuration has a password defined, it will be validated.
// This the result of that validation or NULL of no password is defined.
// This allows for password to be validated before the command and use command for additional user claims. (if parameter exists, type boolean).
// - $4: Basic authentication realm (if parameter exists, type text).
// - $5: Endpoint path (if parameter exists, type text).
//
"ChallengeCommand": null
}
},
//
// Enable or disable the generation of HTTP files for NpgsqlRest endpoints.
// See more on HTTP files at:
// https://marketplace.visualstudio.com/items?itemName=humao.rest-client or
// https://learn.microsoft.com/en-us/aspnet/core/test/http-files?view=aspnetcore-8.0
//
"HttpFileOptions": {
"Enabled": false,
//
// Options for HTTP file generation:
// - File: Generate HTTP files in the file system.
// - Endpoint: Generate Endpoint(s) with HTTP file(s) content.
// - Both: Generate HTTP files in the file system and Endpoint(s) with HTTP file(s) content.
//
"Option": "File",
//
// File name. If not set, the database name will be used if connection string is set.
// If neither ConnectionString nor Name is set, the file name will be "npgsqlrest".
//
"Name": null,
//
// The pattern to use when generating file names. {0} is database name, {1} is schema suffix with underline when FileMode is set to Schema.
// Use this property to set a custom file name.
// .http extension will be added automatically.
//
"NamePattern": "{0}_{1}",
//
// Adds comment header to above request based on PostgreSQL routine.
// - None: skip.
// - Simple: Add name, parameters and return values to comment header. This default.
// - Full: Add the entire routine code as comment header.
//
"CommentHeader": "Simple",
//
// When CommentHeader is set to Simple or Full, set to true to include routine comments in comment header.
//
"CommentHeaderIncludeComments": true,
//
// - Database: to create one http file for entire database.
// - Schema: to create one http file for each schema.
//
"FileMode": "Schema",
//
// Set to true to overwrite existing files.
//
"FileOverwrite": true
},
//
// Enable or disable the generation of OpenAPI files for NpgsqlRest endpoints.
//
"OpenApiOptions": {
"Enabled": false,
//
// File name for the generated OpenAPI file. Set to null to skip the file generation.
//
"FileName": "npgsqlrest_openapi.json",
//
// URL path for the OpenAPI endpoint. Set to null to skip the endpoint generation.
//
"UrlPath": "/openapi.json",
//
// Set to true to overwrite existing files.
//
"FileOverwrite": true,
//
// The title of the OpenAPI document. This appears in the "info" section of the OpenAPI specification.
// If not set, the database name from the ConnectionString will be used.
//
"DocumentTitle": null,
//
// The version of the OpenAPI document. This appears in the "info" section of the OpenAPI specification.
// When null, default is "1.0.0".
//
"DocumentVersion": "1.0.0",
//
// Optional description of the API. This appears in the "info" section of the OpenAPI specification.
//
"DocumentDescription": null,
//
// Include current server information in the "servers" section of the OpenAPI document.
//
"AddCurrentServer": true,
//
// Additional server entries to add to the "servers" section of the OpenAPI document.
// Each server entry must have "Url" property and optional "Description" property.
//
"Servers": [/*{"Url": "https://api.example.com", "Description": "Production server"}*/],
//
// Security schemes to include in the OpenAPI document.
// If not specified, a default Bearer authentication scheme will be added for endpoints requiring authorization.
// Supported types: "Http" (for Bearer/Basic auth) and "ApiKey" (for Cookie/Header/Query auth).
// Examples:
// - Bearer token: {"Name": "bearerAuth", "Type": "Http", "Scheme": "Bearer", "BearerFormat": "JWT"}
// - Cookie auth: {"Name": "cookieAuth", "Type": "ApiKey", "In": ".AspNetCore.Cookies", "ApiKeyLocation": "Cookie"}
// - Basic auth: {"Name": "basicAuth", "Type": "Http", "Scheme": "Basic"}
//
"SecuritySchemes": [
/*{
"Name": "bearerAuth",
"Type": "Http",
"Scheme": "Bearer",
"BearerFormat": "JWT",
"Description": "JWT Bearer token authentication"
},
{
"Name": "cookieAuth",
"Type": "ApiKey",
"In": ".AspNetCore.Cookies",
"ApiKeyLocation": "Cookie",
"Description": "Cookie-based authentication"
}*/
]
},
//
// Enable or disable the generation of TypeScript/Javascript client source code files for NpgsqlRest endpoints.
//
"ClientCodeGen": {
"Enabled": false,
//
// File path for the generated code. Set to null to skip the code generation. Use {0} to set schema name when BySchema is true
//
"FilePath": null,
//
// Force file overwrite.
//
"FileOverwrite": true,
//
// Include current host information in the URL prefix.
//
"IncludeHost": true,
//
// Set the custom host prefix information.
//
"CustomHost": null,
//
// Adds comment header to above request based on PostgreSQL routine
// Set None to skip.
// Set Simple (default) to add name, parameters and return values to comment header.
// Set Full to add the entire routine code as comment header.
//
"CommentHeader": "Simple",
//
// When CommentHeader is set to Simple or Full, set to true to include routine comments in comment header.
//
"CommentHeaderIncludeComments": true,
//
// Create files by PostgreSQL schema. File name will use formatted FilePath where {0} is the schema name in pascal case.
//
"BySchema": true,
//
// Set to true to include status code in response: {status: response.status, response: model}
//
"IncludeStatusCode": true,
//
// Create separate file with global types {name}Types.d.ts
//
"CreateSeparateTypeFile": true,
//
// Module name to import "baseUrl" constant, instead of defining it in a module.
//
"ImportBaseUrlFrom": null,
//
// Module name to import "parseQuery" function, instead of defining it in a module.
//
"ImportParseQueryFrom": null,
//
// Include optional parameter `parseUrl: (url: string) => string = url=>url` that will parse the constructed URL.
//
"IncludeParseUrlParam": false,
//
// Include optional parameter `parseRequest: (request: RequestInit) => RequestInit = request=>request` that will parse the constructed request.
//
"IncludeParseRequestParam": false,
//
// Header lines on each auto-generated source file. Default is ["// autogenerated at {0}", "", ""] where {0} is the current timestamp.
//
"HeaderLines": [
"// autogenerated at {0}",
""
],
//
// Array of routine names to skip (without schema)
//
"SkipRoutineNames": [],
//
// Array of generated function names to skip (without schema)
//
"SkipFunctionNames": [],
//
// Array of url paths to skip
//
"SkipPaths": [],
//
// Array of schema names to skip
//
"SkipSchemas": [],
//
// Default TypeScript type for JSON types
//
"DefaultJsonType": "string",
//
// Use routine name instead of endpoint name when generating function names.
//
"UseRoutineNameInsteadOfEndpoint": false,
//
// Export URLs as constants in the generated code.
//
"ExportUrls": false,
//
// Skip generating types and produce pure JavaScript code. Setting this to true will also change the .ts extension to .js where applicable.
//
"SkipTypes": false,
//
// Keep TypeScript models unique, meaning models with the same fields and types will be merged into one model with the name of the last model. This significantly reduces the number of generated models.
//
"UniqueModels": false,
//
// Name of the XSRF Token Header (Anti-forgery Token). This is used in FORM POSTS to the server when Anti-forgery is enabled. Currently, only Upload requests use FORM POST.
//
"XsrfTokenHeaderName": null,
//
// Export event sources create functions for streaming events.
//
"ExportEventSources": true,
//
// List of custom imports to add to the generated code. It adds line to a file. Use full expression like `import { MyType } from './my-type';`
//
"CustomImports": [],
//
// Dictionary of custom headers to add to each request in generated code. Header key is automatically quoted if it doesn't contain quotes.
//
"CustomHeaders": {},
//
// When true, include PostgreSQL schema name in the generated type names to avoid name collisions. Set to false to simplify type names when no name collisions are expected.
//
"IncludeSchemaInNames": true,
//
// Expression to parse error response. Only used when IncludeStatusCode is true.
//
"ErrorExpression": "await response.json()",
//
// TypeScript type for error response. Only used when IncludeStatusCode is true.
//
"ErrorType": "{status: number; title: string; detail?: string | null} | undefined"
},
//
// HTTP client functionality for annotated composite types.
// Allows PostgreSQL functions to make HTTP requests by using specially annotated types as parameters.
//
"HttpClientOptions": {
//
// Enable HTTP client functionality for annotated types.
//
"Enabled": false,
//
// Default name for the response status code field within annotated types.
//
"ResponseStatusCodeField": "status_code",
//
// Default name for the response body field within annotated types.
//
"ResponseBodyField": "body",
//
// Default name for the response headers field within annotated types.
//
"ResponseHeadersField": "headers",
//
// Default name for the response content type field within annotated types.
//
"ResponseContentTypeField": "content_type",
//
// Default name for the response success field within annotated types.
//
"ResponseSuccessField": "success",
//
// Default name for the response error message field within annotated types.
//
"ResponseErrorMessageField": "error_message"
},
//
// Reverse proxy functionality for NpgsqlRest endpoints.
// When an endpoint is marked with 'proxy' annotation, incoming requests are forwarded to another URL.
//
"ProxyOptions": {
//
// Enable proxy functionality for annotated endpoints.
//
"Enabled": false,
//
// Base URL (host) for proxy requests (e.g., "https://api.example.com").
// When set, proxy endpoints will forward requests to this host + the original path.
//
"Host": null,
//
// Default timeout for all proxy requests. Format: "HH:MM:SS" or PostgreSQL interval.
//
"DefaultTimeout": "00:00:30",
//
// When true, original request headers are forwarded to the proxy target.
//
"ForwardHeaders": true,
//
// Headers to exclude from forwarding to the proxy target.
//
"ExcludeHeaders": ["Host", "Content-Length", "Transfer-Encoding"],
//
// When true, forward response headers from proxy back to client.
//
"ForwardResponseHeaders": true,
//
// Response headers to exclude from forwarding back to client.
//
"ExcludeResponseHeaders": ["Transfer-Encoding", "Content-Length"],
//
// Default name for the proxy response status code parameter.
//
"ResponseStatusCodeParameter": "_proxy_status_code",
//
// Default name for the proxy response body parameter.
//
"ResponseBodyParameter": "_proxy_body",
//
// Default name for the proxy response headers parameter.
//
"ResponseHeadersParameter": "_proxy_headers",
//
// Default name for the proxy response content type parameter.
//
"ResponseContentTypeParameter": "_proxy_content_type",
//
// Default name for the proxy response success parameter.
//
"ResponseSuccessParameter": "_proxy_success",
//
// Default name for the proxy response error message parameter.
//
"ResponseErrorMessageParameter": "_proxy_error_message",
//
// When true, for upload endpoints marked as proxy, the raw multipart/form-data content is forwarded directly to the upstream proxy instead of being processed locally. This allows the upstream service to handle file uploads. When false (default), upload endpoints with proxy annotation will process uploads locally and upload metadata will not be available to the proxy.
//
"ForwardUploadContent": false
},
//
// CRUD endpoints for the PostgreSQL tables and views.
//
"CrudSource": {
//
// Enable or disable the creation of the endpoints for the PostgreSQL tables and views.
//
"Enabled": true,
//
// Filter schema names similar to this parameter or `null` to ignore this parameter.
//
"SchemaSimilarTo": null,
//
// Filter schema names NOT similar to this parameter or `null` to ignore this parameter.
//
"SchemaNotSimilarTo": null,
//
// List of schema names to be included or `null` to ignore this parameter.
//
"IncludeSchemas": null,
//
// List of schema names to be excluded or `null` to ignore this parameter.
//
"ExcludeSchemas": null,
//
// Filter names similar to this parameter or `null` to ignore this parameter.
//
"NameSimilarTo": null,
//
// Filter names NOT similar to this parameter or `null` to ignore this parameter.
//
"NameNotSimilarTo": null,
//
// List of names to be included or `null` to ignore this parameter.
//
"IncludeNames": null,
//
// List of names to be excluded or `null` to ignore this parameter.
//
"ExcludeNames": null,
//
// Configure how the comment annotations will behave. `Ignore` will create all endpoints and ignore comment annotations. `ParseAll` will create all endpoints and parse comment annotations to alter the endpoint. `OnlyWithHttpTag` (default) will only create endpoints that contain the `HTTP` tag in the comments and then parse comment annotations.
//
"CommentsMode": "OnlyWithHttpTag",
//
// URL pattern for all "returning" endpoints. Parameter is the original URL. Parameter placeholder {0} is default URL.
//
"ReturningUrlPattern": "{0}/returning",
//
// URL pattern for all "do nothing" endpoints. Parameter is the original URL. Parameter placeholder {0} is default URL.
//
"OnConflictDoNothingUrlPattern": "{0}/on-conflict-do-nothing",
//
// URL pattern for all "do nothing returning " endpoints. Parameter is the original URL. Parameter placeholder {0} is default URL.
//
"OnConflictDoNothingReturningUrlPattern": "{0}/on-conflict-do-nothing/returning",
//
// URL pattern for all "do update" endpoints. Parameter is the original URL. Parameter placeholder {0} is default URL.
//
"OnConflictDoUpdateUrlPattern": "{0}/on-conflict-do-update",
//
// URL pattern for all "do update returning" endpoints. Parameter is the original URL. Parameter placeholder {0} is default URL.
//
"OnConflictDoUpdateReturningUrlPattern": "{0}/on-conflict-do-update/returning",
//
// Set of flags to enable or disable the creation of the CRUD endpoints for the specific types of the PostgreSQL tables and views.
//
// Possible values are:
// Select, Update, UpdateReturning, Insert, InsertReturning, InsertOnConflictDoNothing, InsertOnConflictDoUpdate, InsertOnConflictDoNothingReturning,
// InsertOnConflictDoUpdateReturning, Delete, DeleteReturning, All
//
"CrudTypes": [
"All"
]
}
}
}Related
Core Settings
- Top-Level Settings - Application identity, URLs, and startup message
- Config Section - Configuration file processing and environment variables
- NpgsqlRest Options - Core API generation settings (URL prefixes, naming conventions, request handling)
- Routine Options - PostgreSQL routine handling (language filtering, custom types)
- Connection - Database connection strings and settings
- Server - Kestrel web server and SSL/TLS configuration
Security
- Authentication - Authentication providers (JWT, Cookie, Basic, etc.)
- Authentication Options - Per-endpoint authentication configuration
- Validation - Parameter validation rules (NotNull, Required, Regex, etc.)
- Antiforgery - CSRF protection settings
- Data Protection - Key storage and encryption settings
- CORS - Cross-Origin Resource Sharing configuration
Features
- CRUD - Automatic CRUD endpoint generation for tables
- OpenAPI - OpenAPI/Swagger documentation generation
- HTTP Files - HTTP test file generation
- Code Generation - Client code generation (TypeScript, etc.)
- Uploads - File upload handling
- HTTP Client - HTTP Types for external API calls from PostgreSQL functions
Performance
- Response Compression - Gzip/Brotli compression settings
- Cache Options - Response caching configuration
- Rate Limiter - Rate limiting settings
- Command Retry - Database command retry policies
- Thread Pool - Thread pool configuration
Infrastructure
- Logging - Log levels and output configuration
- Static Files - Static file serving configuration
- Error Handling - Error response configuration