Update the Site Management Settings
/sites/management/api/v1/settings
Update one of more of the site management settings. Settings can be individually changed or changed together.
Introduced in release 20.1.2.
Authorization
To invoke this operation, the authenticated user or client application must have one of the following roles:
- CECServiceAdministrator
Successful Response Examples
This operation responds with the following success (2xx) responses. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.
200OK - Disable Site Governance
Disable site governance, allowing any member of a template to create a site.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "governanceEnabled": false }
200OK - Enable Site Governance
Enable site governance, allowing site administrators to control who can create sites and who can approve site creation.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "governanceEnabled": true }
200OK - Disable Site Prerender Service
Disable the site prerender service.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "prerender": { "enabled": false } }
200OK - Enable Site Prerender Service
Enable the site prerender service so that site access is optimized.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "prerender": { "enabled": true } }
200OK - Allow Site Creation by Non Site Administrators
Allow site creation by service users. When site governance is enabled site creation this setting is ignored and site creation is controlled by policies managed by site administrators.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "allowSiteCreation": true }
200OK - Prevent Site Creation
Prevent anyone from creating sites.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "allowSiteCreation": false }
200OK - Change the Minimum Site Security
Change the minimum site security settings for online sites.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "siteSecurityPolicy": { "level": "service", "appliesTo": "named" } }
200OK - Change Who Can Create Components and Themes
Change restricted operations to allow non site administrators to create components and themes.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "siteAdminOnlyOperations": { "themeCreation": false, "componentCreation": false } }
200OK - Deactivate Sites When They Expire
Automatically take a site offline when the site expires.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "expiration": { "action": "deactivate" } }Introduced in release 20.3.1.
200OK - Deletes Sites When They Expire
Automatically take a site offline when the site expires and delete the site ten days after the site expires.
Request
PATCH https://api.example.com/sites/management/api/v1/settings
Request Body
{ "expiration": { "action": "delete", "deleteAfter": 10 } }Introduced in release 20.3.1.
Client Error Response Examples
This operation responds with following client error (4xx) responses with exception details in the response body. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.
400Bad Request - Invalid Security Scope
The site security scope named
cannot be used with a security level of everyone
. A site security scope of all
must be used when using a security level of everyone
.
Error Code
OCE-SITEMGMT-009018
Resolution - Edit Site Security Scope
Change the security scope to the suggested required scope value.
Exception Detail Fields
This error type includes the following fields/values in the response:
Field Name | Description |
level | Specified site security level. Valid values are:
|
specifiedScope | Specified site security scope. Valid values are:
|
requiredScope | Required site security scope. Valid values are:
|
For detailed information about this exception detail type, consult the InvalidSecurityScopeExceptionDetail schema in the definitions section of the swagger document.
Example Response Body
{ "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1", "title": "Invalid Security Scope", "status": "400", "detail": "Site security scope '{specifiedScope}' is not valid with a site security level of '{level}'. Use a security scope of '{requiredScope}'.", "o:errorCode": "OCE-SITEMGMT-009018", "level": "service", "specifiedScope": "named", "requiredScope": "all" }
409Conflict - Starter Edition Governance Not Supported
Starter edition will only allow you to create one site.
Error Code
OCE-SITEMGMT-009119
Resolution - Upgrade to Premium
Upgrade to Premium to access site factory governance.
Example Response Body
{ "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1", "title": "Starter Edition Governance Not Supported", "status": "409", "detail": "Site governance is not supported in Starter Edition.", "o:errorCode": "OCE-SITEMGMT-009119" }
Introduced in release 21.6.1.
Request
- application/merge-patch+json
Only properties that are being updated should be provided in the request. To remove a property, include it in the request with a value of null
. Properties that cannot be updated are ignored.
object
-
allowSiteCreation(optional):
boolean
Allow your service users to create sites. When you enable the ability to create sites, you allow all users to create templates and sites. If you disable site creation, users can still see and work with templates and other folders in the hierarchy. Users can also still work with an existing site if the site is shared with them. They can view, edit, and manage the site, depending on their role. When you enable sites functionality, users have the ability to publish any content they have access to, including confidential information. You might want to limit your users to creating only secured sites, so that users have to sign in before they can see the site content. For even more security, you can limit site creation to administrators.
Introduced in release 20.1.2. -
expiration(optional):
object expiration
Site expiration settings such as whether sites are automatically taken offline and deleted when the site expires.
Introduced in release 20.3.1. -
governanceEnabled(optional):
boolean
Enable governance for sites to simplify and accelerate site delivery for business users, who are not site administrators, while giving site administrators an easy way to control and track sites from a centralized location.
Introduced in release 20.1.2. -
links(optional):
array links
HATEOS link to related resources and actions or actions on this resource. Must include at least a 'self' link that contains a link to the canonical representation of the resource.
-
prerender(optional):
object prerender
Prerender service settings such as whether the prerender service is enabled.
Introduced in release 20.1.2. -
siteAdminOnlyOperations(optional):
object siteAdminOnlyOperations
Restrict site, template, theme and component creation to site administrators.
Introduced in release 20.1.2. -
siteSecurityPolicy(optional):
object siteSecurityPolicy
Specify the minimum security allowed for online sites.
Introduced in release 20.1.2.
{
"governanceEnabled":false
}
object
Site expiration settings such as whether sites are automatically taken offline and deleted when the site expires.
Introduced in release 20.3.1.-
action(optional):
string
What action to take when the site expires. This can be do nothing. If the site is online the site will remain online. The deactivate action takes the site offline after the site expires. The delete action takes the site offline after the site expires and also deletes the site. The site is deleted using the days after to determine how long after expiration before the site is deleted.
Valid values are:
-
nothing
- Site is left online and is not deleted -
deactivate
- Site is taken offline when the site expires -
delete
- Site is taken offline when the site expires and deleted after a configurable number of days after expiration
-
-
deleteAfter(optional):
integer(int32)
Minimum Value:
3
Maximum Value:90
Number of days to wait after a site expires before deleting the site. This setting is only used if the action selected is to delete expired sites. This setting can still be set if site deletion is disabled; the setting value will just be ignored.
Introduced in release 20.3.1.
array
HATEOS link to related resources and actions or actions on this resource. Must include at least a 'self' link that contains a link to the canonical representation of the resource.
object
Prerender service settings such as whether the prerender service is enabled.
Introduced in release 20.1.2.-
enabled(optional):
boolean
Enable or disable the Prerender Service.
Introduced in release 20.1.2. -
userAgents(optional):
string
Comma-separated list of user-agent product names that, if detected, will cause the client (crawlers and bots) to be redirected to the pre-render generated cached site content. Oracle Content Management has a built in list of crawlers and bots with is combined with this custom user-agent product names.
Introduced in release 20.1.2.
object
Restrict site, template, theme and component creation to site administrators.
Introduced in release 20.1.2.-
componentCreation(optional):
boolean
If true, only site administrators can create components.
Introduced in release 20.1.2. -
siteCreation(optional):
boolean
If true, only site administrators can create sites. Ignored if governance is enabled.
Introduced in release 20.1.2. -
templateCreation(optional):
boolean
If true, only site administrators can create templates.
Introduced in release 20.1.2. -
themeCreation(optional):
boolean
If true, only site administrators can create themes.
Introduced in release 20.1.2.
object
Specify the minimum security allowed for online sites.
Introduced in release 20.1.2.-
appliesTo(optional):
string
Define which types of users may access a site. Can include all users or be restricted to named users only.
Valid values are:
-
named
- Only named users within a specified level can access -
all
- All users within a specified level can access
-
-
level(optional):
string
Maximum open security level that can be set on a site.
Valid values are:
-
service
- Only service users -
cloud
- Only cloud users who can sign in to your domain -
everyone
- Anyone without signing in
-
object
REST HATEOAS link and related metadata. If responses provide links (for example, a self
link to the resource itself) the links provided will include one or more of the properties defined on this link structure.
-
href(optional):
string
The target resource URI. URI RFC3986 or URI Template RFC6570. If the value is set to URI Template, then the
templated
property must be set totrue
. -
mediaType(optional):
string
Media type, as defined by RFC 2046, describing the link target.
-
method(optional):
string
HTTP method for requesting the target of the link.
Valid values are:
-
OPTIONS
- HTTP OPTIONS -
HEAD
- HTTP HEAD -
GET
- HTTP GET -
POST
- HTTP POST -
PUT
- HTTP PUT -
PATCH
- HTTP PATCH -
DELETE
- HTTP DELETE
-
-
profile(optional):
string(uri)
Link to the metadata of the resource, such as JSON-schema, that describes the resource expected when dereferencing the target resource.
-
rel(optional):
string
Name of the link relation that, in addition to the type property, can be used to retrieve link details.
-
templated(optional):
boolean
Boolean flag that specifies the
href
property is a URI or URI Template. The property can be assumed to befalse
if the property is not present.
Response
- application/json
- application/vnd.oracle.resource+json;type=singular
200 Response
-
Cache-Control: string
Directives for caching mechanisms.
-
Content-Length: string
Size of the response body.
-
Content-Type: string
Content type of the response.
-
allOf
SitesManagementSettings
Sites Management settings.
Introduced in release 20.1.2.
Sites Management settings.
Introduced in release 20.1.2.-
object
SingularResource
All singular resources include the properties of the singular resource definition. A singular resource includes a list of links that provide relationships to other resources, or in the case of the self link the resource itself.
-
object
SitesManagementSettings-allOf[1]
object
All singular resources include the properties of the singular resource definition. A singular resource includes a list of links that provide relationships to other resources, or in the case of the self link the resource itself.
-
links(optional):
array links
HATEOS link to related resources and actions or actions on this resource. Must include at least a 'self' link that contains a link to the canonical representation of the resource.
object
-
allowSiteCreation(optional):
boolean
Allow your service users to create sites. When you enable the ability to create sites, you allow all users to create templates and sites. If you disable site creation, users can still see and work with templates and other folders in the hierarchy. Users can also still work with an existing site if the site is shared with them. They can view, edit, and manage the site, depending on their role. When you enable sites functionality, users have the ability to publish any content they have access to, including confidential information. You might want to limit your users to creating only secured sites, so that users have to sign in before they can see the site content. For even more security, you can limit site creation to administrators.
Introduced in release 20.1.2. -
expiration(optional):
expiration
Site expiration settings such as whether sites are automatically taken offline and deleted when the site expires.
Introduced in release 20.3.1. -
governanceEnabled(optional):
boolean
Enable governance for sites to simplify and accelerate site delivery for business users, who are not site administrators, while giving site administrators an easy way to control and track sites from a centralized location.
Introduced in release 20.1.2. -
prerender(optional):
prerender
Prerender service settings such as whether the prerender service is enabled.
Introduced in release 20.1.2. -
siteAdminOnlyOperations(optional):
siteAdminOnlyOperations
Restrict site, template, theme and component creation to site administrators.
Introduced in release 20.1.2. -
siteSecurityPolicy(optional):
siteSecurityPolicy
Specify the minimum security allowed for online sites.
Introduced in release 20.1.2.
array
HATEOS link to related resources and actions or actions on this resource. Must include at least a 'self' link that contains a link to the canonical representation of the resource.
object
REST HATEOAS link and related metadata. If responses provide links (for example, a self
link to the resource itself) the links provided will include one or more of the properties defined on this link structure.
-
href(optional):
string
The target resource URI. URI RFC3986 or URI Template RFC6570. If the value is set to URI Template, then the
templated
property must be set totrue
. -
mediaType(optional):
string
Media type, as defined by RFC 2046, describing the link target.
-
method(optional):
string
HTTP method for requesting the target of the link.
Valid values are:
-
OPTIONS
- HTTP OPTIONS -
HEAD
- HTTP HEAD -
GET
- HTTP GET -
POST
- HTTP POST -
PUT
- HTTP PUT -
PATCH
- HTTP PATCH -
DELETE
- HTTP DELETE
-
-
profile(optional):
string(uri)
Link to the metadata of the resource, such as JSON-schema, that describes the resource expected when dereferencing the target resource.
-
rel(optional):
string
Name of the link relation that, in addition to the type property, can be used to retrieve link details.
-
templated(optional):
boolean
Boolean flag that specifies the
href
property is a URI or URI Template. The property can be assumed to befalse
if the property is not present.
Site expiration settings such as whether sites are automatically taken offline and deleted when the site expires.
Introduced in release 20.3.1.-
object
SiteExpirationSettings
Site expiration related settings, such as enabling or disabling automatic site deactivation and deletion. Site expiration only takes affect if site governance is enabled.
Introduced in release 20.3.1.
Prerender service settings such as whether the prerender service is enabled.
Introduced in release 20.1.2.-
object
PrerenderSettings
Search engine optimization related settings, such as enabling or disabling the pre-render service and configuring crawler and bot user-agents.
Introduced in release 20.1.2.
Restrict site, template, theme and component creation to site administrators.
Introduced in release 20.1.2.-
object
SiteAdminOnlyOperations
Defines the operations restricted to Site Administrators.
Introduced in release 20.1.2.
Specify the minimum security allowed for online sites.
Introduced in release 20.1.2.-
object
SecurityPolicy
The security policy specifies the minimum level of security level a site will be allowed to have. The site will be created with this minimum level, and the site manager/owner can then set a more restrictive security level on the site if they wish. The manager/owner cannot select a security level that is less secure than the values specified on the sites security policy.
object
Site expiration related settings, such as enabling or disabling automatic site deactivation and deletion. Site expiration only takes affect if site governance is enabled.
Introduced in release 20.3.1.-
action(optional):
string
What action to take when the site expires. This can be do nothing. If the site is online the site will remain online. The deactivate action takes the site offline after the site expires. The delete action takes the site offline after the site expires and also deletes the site. The site is deleted using the days after to determine how long after expiration before the site is deleted.
Valid values are:
-
nothing
- Site is left online and is not deleted -
deactivate
- Site is taken offline when the site expires -
delete
- Site is taken offline when the site expires and deleted after a configurable number of days after expiration
-
-
deleteAfter(optional):
integer(int32)
Minimum Value:
3
Maximum Value:90
Number of days to wait after a site expires before deleting the site. This setting is only used if the action selected is to delete expired sites. This setting can still be set if site deletion is disabled; the setting value will just be ignored.
Introduced in release 20.3.1.
object
Search engine optimization related settings, such as enabling or disabling the pre-render service and configuring crawler and bot user-agents.
Introduced in release 20.1.2.-
enabled(optional):
boolean
Enable or disable the Prerender Service.
Introduced in release 20.1.2. -
userAgents(optional):
string
Comma-separated list of user-agent product names that, if detected, will cause the client (crawlers and bots) to be redirected to the pre-render generated cached site content. Oracle Content Management has a built in list of crawlers and bots with is combined with this custom user-agent product names.
Introduced in release 20.1.2.
object
Defines the operations restricted to Site Administrators.
Introduced in release 20.1.2.-
componentCreation(optional):
boolean
If true, only site administrators can create components.
Introduced in release 20.1.2. -
siteCreation(optional):
boolean
If true, only site administrators can create sites. Ignored if governance is enabled.
Introduced in release 20.1.2. -
templateCreation(optional):
boolean
If true, only site administrators can create templates.
Introduced in release 20.1.2. -
themeCreation(optional):
boolean
If true, only site administrators can create themes.
Introduced in release 20.1.2.
object
The security policy specifies the minimum level of security level a site will be allowed to have. The site will be created with this minimum level, and the site manager/owner can then set a more restrictive security level on the site if they wish. The manager/owner cannot select a security level that is less secure than the values specified on the sites security policy.
-
appliesTo(optional):
string
Define which types of users may access a site. Can include all users or be restricted to named users only.
Valid values are:
-
named
- Only named users within a specified level can access -
all
- All users within a specified level can access
-
-
level(optional):
string
Maximum open security level that can be set on a site.
Valid values are:
-
service
- Only service users -
cloud
- Only cloud users who can sign in to your domain -
everyone
- Anyone without signing in
-
{
"allowSiteCreation":false,
"governanceEnabled":false,
"siteSecurityPolicy":{
"level":"service",
"appliesTo":"named"
},
"siteAdminOnlyOperations":{
"siteCreation":false,
"templateCreation":false,
"themeCreation":false,
"componentCreation":false
},
"prerender":{
"enabled":false,
"userAgents":"AdsBot-Google,AdsBot-Google-Mobile-Apps,AppEngine-Google"
},
"expiration":{
"action":"nothing",
"deleteAfter":30
}
}
400 Response
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
object
InvalidSecurityScopeExceptionDetail-allOf[1]
object
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
detail(optional):
string
Description specific to this occurrence of the problem. The human-readable, potentially multi-line details describing the problem in more details.
-
instance(optional):
string(uri)
URI to the link that provides more detail about the error.
-
o:errorCode(optional):
string
Application error code, which is different from HTTP error code. This code should be used to check for specific errors, rather than comparing fields such as the
title
ordetail
. -
o:errorDetails(optional):
array o:errorDetails
Multiple errors can be organized in a hierarchical structure.
-
o:errorPath(optional):
string
XPath or JSON path to indicate where the error occurs.
-
status(optional):
integer(int32)
Corresponding HTTP status code for the error.
-
title(optional):
string
Short, human-readable summary of the problem. It is not advisable to use the title as a way of checking for specific errors, use the
o:errorCode
for this purpose. -
type(optional):
string(uri)
Absolute URI that identifies the problem type. When this URI dereferenced, it should provide a human-readable summary of the problem, for example, as a HTML page.
object
-
level(optional):
string
Specified site security level.
Valid values are:
-
service
- Only service users -
cloud
- Only cloud users who can sign in to your domain -
everyone
- Anyone without signing in
-
-
requiredScope(optional):
string
Required site security scope.
Valid values are:
-
named
- Only named users within a specified level can access -
all
- All users within a specified level can access
-
-
specifiedScope(optional):
string
Specified site security scope.
Valid values are:
-
named
- Only named users within a specified level can access -
all
- All users within a specified level can access
-
array
Multiple errors can be organized in a hierarchical structure.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
{
"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
"title":"Invalid Security Scope",
"status":"400",
"detail":"Site security scope '{specifiedScope}' is not valid with a site security level of '{level}'. Use a security scope of '{requiredScope}'.",
"o:errorCode":"OCE-SITEMGMT-009018",
"level":"service",
"specifiedScope":"named",
"requiredScope":"all"
}
401 Response
403 Response
406 Response
409 Response
-
allOf
StarterEditionGovernanceNotSupportedExceptionDetail
Introduced in release 21.6.1.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
object
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
detail(optional):
string
Description specific to this occurrence of the problem. The human-readable, potentially multi-line details describing the problem in more details.
-
instance(optional):
string(uri)
URI to the link that provides more detail about the error.
-
o:errorCode(optional):
string
Application error code, which is different from HTTP error code. This code should be used to check for specific errors, rather than comparing fields such as the
title
ordetail
. -
o:errorDetails(optional):
array o:errorDetails
Multiple errors can be organized in a hierarchical structure.
-
o:errorPath(optional):
string
XPath or JSON path to indicate where the error occurs.
-
status(optional):
integer(int32)
Corresponding HTTP status code for the error.
-
title(optional):
string
Short, human-readable summary of the problem. It is not advisable to use the title as a way of checking for specific errors, use the
o:errorCode
for this purpose. -
type(optional):
string(uri)
Absolute URI that identifies the problem type. When this URI dereferenced, it should provide a human-readable summary of the problem, for example, as a HTML page.
array
Multiple errors can be organized in a hierarchical structure.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
{
"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
"title":"Starter Edition Governance Not Supported",
"status":"409",
"detail":"Site governance is not supported in Starter Edition.",
"o:errorCode":"OCE-SITEMGMT-009119"
}