Available Parameter Values

33.1 Available Parameter Values

The following tables list all the available parameter values you can set within the APEX_INSTANCE_ADMIN package, including parameters for email, wallet, and reporting printing.

You can query the APEX_INSTANCE_PARAMETERS dictionary view to determine the current values of these parameters unless the parameter contains a password.

Instance-Only Parameters

The following parameters can be configured only at the Instance level (using APEX_INSTANCE_ADMIN.SET_PARAMETER).

Parameter Name	Description
`ADMIN_DIGEST_DEFAULT_REPORTING_PERIOD`	Default reporting period in days for APEX Administrator Digest.
`ADMIN_DIGEST_MAX_REPORTING_PERIOD`	Maximum reporting period in days for APEX Administrator Digest. Older data is removed from the metrics tables.
`AI_BUILDER_PROXY`	The proxy server for all outbound HTTP(s) traffic to Generative AI Services from APEX App Builder.
`AI_MAX_TOOL_ROUNDTRIPS`	The maximum number of network roundtrips AI calls can make to answer tool calls. No default.
`ALLOW_DB_MONITOR`	If set to `Y`, database monitoring within SQL Workshop is enabled. If set to `N`, the default, it is disabled.
`ALLOW_EXTERNAL_LINKS`	If set to `Y`, the default, external links are displayed in the builder. Set to `N` for disconnected environments where it is not desirable to show links that developers cannot access.
`ALLOW_HASH_FUNCTIONS`	Comma-separated list of supported hash algorithms (default is `SH256`,`SH384`,`SH512`). `SH1` is also supported by default in Oracle Database 11g.
`ALLOW_PERSISTENT_AUTHENTICATION`	If set to `Y`, the persistent authentication API is enabled for all applications.
`ALLOW_PUBLIC_FILE_UPLOAD`	If set to `Y`, enables file uploads without user authentication. If set to `N`, the default, they are disabled.
`ALLOW_RAS`	If set to `Y`, enable Real Application Security support for applications. If set to `N` (the default), RAS can not be used.
`ALLOW_REST`	If set to `Y`, the default, developers are allowed to expose report regions as RESTful services. If set to `N`, they are not allowed.
`ALLOW_SQL_DEVELOPER_WEB`	If set to `Y`, developers are allowed to open SQL Developer Web for DB schemas associated with their workspace from the Builder menu. Default is `N`.
`APEX_BUILDER_AUTHENTICATION`	Controls the authentication scheme for Oracle APEX Administration Services and the development environment. Valid parameter values include: `APEX`: Oracle APEX workspace accounts authentication (default) `DB`: Database accounts authentication `HEADER`: HTTP header variable based authentication `SSO`: Oracle Single Sign-On authentication (OracleAS PL/SQL SSO SDK) `LDAP`: LDAP authentication `SAML`: SAML authentication `SOCIAL`: Social Sign-In authentication (OpenID / OAuth2)
`APPLICATION_ACTIVITY_LOGGING`	Controls setting of application activity log for entire instance. Options are: `A` (Always) `N` (Never) `U` (Use application settings) `O` (Off for New Applications)
`APPLICATION_ID_MAX`	The largest possible ID for a database application.
`APPLICATION_ID_MIN`	The smallest possible ID for a database application.
`AUDIT_LOG_RETENTION`	Number of days to keep audit log entries.
`AUTHENTICATION_SUBSTITUTIONS`	Allows to specify substitutions which are visible to all authentication schemes in the APEX instance. The parameter value is a JSON format with a flat structure. Substitutions can be used for all authentication scheme attributes with `#SUBSTITUTION_NAME#`. Example: `{ "SUBST_NAME": "SOME_VALUE", "SUBST_NAME_2": "VALUE_2" }`
`AUTOEXTEND_TABLESPACES`	If set to `Y`, the default, provisioned tablespaces will autoextend up to a maximum size. If set to `N`, tablespaces will not autoextend.
`BACKGROUND_JOB_CLASS`	Defines the `DBMS_SCHEDULER` job class to use for Automations, REST Data Source synchronizations and Interactive Report notifications.
`BACKGROUND_MIN_EXECUTION_CADENCE`	Defines the minimum execution cadence for background jobs like REST data source synchronizations or automations. The configured amount of minutes must pass between two executions.
`BACKGROUND_PROCESS_JOB_CLASS`	Defines the `DBMS_SCHEDULER` job class to use for background execution of page processes.
`BIGFILE_TABLESPACES_ENABLED`	If set to `Y`, the tablespaces provisioned through APEX are created as bigfile tablespaces. If set to `N`, the tablespaces are created as smallfile tablespaces.
`CHECK_FOR_UPDATES`	If set to `N`, the check for Oracle APEX and Oracle REST Data Services product updates is disabled for the entire instance, regardless of preferences specified by individual developers. The default is `Y`.
`CHECKSUM_HASH_FUNCTION`	Defines the algorithm that is used to create one way hashes for URL checksums. Valid values are MD5 (deprecated), SH1 (deprecated), SH256 (SHA-2, 256 bit), SH384 (SHA-2, 384 bit), SH512 (SHA-2, 512 bit) and null. The SHA-2 algorithms are only available on Oracle 12g and later. A null value evaluates to the most secure algorithm available and is the default.
`CLONE_SESSION_ENABLED`	If set to `Y`, the default, users can create multiple sessions in the browser.
`CSV_DOWNLOAD_CRLF_LINE_BREAKS`	If set to `Y`, CSV downloads will use CRLF as line break instead of LF. Default is `NULL`.
`CSV_DOWNLOAD_ESCAPE_FORMULAS`	If set to `Y`, `apex_escape.csv` will escape formula cells by prepending a space.
`CSV_DOWNLOAD_WITH_BOM_ENABLED`	If set to `Y`, CSV downloads will include a BOM (Byte order mark) to help MS Excel to recognize the character set of CSV file. Default is `NULL`.
`DATA_REPORTER_AUTHENTICATION`	Controls the authentication scheme for Oracle APEX Data Reporter applications. Valid parameter values include: `HEADER`: HTTP header variable based authentication `SAML`: SAML authentication `SOCIAL`: Social Sign-In authentication
`DB_SIGNATURE`	This parameter can be used to automatically disable sending of emails on cloned databases. If the value is not `NULL` and differs from `APEX_INSTANCE_ADMIN.DB_SIGNATURE`, features are disabled. The default value is `NULL`, i.e. nothing is disabled. See also functions `DB_SIGNATURE` and `IS_DB_SIGNATURE_VALID`.
`DEBUG_MESSAGE_PAGE_VIEW_LIMIT`	Maximum number of debug messages for a single page view. Default is 50000.
`DEFAULT_THEME_FILES`	Virtual web server path for theme files. Only applies to themes that reference this location using #DEFAULT_THEME_FILES# substitution string.
`DELETE_UPLOADED_FILES_AFTER_DAYS`	Uploaded files like application export files, websheet export files, or spreadsheet data load files will be automatically deleted after this number of days. Default is 14.
`DISABLE_ADMIN_LOGIN`	If set to `Y`, Oracle APEX Administration Services are disabled. If set to `N`, the default, they are not disabled.
`DISABLE_APPS_LOGIN`	If set to `Y`, the login to all customer-created apps is disabled. If set to a comma-separated list of application IDs, only the login to those applications is disabled. If set to `N`, the default, the login to customer-created apps is not disabled.
`DISABLE_WORKSPACE_LOGIN`	If set to `Y`, the workspace login is disabled. If set to `N`, the default, the login is not disabled.
`DISABLE_WS_MSG`	The message displayed to end users when they attempt to provision a workspace via email provisioning while workspace provisioning has been disabled (via `DISABLE_WS_PROV`).
`DISABLE_WS_PROV`	If set to `Y`, the workspace creation is disabled for requests sent out via e-mail notification. If set to `N`, the default, they are not disabled.
`DOCGEN_CREDENTIAL`	Specifies the cloud credential to use for Oracle Object Storage bucket management and use of the Oracle Document Generator Pre-built function.
`DOCGEN_FUNCTION_OCID`	Specifies the Oracle Cloud Identity (OCID) of the Oracle Document Generator Pre-Built function.
`DOCGEN_INSTANCEID_OVERRIDE`	Overrides the instance ID used for the bucket name in Object Storage.
`DOCGEN_INVOKE_ENDPOINT`	The base endpoint URL to access the Oracle Document Generator Pre-built function.
`DOCGEN_OS_BUCKET_COMPARTMENT_OCID`	The unique ID of the OCI compartment for bucket management and Oracle Document Generator Pre-built function access.
`DOCGEN_OS_ENDPOINT`	Specifies the base URL endpoint for the Oracle Object Storage bucket.
`DOCGEN_OS_NAMESPACE`	OCI system-assigned namespace name for Object Storage. The Object Storage namespace serves as the top-level container for all buckets and objects.
`EMAIL_ATTACHMENT_MAX_SIZE_MB`	Specifies the maximum size in megabytes of a single email attachment sent using `APEX_MAIL` or the `Send E-Mail` process.
`EMAIL_IMAGES_URL`	Specifies the full URL to the images directory of Oracle APEX instance, including the trailing slash after the images directory. For example: `http://example_server/i/`. This setting used for Oracle APEX system-generated emails.
`EMAIL_INSTANCE_URL`	Specifies the full URL to the Oracle APEX instance, including the trailing slash after the Database Access Descriptor. For example: `http://example_server/pls/apex/`. This setting used for Oracle APEX system-generated emails.
`ENABLE_DICTATION`	If set to `Y`, this instance can use the Web Speech API for converting speech into text in supported components. If set to `N`, Web Speech will not be enabled in supported components.
`ENABLE_LEGACY_WEB_ENTRY_POINTS`	If `Y` (default is `N`), procedures that were used in older APEX versions (e.g. `HTMLDB_UTIL`.%) can be called in the URL.
`ENABLE_TRANSACTIONAL_SQL`	If set to `Y`, the default, transactional SQL commands are enabled on this instance. If set to `N`, transactional SQL commands are not enabled.
`ENCRYPTED_TABLESPACES_ENABLED`	If set to `Y`, the tablespaces provisioned through APEX are created as encrypted tablespaces. If set to `N`, the tablespaces are not encrypted.
`GALLERY_BACKGROUND_INSTALL`	If set to `Y`, the default, gallery applications are installed in the background, so users don't have to wait until installation finishes and can proceed with their work without interruption.
`GALLERY_FILE_URLS`	URLs which will be used as a installation source for the Oracle APEX application gallery. The URLs should point to valid endpoints returning JSON format, which describe the sample or starter apps to list. Substitution string `#APEX_BASE_VERSION#` can be used to link to version dependent endpoints.
`GETTING_STARTED_ENABLED`	If set to `Y`, getting started information will be shown on the homepage and other pages.
`HEADER_AUTH_CALLBACK`	Callback procedure name for HTTP header based authentication, defaults to `APEX_AUTHENTICATION.CALLBACK`.
`HEADER_AUTHENTICATION`	HTTP Header Variable authentication settings in flat JSON format. Supported keys are `http_header_variable`, `action_if_username_empty`, `url`, `error_message`, `verify_username`, and `logout_url_sso_server`.
`HTTP_ERROR_STATUS_ON_AJAX_ERROR_ENABLED`	If set to `N`, the default, APEX presents an error JSON to AJAX caller for all unhanded errors. If set to `Y`, returns an HTTP 400 status when the APEX engine encounters an unhandled error. If empty, follow the behavior configured with `HTTP_ERROR_STATUS_ON_ERROR_PAGE_ENABLED` parameter.
`HTTP_ERROR_STATUS_ON_ERROR_PAGE_ENABLED`	If set to `N`, the default, APEX presents an error page to the end user for all unhanded errors. If set to `Y`, returns an HTTP 400 status to the end user's client browser when the APEX engine encounters an unhandled error.
`HTTP_RESPONSE_HEADERS`	List of http response headers, separated by newline (`chr(10)`). APEX writes these headers on each request, before rendering the page. The substitution string `#CDN#` within the headers will be replaced by the content delivery networks that are known to APEX.
`HTTP_STS_MAX_AGE`	This parameter is only relevant if `REQUIRE_HTTPS` is set to `A`. Then, APEX emits a Strict-Transport-Security header, with `max-age=<value>`, on HTTPS requests if `HTTP_STS_MAX_AGE` has a value greater than 0. It also redirects to a HTTPS URL if the request protocol is HTTP, instead of processing the request.
`HTTP_TRUSTED_ORIGINS`	List of remote HTTP origins that can access resources, separated by newline. Set this parameter in combination with the ORDS parameter `security.externalSessionTrustedOrigins`.
`IGNORED_FRIENDLY_URL_PARAMETERS`	Comma-separated list of parameter names which are ignored when parsing friendly URLs. Default: `utm_campaign,utm_source,utm_medium,utm_term,utm_content,fbclid`
`IMAGE_PREFIX`	The image prefix of the APEX instance, such as `/i/`.
`IMP_DEFAULT_SUBSCRIPTION_MODE`	Use this parameter to define a default Subscription Mode installation option. Refer Subscription Mode constants in the `APEX_APPLICATION_INSTALL` package for valid values.
`INBOUND_PROXIES`	Comma-separated list of IP addresses for proxy servers through which requests come in.
`INSTANCE_DBMS_CREDENTIAL_ENABLED`	If set to `Y`, database credentials, which are accessible to the APEX engine (`APEX_NNNNNN` schema), can be used in all workspaces on this instance.
`INSTANCE_NO_PROXY_DOMAINS`	Comma-separated list of domain names for which the instance proxy is not to be used.
`INSTANCE_PROXY`	The proxy server for all outbound HTTP(s) traffic. If `INSTANCE_PROXY` is set, it overrides any application specific proxy server definition.
`INSTANCE_TABLESPACE`	If specified, comma-separated list of tablespaces to use for the database user for all new workspaces.
`KEEP_SESSIONS_ON_UPGRADE`	This flag affects application upgrades. If set to `N`, the default, delete sessions associated with the application. If set to `Y`, leave sessions unaffected.
`LOGIN_MESSAGE`	The text to be displayed on the login page. This text can include HTML.
`LOGIN_THROTTLE_DELAY`	The flag which determines the time increase in seconds after failed logins.
`LOGIN_THROTTLE_METHODS`	The methods to count failed logins. Colon-separated list of `USERNAME_IP`, `USERNAME`, `IP`.
`MAX_APPLICATION_BACKUPS`	The maximum number of backups kept for each application. Default is 25. Maximum is 30. Zero (`0`) disables automated backups.
`MAX_DATA_EXPORT_IMAGES`	The maximum number of unique images to be included in a data export / report download.
`MAX_MAIL_QUEUE_ROWS`	Defines the number of email messages that will be processed from the queue per workspace during each invocation of the `ORACLE_APEX_MAIL_QUEUE` scheduler job.
`MAX_MAP_AJAX_REQUESTS_PER_SESSION`	Maximum number of allowed AJAX requests per session when Vector Tiles are used. Default is 20. Unlimited if NULL. Zero (`0`) disables "Use Vector Tiles".
`MAX_OBJECTS_MAP_LAYER_TILE`	The maximum number of features included in a layer tile when Vector Tiles are used. Default is 15000, minimal value is 1, maximum value is 25000.
`MAX_PROCESS_SCHEDULER_JOBS_DEFAULT`	Default maximum value of scheduler jobs for background processing. The default value is 4.
`MLE_LANGUAGES`	Comma-separated list of MLE languages available for application development. If the parameter contains no language, only SQL and PL/SQL can be used. Default: `JAVASCRIPT`. Note: To use MLE, workspace schemas still need the necessary MLE grants: =21c: `grant EXECUTE DYNAMIC MLE to schema` >=21c: `grant EXECUTE ON sys.JAVASCRIPT to schema` To create environments and modules: >=26ai: `grant CREATE MLE to schema`
`PASSWORD_ALPHA_CHARACTERS`	The alphabetic characters used for password complexity rules. Default list of alphabetic characters include the following: `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`
`PASSWORD_HASH_FUNCTION`	Defines the algorithm that is used to create one way hashes for workspace user passwords. Valid values are `MD5` (deprecated), `SH1` (deprecated), `SH256` (SHA-2, 256 bit), `SH384` (`SHA-2`, 384 bit), `SH512` (`SHA-2`, 512 bit) and `NULL`. The `SHA-2` algorithms are only available on Oracle 12g and later. A `NULL` value evaluates to the most secure algorithm available and is the default.
`PASSWORD_HASH_ITERATIONS`	Defines the number of iterations for the `PASSWORD_HASH_FUNCTION` (default 10000).
`PASSWORD_HISTORY_DAYS`	Defines the number of days a previously used password cannot be used again as a new password by the same user.
`PASSWORD_MIN_LENGTH`	A positive integer or `0` which specifies the minimum character length for passwords for instance administrators, workspace administrators, developers, and end user Oracle APEX accounts.
`PASSWORD_NEW_DIFFERS_BY`	A positive integer or `0` which specifies the number of differences required between old and new passwords. The passwords are compared character by character, and each difference that occurs in any position counts toward the required minimum difference. This setting applies to accounts for instance administrators, workspace administrators, developers, and end user Oracle APEX accounts.
`PASSWORD_NOT_LIKE_USERNAME`	If `Y` (the default is `N`), prevent workspace administrator, developer, and end user account passwords from containing the username.
`PASSWORD_NOT_LIKE_WORDS`	Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain. These words may not appear in the password in any combination of upper- or lowercase.
`PASSWORD_NOT_LIKE_WS_NAME`	Set to `Y` to prevent workspace administrator, developer, and end user account passwords from containing the workspace name.
`PASSWORD_ONE_ALPHA`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in `PASSWORD_ALPHA_CHARACTERS`.
`PASSWORD_ONE_LOWER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character.
`PASSWORD_ONE_NUMERIC`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (`0-9`).
`PASSWORD_ONE_PUNCTUATION`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in `PASSWORD_PUNCTUATION_CHARACTERS`.
`PASSWORD_ONE_UPPER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character.
`PASSWORD_PUNCTUATION_CHARACTERS`	The punctuation characters used for password complexity rules. Default list of punctuation characters include the following: !"#$%&()``*+,-/:;<=>?_
`PERSISTENT_AUTHENTICATION_MAX_DAYS`	Number of days after which persistent authentication expires and user has to sign in again.
`PLSQL_EDITING`	If set to `Y`, the default, the SQL Workshop Object Browser is enabled to permit users to edit and compile PL/SQL. If set to `N`, users are not allowed.
`PRINT_BIB_LICENSED`	Specify the external print server. Valid values include: `STANDARD` - requires Apache FOP. `DOCUMENT_GENERATOR` - requires Oracle Document Generator Pre-built Function. `ADVANCED` - requires Oracle BI Publisher. `AOP` - requires APEX Office Print. `NONE`- Native APEX printing.
`PRINT_SVR_HOST`	Specifies the host address of the print server converting engine, for example, `localhost`. Enter the appropriate host address if the print server is installed at another location.
`PRINT_SVR_PASSWORD`	Defines the password APEX takes to authenticate itself against the print server, in conjunction with the parameter `PRINT_SVR_USERNAME`.
`PRINT_SVR_PORT`	Defines the port of the print server engine, for example `8888`. Value must be a positive integer.
`PRINT_SVR_PROTOCOL`	Valid values include: `http` `https`
`PRINT_SVR_SCRIPT`	Defines the script that is the print server engine, for example: `/xmlpserver/convert`
`PRINT_SVR_TIMEOUT`	Defines the transfer timeout for communicating with the print server in seconds. Value must be a positive integer.
`PRINT_SVR_USERNAME`	Defines the username APEX takes to authenticate itself against the print server. If `PRINT_SVR_USERNAME` is `NULL`, no authentication is used.
`PROTECTED_COOKIES`	Comma-separated list of cookie names that APEX should filter from the OWA arrays.
`PWA_PUSH_NOTIFICATIONS_ALLOWED_ENDPOINTS`	Defines an optional list of additional allowed URLs for push notification services. By default the APEX engine supports the following URLs: `android.googleapis.com` `fcm.googleapis.com` `updates.push.services.mozilla.com` `notify.windows.com` `push.apple.com`
`REJOIN_EXISTING_SESSIONS`	If `P` (the default), session rejoining is supported for non-authenticated users and public pages. If `Y`, it is also supported for authenticated users and protected pages. If `N`, session rejoining is disabled for the whole instance. Session rejoining has to be enabled at application or page level. A more restrictive setting at instance level with this instance parameter overrides application and page settings. Unconditionally enabling session rejoining has serious security implications. Attackers could take over sessions via XSS or if they have development access, to a workspace.
`REQ_NEW_SCHEMA`	If set to `Y`, the option for new schema for new workspace requests is enabled. If set to `N`, the default, the option is disabled.
`REQUIRE_HTTPS`	If set to `A`, enforces HTTPS for the whole APEX instance. If `I`, enforces HTTPS within the Oracle APEX development and administration applications. If `N`, permits all application be used when the protocol is either HTTP or HTTPS. Note: Developers can also enforce HTTPS at the application level, by setting the Secure attribute of an application scheme's cookie.
`REQUIRE_OUT_HTTPS`	If set to `Y`, all outbound HTTP traffic has to use the HTTPS protocol.
`REQUIRE_OUT_LDAPS`	If set to `Y`, all outbound LDAP traffic has to use TLS.
`RESTFUL_SERVICES_ENABLED`	If set to `Y`, the default, RESTful services development is enabled. If set to `N`, RESTful services are not enabled.
`RESTRICT_APPS_HEADER`	To restrict access to a specific list of applications, enter a HTTP request header name. If the header exists, login to the application is only allowed if the application ID is contained in the comma-delimited list of applications in the header.
`RESTRICT_DEV_HEADER`	Controls access to the APEX development environment and Administration Services using an HTTP request header. Specify the name of the header, for example `Public-Access`. If this header exists in the request, access is blocked. Normally an external load balancer or a web server adds this header. The value of the header is ignored.
`RESTRICT_IP_RANGE`	To restrict access to the Oracle APEX development environment to a specific range of IP addresses, enter a comma-delimited list of IP addresses. If necessary, you can use an asterisk () as a wildcard, but do not include additional numeric values after wildcard characters. For example, `138..41.2` is not a valid value.
`RESTRICT_RESPONSE_HEADERS`	If `Y` or `NULL` (the default), show `HTTP 500` when a page contains unsupported HTTP response headers. These include status codes 301, 308 and 410, and cache headers for POST requests.
`SAMESITE_COOKIE`	Default value of the cookie attribute "samesite".
`SAML_APEX_CALLBACK_URLS`	SAML authentication: Supported URLs for `APEX_AUTHENTICATION.SAML_CALLBACK`, separated by newlines. If set, APEX verifies that the domain in the browser is part of this list and sends it's index (starting at 0) in authentication requests as `AssertionConsumerServiceIndex`.
`SAML_APEX_CERTIFICATE`	SAML authentication: The primary certificate of the APEX side.
`SAML_APEX_CERTIFICATE2`	(Optional) SAML authentication: The alternative certificate of the APEX side.
`SAML_APEX_PRIVATE_KEY`	SAML authentication: The private key of the APEX side.
`SAML_APEX_PRIVATE_KEY2`	(Optional) SAML authentication: The alternative private key of the APEX side.
`SAML_C14N_SKIP_UNUSED_INCLUSIVE_NS`	SAML authentication: If `Y` (default null), skip unused `InclusiveNamespaces` when canonicalizing XML.
`SAML_C14N_SKIP_UTILIZED_XMLNS`	SAML authentication: If `Y` (default null), skip superfluous xmlns from the root node when extracting the Assertion from a SAML Response, when canonicalizing XML.
`SAML_ENABLED`	SAML authentication: `Y` if workspace applications should be able to use SAML authentication.
`SAML_IP_ISSUER`	SAML authentication: Issuer attribute from the identity provider's metadata.
`SAML_IP_SIGNING_CERTIFICATE`	SAML authentication: The certificate from the identity provider's metadata.
`SAML_IP_SIGNING_CERTIFICATE2`	(Optional) SAML authentication: An alternative certificate from the identity provider's metadata.
`SAML_NAMEID_FORMAT`	SAML authentication: The NameID format that APEX expects. Defaults to `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` when `NULL`.
`SAML_SIGN_IN_URL`	SAML authentication: The identity provider's sign in URL.
`SAML_SIGN_OUT_URL`	(Optional) SAML authentication: The identity provider's sign out URL.
`SAML_SP_ISSUER`	SAML authentication: The "issuer" attribute that APEX sends (defaults to the callback URL).
`SAML_USERNAME_ATTRIBUTE`	SAML authentication: Responses can contain additional attributes about the user. If set, APEX uses that attribute's value as the username (defaults to the assertion subject's `NameID` attribute).
`SELF_SERVICE_SCHEMA_PREFIX`	If set, all schemas created during self service workspace provisioning will be prefixed with this value.
`SERVICE_ADMIN_PASSWORD_MIN_LENGTH`	A positive integer or `0` which specifies the minimum character length for passwords for instance administrators, workspace administrators, developers, and end user Oracle APEX accounts, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_NEW_DIFFERS_BY`	A positive integer or `0` which specifies the number of differences required between old and new passwords. The passwords are compared character by character, and each difference that occurs in any position counts toward the required minimum difference. This setting applies to accounts for instance administrators, workspace administrators, developers, and end user Oracle APEX accounts, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_NOT_LIKE_USERNAME`	If `Y`, prevent workspace administrator, developer, and end user account passwords from containing the username, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_NOT_LIKE_WORDS`	Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`). These words may not appear in the password in any combination of upper- or lowercase.
`SERVICE_ADMIN_PASSWORD_NOT_LIKE_WS_NAME`	Set to `Y` to prevent workspace administrator, developer, and end user account passwords from containing the workspace name, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_ALPHA`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in `PASSWORD_ALPHA_CHARACTERS`, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_LOWER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_NUMERIC`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (`0-9`), when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_PUNCTUATION`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in `PASSWORD_PUNCTUATION_CHARACTERS`, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_UPPER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_REQUEST_FLOW`	Determines default provisioning mode. Valid values include: `MANUAL`: (default) An administrator must manually create each workspace. `EMAIL`: Link displayed on login page. Requests require administrator approval. `AUTO`: Link displayed on login page. Requests automatically approved.
`SERVICE_REQUESTS_ENABLED`	If set to `Y`, the default, workspace service requests for schemas, storage, and termination is enabled. If set to `N`, these requests are disabled.
`SMTP_ALLOW_WORKSPACE_CREDENTIALS`	If set to `Y`, workspaces can configure their own Web Credential to authenticate with the SMTP server. If set to `N`, only the instance configuration will be used.
`SMTP_CLIENT_DOMAIN`	The domain name of the client to send as the HELO/EHLO argument. If not specified, the server domain is used.
`SMTP_CONNECTION_REUSE_COUNT`	Number of mails that the mail job processes, before re-opening the SMTP connection (default 1).
`SMTP_ENVELOPE_FROM`	Defines the "MAIL FROM" SMTP envelope address. If not set, `APEX_MAIL` will use the `p_from` address.
`SMTP_FROM`	Defines the "From" address for administrative tasks that generate email, such as approving a provision request or resetting a password. Enter a valid email address, for example:`admin@example.com`
`SMTP_HOST_ADDRESS`	Defines the server address of the SMTP server. If you are using another server as an SMTP relay, change this parameter to that server's address. Default setting: `localhost`.
`SMTP_HOST_PORT`	Defines the port the SMTP server listens to for mail requests. Default setting: `25`.
`SMTP_PASSWORD`	Defines the password APEX takes to authenticate itself against the SMTP server, in conjunction with the parameter `SMTP_USERNAME`.
`SMTP_REST_EMAIL_MODE`	Controls whether mail deliver is done via SMTP relay (the default, `N`) or if mail delivery is done via the Oracle Cloud Notification Service.
`SMTP_REST_EMAIL_URL`	URL to be used for mail delivery via the Oracle Cloud Notification Service. This setting is only relevant when `SMTP_REST_EMAIL_MODE` = `Y`.
`SMTP_RETRY_PERMANENT_ERROR_PATTERNS`	Defines a linefeed-delimited list of regex patterns to determine which "permanent errors" returned by an SMTP server are to be actually treated as temporary. If an error message is treated as temporary, the mail will be sent again when the job executes next time. If the error is treated as permanent, the mail will be removed from the queue immediately. Defaults to `.*` (means that all errors are treated as temporary) for backwards compatibility.
`SMTP_SECURE_HOST`	Specify allowable hosts presented by certificate when TLS is used.
`SMTP_TLS_MODE`	Defines whether or not APEX opens an encrypted connection to the SMTP server. If set to `N`, the connection is unencrypted (default). If set to `Y`, the connection is encrypted before data is sent. If `STARTTLS`, APEX sends the SMTP commands `EHLO [SMTP_CLIENT_DOMAIN]` and `STARTTLS` before encrypting the connection.
`SMTP_USERNAME`	Defines the username APEX takes to authenticate itself against the SMTP server (default is `NULL`). Starting with database version 11.2.0.2, APEX uses `UTL_MAIL`'s `AUTH` procedure for authentication. This procedure negotiates an authentication mode with the SMTP server. With earlier database versions, the authentication mode is always `AUTH LOGIN`. If `SMTP_USERNAME` is `NULL`, no authentication is used.
`SOCIAL_AUTH_CALLBACK`	Callback procedure name for Social Sign-In, defaults to `APEX_AUTHENTICATION.CALLBACK`.
`SOCIAL_AUTHENTICATION`	Social Sign-In authentication settings in flat JSON format. Supported keys are `client_id`, `authentication_provider`, `discovery_url`, `authorization_endpoint_url`, `token_endpoint_url`, `user_info_endpoint_url`, `logout_url`, `scope`, `authentication_uri_parameters`, `username`, `additional_user_attributes`, `uppercase_username`, `token_authentication_method`, `verify_attributes`, and `map_additional_user_attributes`.
`SOCIAL_CLIENT_SECRET`	Social Sign-In authentication: Client secret, stored in the internal `AUTHN_SOCIAL` credential.
`SQL_SCRIPT_MAX_OUTPUT_SIZE`	The maximum allowable size for an individual script result. Default is `200000`.
`SSO_LOGOUT_URL`	Defines the URL Oracle APEX redirects to in order to trigger a logout from the Single Sign-On server. APEX automatically appends `"?p_done_url=...login url...".` Example: `https://login.example.com/pls/orasso/orasso.wwsso_app_admin.ls_logout`
`STRONG_SITE_ADMIN_PASSWORD`	If set to `Y`, the default, the APEX admin password must conform to the default set of strong complexity rules. If set to `N`, the password is not required to follow the strong complexity rules.
`SUBSCRIPTION_HASH_FUNCTION`	Defines the algorithm that is used to create component checksums to validate subscriptions. Valid values are `SH256` (SHA-2, 256 bit), `SH384` (`SHA-2`, 384 bit), `SH512` (`SHA-2`, 512 bit) and `NULL`. A `NULL` value evaluates to the most secure algorithm available. Default is `SH256`.
`SWAGGER_UI_URL`	Defines a URL pointing to the SWAGGER UI server to be used by the ORDS REST Workshop when generating documentation for a module. If a URL is specified, the URI to the web service swagger doc will be passed to the Swagger server. If a there is no URL specified, raw JSON will be produced.
`SYSTEM_DEBUG_LEVEL`	Defines a default debug level for all incoming requests (`NULL`, `1-9`) The SQLcl script `utilities/debug/d0.sql` can be used to switch between `NULL` (disabled) and level `9`.
`SYSTEM_HELP_URL`	Specifies the location of the help and documentation accessed via the Help link in the development environment. By default, this points to the documentation for the corresponding release. For example: `http://oracleapex.com/doc261` for APEX 26.1.
`SYSTEM_MESSAGE`	The text to be displayed on the development environment home page. This text can include HTML.
`TASK_RETENTION_PERIOD_DAYS`	Specifies the retention period for Tasks in `Completed` state in days. After the retention period, tasks will be archived in a JSON zip file and purged from the table(s).
`TRACE_HEADER_NAME`	This parameter contains a HTTP request header name and defaults to `ECID-CONTEXT`. The name must be in upper case. APEX writes the HTTP header value to the activity log's `ECID` column.
`TRACING_ENABLED`	If set to `Y` (the default), an application with Debug enabled can also generate server-side db trace files using `"&p_trace=YES"` on the URL. If set to `N`, the request to create a trace file will be ignored.
`UPGRADE_DATE`	This read-only parameter contains the date when the next scheduled APEX upgrade will automatically apply to your database or `NULL` when no upgrade is scheduled. The date follows the ISO 8601 format in the UTC time zone. This parameter only applies to APEX on Autonomous AI Database.
`UPGRADE_DEFERRED`	When `N` (default), future APEX upgrades are scheduled within the default upgrade window. When `Y`, future APEX upgrades are scheduled within the extended upgrade window. If the next APEX upgrade is already scheduled in this database, changing this parameter also reschedules this upgrade (for example, from the default upgrade window to the extended upgrade window). This parameter only applies to APEX on Oracle Autonomous AI Database.
`UPGRADE_STATUS`	This parameter contains the status of the next scheduled APEX upgrade if available. The possible values are: `UP-TO-DATE`, `SCHEDULED`, `RUNNING`. Set this parameter to `RUN` to initiate the upgrade. This parameter only applies to APEX on Autonomous AI Database.
`UPGRADE_VERSION`	This read-only parameter contains the APEX version to be installed with the next scheduled upgrade or `NULL` when no upgrade is scheduled. This parameter only applies to APEX on Autonomous AI Database.
`USERNAME_VALIDATION`	The case-sensitive regular expression used to validate a username when creating or modifying developer and workspace administrator accounts. Default is `*` (asterisk) (validation is disabled).
`WALLET_PATH`	The path to the wallet on the file system, for example: `file:/home/<username>/wallets`
`WALLET_PWD`	The password associated with the wallet.
`WORKFLOW_RETENTION_PERIOD_DAYS`	Specifies the retention period for Workflows in `Completed` state in days. After the retention period, workflows will be purged from the table(s).
`WORKSPACE_FREE_SPACE_LIMIT`	Sets percentage limit for free space in a workspace. If available space is lower that the value set here, a report lists them for the APEX Administrator Digest.
`WORKSPACE_ISSUE_FILES_YN`	If set to `Y`, the default, new workspaces will allow file uploads into the Issues application. If set to `N`, new workspaces will not allow file uploads into Issues, thereby disabling the ability to upload attachments for an issue.
`WORKSPACE_ISSUE_FS_LIMIT`	The maximum per upload file size of an Issue file attachment. Default value is `15728640 (15 MB)`. All possible options are listed below: `5 MB - 5242880` `10 MB - 10485760` `15 MB - 15728640` `20 MB - 20971520` `25 MB - 26214400`
`WORKSPACE_MAX_OUTPUT_SIZE`	The maximum space allocated for script results. Default is `2000000`.
`WORKSPACE_NAME_USER_COOKIE`	If set to `Y` or `NULL` (the default), APEX sends persistent cookies for workspace name and username during login, as well as for language selection. If `N`, the cookies are not sent.
`WORKSPACE_PROVISION_DEMO_OBJECTS`	If set to `Y`, the default, demonstration applications and database objects are created in new workspaces. If set to `N`, they are not created in new workspaces.
`WORKSPACE_TEAM_DEV_FILES_YN`	If set to `Y`, the default, new workspaces will allow file uploads into Team Development. If set to `N`, new workspaces will not allow file uploads into Team Development, thereby disabling the ability to upload `feature`, `bug`, and `feedback` attachments.
`WORKSPACE_TEAM_DEV_FS_LIMIT`	The maximum per upload file size of a Team Development file (`feature`, `bug`, and `feedback` attachments). Default value is `15728640 (15 MB)`. All possible options are listed below: `5 MB - 5242880` `10 MB - 10485760` `15 MB - 15728640` `20 MB - 20971520` `25 MB - 26214400`
`ZIP_FILE_MAX_EXPANSION_FACTOR`	The maximum factor by which a compressed file can expand after decompression. Default value is `200`.
`ZIP_FILE_MAX_UNCOMPRESSED_SIZE_MB`	The maximum size to unzip a file. Default value is `4096` MB.

Instance and Workspace Parameters

The following parameters can be configured at both the Instance level (using APEX_INSTANCE_ADMIN.SET_PARAMETER) and the Workspace level (using APEX_INSTANCE_ADMIN.SET_WORKSPACE_PARAMETER).

Parameter	Description
`ACCOUNT_LIFETIME_DAYS`	The maximum number of days an end-user account password may be used before the account is expired.
`AI_IS_ENABLED`	If set to `Y` (default), then AI Services can be enabled and configured for workspaces. If set to `N`, AI functionality is disabled for all workspaces.
`AI_MAX_TOKENS`	The maximum number of Tokens used for Generative AI Services allowed for each workspace in a rolling 24-hour period. No Default.
`ALLOW_HOSTING_EXTENSIONS`	Default `N`. If `Y`, the workspace is enabled to publish Builder Extension apps through the Extension Menu.
`ALLOW_HOSTNAMES`	If set, users can only navigate to an application if the URL's hostname part contains this value. Instance administrators can configure more specific values at workspace level.
`AUTOMATION_LOG_MESSAGE_LIMIT`	Limits the number of messages written to the automation log for a single automation run. If not set, messages will be logged without a limit.
`CONTENT_CACHE_MAX_FILE_SIZE`	The individual file entry size limit for the content cache, per workspace.
`CONTENT_CACHE_SIZE_TARGET`	The target size for the content cache, per workspace.
`ENV_BANNER_COLOR`	Defines the color class name for the environment banner color. Use `accent-1`, `accent-2`, `accent-3` (and so on). Maximum of 16 color classes.
`ENV_BANNER_ENABLE`	If set to `Y` (default is `N`), the environment banner displays in the APEX development environment to visually flag the environment.
`ENV_BANNER_LABEL`	Defines the label for the environment banner.
`ENV_BANNER_POS`	Defines the display position for the environment banner. Options: `LEFT` or `TOP`.
`EXPIRE_FND_USER_ACCOUNTS`	If set to `Y`, expiration of APEX accounts is enabled. If set to `N`, they are not enabled.
`MAX_LOGIN_FAILURES`	The maximum number of consecutive unsuccessful authentication attempts allowed before a developer or administrator account is locked.
`MAX_PROCESS_SCHEDULER_JOBS`	The maximum number of scheduler jobs for background processing. A setting at workspace level overrides the instance level setting, specified with the `MAX_PROCESS_SCHEDULER_JOBS_DEFAULT` instance parameter.
`MAX_SESSION_IDLE_SEC`	The number of seconds an internal application may be idle.
`MAX_SESSION_LENGTH_SEC`	The number of seconds an internal application session may exist.
`MAX_WEBSERVICE_REQUESTS`	The maximum number of outbound web service requests allowed for each workspace in a rolling 24-hour period. Default is 1000.
`QOS_MAX_SESSION_KILL_TIMEOUT`	Number of seconds that an active old session can live, when `QOS_MAX_SESSION_REQUESTS` has been reached. The oldest DB session with `LAST_CALL_ET` greater than `QOS_MAX_SESSION_KILL_TIMEOUT` will be killed.
`QOS_MAX_SESSION_REQUESTS`	Number of allowed concurrent requests to one session associated with this workspace.
`QOS_MAX_WORKSPACE_REQUESTS`	Number of allowed concurrent requests to sessions in this workspace.
`RM_CONSUMER_GROUP`	If set, this is the resource manager consumer group to be used for all page events. A more specific group can be configured at workspace level.
`SESSION_TIMEOUT_WARNING_SEC`	The number of seconds before session timeout that a warning is displayed, for internal applications.
`WEBSERVICE_LOGGING`	Controls instance wide setting of web service activity log: [`A`]lways, [`N`]ever, [`U`]se workspace settings.
`WORKSPACE_EMAIL_MAXIMUM`	Maximum number of emails allowed to be sent via `APEX_MAIL` per workspace in a 24 hour period. Default is 1000.
`WORKSPACE_MAX_FILE_BYTES`	The maximum number of bytes for uploaded files for a workspace. A setting at workspace level overrides the instance level setting.

Workspace Parameters

The following parameters can be configured only at the Workspace level (using APEX_INSTANCE_ADMIN.SET_WORKSPACE_PARAMETER).

Parameter	Description
`OPENTELEMETRY_CLS_URL`	The external Client Logging Service (CLS) URL that is obtained during telemetry provisioning.
`OPENTELEMETRY_TOKEN_RELAY_URL`	The REST service that obtains an access token for the currently logged in user. The token is used for authentication when calling the CLS.
`PATH_PREFIX`	The unique URI path prefix used to access RESTful Services in a workspace. The default path prefix value is the name of the workspace. Note that this is a workspace parameter, it can not be set at instance level.
`SMTP_CREDENTIAL_STATIC_ID`	Static ID of the Web Credential to be used to authenticate with the SMTP server when emails are sent from this workspace.