Rest Api

🌐 REST API Configuration

🧩 Overview

MAPS Messaging includes a built-in RESTful API that exposes various management and operational endpoints. These allow users and administrators to interact with the server programmatically — enabling automation, remote control, and integration with third-party platforms.

The REST API is configured via the RestApi.yaml file.

⚙️ Base Configuration

RestApi:
  enabled: true
  enableAuthentication: false
  hostnames: "0.0.0.0"
  port: 8080
  enableSwagger: true
  enableSwaggerUI: true

Field	Description
`enabled`	Enables the REST API server.
`enableAuthentication`	Requires login/auth to use the API (recommended for production).
`hostnames`	Hostname/IP to bind to (e.g., `0.0.0.0` to accept all interfaces).
`port`	TCP port for incoming HTTP REST connections.
`enableSwagger`	Enables OpenAPI schema generation.
`enableSwaggerUI`	Enables built-in Swagger UI for interactive API exploration.

🔐 Authentication (Optional)

To enable authentication:

enableAuthentication: true

Then configure identity sources in SecurityManager.yaml.

🛠️ Feature Toggles

MAPS exposes fine-grained API modules:

  enableUserManagement: true
  enableSchemaManagement: true
  enableInterfaceManagement: true
  enableDestinationManagement: true

Feature	Purpose
`enableUserManagement`	CRUD operations on users and credentials
`enableSchemaManagement`	Manage message schemas for validation
`enableInterfaceManagement`	Control network interfaces dynamically
`enableDestinationManagement`	View or manage topics, queues, and destinations

🧠 Caching Behavior

  enableCache: true
  cacheLifetime: 30000
  cacheCleanup: 10000

Field	Description
`enableCache`	Enables response caching
`cacheLifetime`	Time (ms) before cache entry expires
`cacheCleanup`	Interval (ms) at which expired entries are removed

📁 Static File Hosting

The REST server can serve a static directory (e.g., for web UI):

static:
  enabled: true
  directory: "{{MAPS_HOME}}/www/dist"

Set enabled: false to disable static file serving completely.

🌐 CORS Headers

corsHeaders:
  Access-Control-Allow-Origin: "*"
  Access-Control-Allow-Methods: "GET, POST, PUT, DELETE, OPTIONS"
  Access-Control-Allow-Headers: "Content-Type, Authorization"
  Access-Control-Allow-Credentials: "true"

These allow cross-origin access (important for front-end apps or 3rd-party clients).

🔐 For production, restrict Access-Control-Allow-Origin to trusted domains.

🔐 TLS Support (Commented Block)

The configuration supports full TLS setup for secure REST endpoints:

# tls:
#   clientCertificateRequired: false
#   keyStore:
#     type: JKS
#     path: my-keystore.jks
#     passphrase: password
#   trustStore:
#     type: JKS
#     path: my-truststore.jks
#     passphrase: password

You can uncomment and adjust these fields to enable HTTPS access to the API.

✅ Best Practices

Always set enableAuthentication: true in production.
Use enableSwagger and SwaggerUI for self-documenting API endpoints.
Enable only required modules (user/schema/interface management).
Use TLS to encrypt REST traffic and protect credentials or payloads.
Secure CORS settings if accessed from browsers or UIs.

🌐 REST API Configuration​

🧩 Overview​

⚙️ Base Configuration​

🔐 Authentication (Optional)​

🛠️ Feature Toggles​

🧠 Caching Behavior​

📁 Static File Hosting​

🌐 CORS Headers​

🔐 TLS Support (Commented Block)​

✅ Best Practices​