JWT signing secret key

Required. The secret key used to sign the JSON Web Token (JWT). Make sure you use different values for different projects and keep it in a secret place

JWT signing algorithm

The algorithm used to sign the JWT. Default is HS512. For more possible values refer to JWT web site: https://jwt.io/introduction.

API JWT authorization header

The name of the header storing the JWT. Default value is X-Authorization

API access time after login (seconds)

Time you can access the protected resources after login. Default value is 0. If you want delay access, you can change it to 10.

API expire time after login (seconds)

The JWT expiry time. Default value is 3600 (60 minutes). Users will need to authenticate again once the JWT expires.

Access-Control-Allow-Origin

The Access-Control-Allow-Origin header. If unspecified, default value is "*" so the REST API can be accessed by external apps.

Access-Control-Allow-Headers

The Access-Control-Allow-Headers header.

Note CORS-safelisted request headers are always allowed and hence usually aren't listed in Access-Control-Allow-Headers (unless there is a need to circumvent the safelist additional restrictions).