D About the Oracle REST Data Services Configuration Files

The section describes the Oracle REST Data Services configuration files.

• Understanding the Configuration Folder Structure
  
• Understanding the Configuration File Format
  
• Understanding the Configurable Settings
  This section lists the configuration settings for the settings.xml and pool.xml configuration files, and secure settings for the wallet.

D.1 Understanding the Configuration Folder Structure

The configuration folder has the following structure:

+- global/
    +- settings.xml
    +- credentials
    +- wallet/
    +- standalone/
+- databases/
    +- default/
        +- pool.xml
        +- wallet/
    +- myapp/
         +- hostnames
         +- pool.xml
         +- wallet/
    +- myapp2/
         +- paths
         +- pool.xml
         +- wallet/

The global/ folder contains settings that apply across the entire ORDS instance:

• settings.xml: Contains settings that are configured across the entire ORDS instance. For example: debug.printToScreen=true
• credentials: The ORDS user password file
• wallet/: Contains an Oracle auto login wallet that contains the instance wide encryption and mac keys previously stored in security.crypto.enc.password and security.crypto.mac.password configuration settings in defaults.xml.
• standalone/: Contains standalone mode related resources such as the HTTPS certificate and key.

The databases/ folder contains database pool configurations.

• Each pool configuration is located in its own folder. The base path url mapping for a pool is inferred from the folder name. If the folder is named foo/, then requests can be mapped to the pool by accessing https://server/ords/foo/...
• The database pool folder name must only contain lowercase alphabet a-z, digits 0-9, '-', '.' or '_' character.
• The folder named default/ is reserved and is used to map requests that are not mapped to any other pool. It is equivalent to the apex.xml pool in the old structure.
• The folder named databases/<pool-name>/wallet/ contains an Oracle auto login wallet that contains the credentials for the database pool. The database username and password must be stored in the wallet. The db.password settings must not be used. The wallet must conform to the requirements for ORDS wallets.
• Alternatively, the folder may contain a file named hostname or paths, but not both.

D.2 Understanding the Configuration File Format

Configuration files use the standard Java XML properties file format, where each configuration setting contains a key and a corresponding value. The following is an example of settings.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="db.connectionType">basic</entry>
<entry key="db.hostname">localhost</entry>
<entry key="db.port">1521</entry>
<entry key="db.servicename">orcl</entry>
<entry key="jdbc.DriverType">thin</entry>
<entry key="jdbc.InitialLimit">3</entry>
<entry key="jdbc.MinLimit">1</entry>
<entry key="jdbc.MaxLimit">10</entry>
<entry key="jdbc.MaxStatementsLimit">10</entry>
<entry key="jdbc.InactivityTimeout">1800</entry>
<entry key="jdbc.statementTimeout">900</entry>
<entry key="jdbc.MaxConnectionReuseCount">1000</entry></properties>

D.3 Understanding the Configurable Settings

This section lists the configuration settings for the settings.xml and pool.xml configuration files, and secure settings for the wallet.

Note:

• Oracle recommends users to use the Oracle REST Data Services command-line interface to edit the configuration files.
• To add or change a Secure setting, you must use the ords config secret command.
• To add, change, or delete a setting refer to Updating the Configuration Settings section.

  Example: ords config secret db.password

Table D-1 Oracle REST Data Services Configuration Settings

Key	Type	Description	Example	Setting Type	OCI First Class Property or Label
apex.security.administrator.roles	string	Specifies the comma delimited list of additional roles to assign authenticated APEX administrator type users.	Not applicable	Pool specific	APEX Security Administrator Roles
apex.security.user.roles	string	Specifies the comma delimited list of additional roles to assign authenticated regular APEX users.	Not applicable	Pool specific	APEX Security User Roles
autoupgrade.api.aulocation	string	specifies a configuration setting for AutoUpgrade.jar location.	Not applicable	Pool specific	Oracle Database Auto Upgrade API Location
autoupgrade.api.enabled	boolean	Specifies a configuration setting to enable AutoUpgrade REST API features.	Not applicable	Pool specific	Oracle Database Auto Upgrade API Enabled
autoupgrade.api.jvmlocation	string	Specifies a configuration setting for AutoUpgrade REST API JVM location.	Not applicable	Pool specific	Oracle Database Auto Upgrade API JVM Location
autoupgrade.api.loglocation	string	Specifies a configuration setting for AutoUpgrade REST API log location.	Not applicable	Pool specific	Oracle Database Auto Upgrade API Log Location
database.api.management.services.disabled	boolean	Specifies to disable the Database API administration related services. Only applicable when Database API is enabled.	Not applicable	Global	Database API Management Services Disabled
db.adminUser	string	Specifies the username for the database account that ORDS uses for administration operations in the database.	Not applicable	Pool specific	Not applicable
db.cdb.adminUser	string	Specifies the username for the database account that ORDS uses for the Pluggable Database Lifecycle Management.	Not applicable	Pool specific	Not applicable
db.credentialsSource	string	Specifies the source for database credentials when creating a direct connection for running SQL statements. Value can be one of pool or request. If the value is pool, then the credentials defined in this pool is used to create a JDBC connection. If the value request is used, then the credentials in the request is used to create a JDBC connection and if successful, grants the requestor SQL Developer role. Default value: pool	Not applicable	Pool specific	Database Credentials Source
cache.metadata.graphql.expireAfterAccess	duration	Specifies the duration after a GraphQL schema is not accessed from the cache that it expires. Default value: 1 minute	2m	Global	GraphQL Schema Expiration After Access
cache.metadata.graphql.expireAfterWrite	duration	Specifies the duration after a GraphQL schema is cached that it expires and has to be loaded again. Default value: 2 minutes	5m	Not applicable	GraphQL Schema Expiration After Write
feature.graphql	string	Specifies which GraphQL features are enabled. Value can be one of: enabled, disable_graphiql or disable_all. If the value is set to enabled, then all the GraphQL features are available. If the value is set to disable_graphiql, then the GraphQL feature is disabled. If the value is set to disable_all, then all the GraphQL features are unavailable. The default value is enabled.	enabled	Pool specific	GraphQL Enabled
cache.metadata.jwks.enabled	boolean	Specifies the setting to enable or disable JWKS caching. Supported values: true false Default value: true	true	Global	JWKS Metadata Caching Enabled
cache.metadata.jwks.initialCapacity	numeric	Specifies the initial capacity of the JWKS cache.	10	Global	JWKS Cache Initial Capacity
cache.metadata.jwks.maximumSize	numeric	Specifies the maximum capacity of the JWKS cache.	10000	Global	JWKS Cache Maximum Size
cache.metadata.jwks.expireAfterAccess	duration	Specifies the duration after a JWK is not accessed from the cache that it expires. By default this is disabled.	2m	Global	JWKS Expiration After Access
cache.metadata.jwks.expireAfterWrite	duration	Specifies the duration after a JWK is cached, that is, it expires and has to be loaded again. Default value: 5 minutes	5m	Global	JWKS Expiration After Write
db.invalidPoolTimeout	duration	Specifies how long to wait before retrying an invalid pool. Default value: 15m	Not applicable	Global	Invalid Pool Timeout
db.poolDestroyTimeout	duration	Indicates how long to wait to gracefully destroy a pool before moving to forcefully destroy all connections including borrowed ones. Default value: 5m	Not applicable	Pool specific	Pool Destroy Timeout
db.wallet.zip	string	Specifies the wallet archive (provided in BASE64 encoding) containing connection details for the pool.	Not applicable	Pool specific	Not applicable
db.wallet.zip.path	string	Specifies the path to a wallet archive containing connection details for the pool.	Not applicable	Pool specific	Not applicable
db.wallet.zip.service	string	Specifies the service name in the wallet archive for the pool.	Not applicable	Pool specific	Not applicable
debug.trackResources	boolean	Specifies to enable tracking of JDBC resources. If not released causes in resource leaks or exhaustion in the database. Tracking imposes a performance overhead.	Not applicable	Pool specific	Track Resources
feature.grahpql.max.nesting.depth	numeric	Specifies the maximum join nesting depth limit for GraphQL queries. Defaults to 5.	10	Global	Not applicable
feature.openservicebroker.exclude	boolean	Specifies to disable the Open Service Broker services available for the pool.	Not applicable	Pool specific	Exclude Open Service Broker
feature.sdw	boolean	Specifies to enable the Database Actions feature.	Not applicable	Pool specific	Not applicable
http.cookie.filter	string	Specifies a comma separated list of HTTP Cookies to exclude when initializing an Oracle Web Agent environment.	Not applicable	Pool specific	HTTP Cookie Filter
instance.api.enabled	boolean	Specifies the setting to enable or disable the instance API service. The default value is false.	true	Global / Pool specific	Instance API Enabled
jdbc.auth.admin.role	string	Identifies the database role that indicates that the database user must get the SQL Administrator role.	Not applicable	Pool specific	Auth Admin Role
jdbc.cleanup.mode	Not applicable	Specifies how a pooled JDBC connection and corresponding database session, is released when a request has been processed. Default value: RECYCLE	Not applicable	Pool specific	Cleanup Mode
jdbc.sessionlesstxn.timeout	duration	Specifies the default timeout for sessionless transactions. Default value: 60 seconds	60s	Pool specific	Sessionless Transaction Timeout
owa.trace.sql	boolean	Specifies a boolean property. If it is true, then it causes a trace of the SQL statements performed by Oracle Web Agent to be echoed to the log.	Not applicable	Pool specific	SQL Tracing
plsql.gateway.mode	string	Indicates if the PL/SQL Gateway functionality should be available for a pool or not. Value can be one of disabled, direct, or proxied. If the value is direct, then the pool serves the PL/SQL Gateway requests directly. If the value is proxied, the PLSQL_GATEWAY_CONFIG view decides which user to proxy.	proxied	Pool specific	PL/SQL Gateway Mode
request.traceHeaderName	string	Specifies the name of the HTTP request header that uniquely identifies the request end to end as it passes through the various layers of the application stack. In Oracle this header is commonly referred to as the ECID (Entity Context ID).	Not applicable	Global	Request Trace Header Name
security.jwt.profile.enabled	boolean	Specifies whether the JWT Profile authentication is available. Supported values: true false Default value: true	true	Pool specific	Not applicable
security.jwks.size	numeric	Specifies the maximum number of bytes read from the JWK url. Default value: 100000 bytes .	100000	Pool specific	JWKS Size
security.jwks.connection.timeout	duration	Specifies the maximum amount of time before timing-out when accessing a JWK url. Default value: 5 seconds	5s	Pool specific	JWKS Connection Timeout
security.jwks.read.timeout	duration	Specifies the maximum amount of time reading a response from the JWK url before timing-out. Default value: 5 seconds.	5s	Pool specific	JWKS Read Timeout
security.jwks.refresh.interval	duration	Specifies the minimum interval between refreshing the JWK cached value.	10s	Pool specific	JWKS Refresh Interval
security.jwt.allowed.skew	duration	Specifies the maximum skew the JWT time claims are accepted. This is useful if the clock on the JWT issuer and ORDS differs by a few seconds. By default, it is disabled.	10s	Pool specific	JWT Allowed Skew
security.jwt.allowed.age	duration	Specifies the maximum allowed age of a JWT in seconds, regardless of expired claim. The age of the JWT is taken from the JWT issued at claim. By default, it is disabled.	1h	Pool specific	JWT Allowed Age
security.jwt.profile.mode	Not applicable	Specifies the setting to enable or disable the JWT profile feature. Values can be one of DISABLED, POOL or SCHEMA. If the value is SCHEMA, then JWT profile is defined by OAUTH.CREATE_JWT_PROFILE. If the value is POOL, then JWT profile defined at the pool level is used. If the value is DISABLED, then JWT profile defined at the pool level is used. Default value : SCHEMA	POOL	Pool specific	Not applicable
security.jwt.profile.audience	string	Specifies the expected audience for the JWT token. This value is used to validate the aud claim in the JWT token.	myJWTaudience	Pool specific	Not applicable
security.jwt.profile.issuer	string	Specifies the issuer of the JWT token. This value is used to validate the iss claim in the JWT token.	https://identity.oraclecloud.com/	Pool specific	Not applicable
security.jwt.profile.jwk.url	string	Specifies the URL of the JSON Web Key (JWK) that is used to verify the signature of the JWT token. The JWT URL must use https.	https://idcs-xxxxxxxxxxxxx.identity.oraclecloud.com/admin/v1/SigningCert/jwk	Pool specific	Not applicable
security.jwt.profile.role.claim.name	string	Specifies the JSON pointer to the claim in the JWT token that contains the roles of the users. This is used for Role-Based Access Control (RBAC) with JWT profiles. The role claim name must be a valid JSON pointer and should start with '/ '.	/roles	Pool specific	Not applicable
security.credentials.attempts	numeric	Specifies the maximum number of unsuccessful password attempts allowed. Enabled by setting a positive integer value. Defaults to -1.	3	Global	Max Unsuccessful Attempts
security.credentials.file	string	Specifies the file where credentials are stored.	Not applicable	Global	Credentials File
security.credentials.lock.time	duration	Specifies the period to lock the account that has exceeded maximum attempts. Defaults to 10m (10 minutes)	15m	Global	Account Lock Time
security.validationFunctionType	string	Indicates the type of security.requestValidationFunction: javascript or plsql. Defaults to plsql.	Not applicable	Pool specific	Validation Function Type
standalone.access.log	string	Specifies the path to the folder to store HTTP request access logs. If not specified, then no access log is generated.	Not applicable	Global	Access Log Path
standalone.binds	string	Specifies the comma separated list of host names or IP addresses to identify a specific network interface on which to listen. Default value: 0.0.0.0	Not applicable	Global	Bind Addresses
standalone.context.path	string	Specifies the context path where ords is located. Defaults to /ords	Not applicable	Global	Context Path
standalone.doc.root	string	Points to the location where static resources to be served under the / root server path are located.	Not applicable	Global	Not applicable
standalone.http.port	numeric	Specifies the HTTP listen port. Default value: 8080	8777	Global	Not applicable
standalone.https.cert	string	Specifies the SSL certificate path. If you are providing the SSL certificate, then you must specify the certificate location.	Not applicable	Global	Not applicable
standalone.https.cert.key	string	Specifies the SSL certificate key path. If you are providing the SSL certificate, you must specify the certificate key location.	Not applicable	Global	Not applicable
standalone.https.host	string	Specifies the SSL certificate hostname to use when you are generating a Self-Signed Certificate. Once a certificate exists, you cannot change the configuration setting to generate a new certificate.	Not applicable	Global	HTTPS Host
standalone.https.port	numeric	Specifies the HTTPS listen port. Default value: 8443	Not applicable	Global	Not applicable
standalone.https.san	boolean	Specifies if the self-signed certificate generated by ORDS in a standalone mode includes a SAN extension. SAN has the same value as defined for the setting standalone.https.host.	false	Global	HTTPS SAN
standalone.static.context.path	string	Specifies the Context path where APEX static resources are located. Default value: /i	Not applicable	Global	Not applicable
standalone.static.path	string	Specifies the path to the folder containing static resources required by APEX.	Not applicable	Global	Not applicable
standalone.stop.timeout	duration	Specifies the period for Standalone Mode to wait until it is gracefully shutdown. Default value: 10s (10 seconds)	15s	Global	Stop Timeout
apex.docTable	string	This parameter is deprecated, instead use owa.docTable parameter.	MYDOCTABLE	Pool specific	Not applicable
cache.metadata.timeout	Duration	Specifies the setting to determine for how long a metadata record remains in the cache. Longer duration means, it takes longer to view the applied changes. The formats accepted are based on the ISO-8601 duration format. Default value: 1s (1 second)	5m	Global	Metadata Cache Timeout
cache.metadata.enabled	boolean	Specifies the setting to enable or disable metadata caching. Supported values: true false Default value: true	false	Global	Metadata Caching Enabled
database.api.enabled	boolean	Specifies whether the Database API is enabled. Supported values: true false Default value: false	Not applicable	Global	Not applicable
db.connectionType	string	The type of connection. Supported values: basic tns customurl databaseToolsConnection for Database tools connections	databaseToolsConnection	Pool specific	Not applicable
db.databaseToolsConnection	string	Specifies the OCID of the pre-configured OCI database tools connection. Required for database tools type of connections.	ocid1.databasetoolsconnection.oc1.eu-frankfurt-1.amaaaaaa....	Pool specific	Not applicable
db.authProvider	string	Specifies the method of authentication to use. It can be one of oci-instance-principal or oci-profile. Defaults to oci-instance-principal. Optional for database tools type of connections.	oci-profile	Pool specific	Not applicable
db.ociProfile	string	Specifies the name of the profile in your OCI CLI configuration file for authentication. Defaults to DEFAULT. Optional for database tools type of connections, only used when the value of db.authProvider is set to oci-profile.	DEFAULT	Pool specific	Not applicable
db.customURL	string	Specifies the JDBC URL connection to connect to the database.	jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=myhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ora111.example.com)))	Pool specific	Not applicable
db.hostname	string	Specifies the host system for the Oracle database.	myhostname	Pool specific	Not applicable
db.password	string	Specifies the password of the specified database user	Not applicable	Pool specific secure setting	Not applicable
db.port	numeric	Specifies the database listener port.	1521	Pool specific	Not applicable
db.adminUser.password	string	Specifies the password for the database account that ORDS uses for administration operations in the database.	Not applicable	Pool specific secure setting	Not applicable
db.cdb.adminUser.password	string	Specifies the password for the database account that ORDS uses for the Pluggable Database Lifecycle Management.	Not applicable	Pool specific secure setting	Not applicable
db.servicename	string	Specifies the network service name of the database.	ora111.example.com	Pool specific	Not applicable
db.serviceNameSuffix	string	Specifies that the pool points to a CDB, and that the PDBs connected to that CDB should be made addressable by Oracle REST Data Services (see Making All PDBs Addressable by Oracle REST Data Services (Pluggable Mapping)).	apex_pu	Pool specific	Service Name Suffix
db.sid	string	Specifies the name of the database.	ora111	Pool specific	Not applicable
db.tnsAliasName	string	Specifies the TNS alias name that matches the name in the tnsnames.ora file.	MY_TNSALIAS	Pool specific	Not applicable
db.tnsDirectory	string	The directory location of your tnsnames.ora file.	C:\ORACLE\NETWORK\ADMIN	Pool specific	Not applicable
db.username	string	Specifies the name of the database user for the connection.	APEX_PUBLIC_USER	Pool specific	Not applicable
debug.printDebugToScreen	boolean	Specifies whether to display error messages on the browser. Supported values: true false Default value: false	false	Global	Print Debug to Screen
debug.printOWADebug	boolean	Specifies whether to display errors in PL/SQL gateway requests on the browser. If the value is set to true, then it overrides debug.printDebugToScreen value for PL/SQL gateway requests. Supported values: true false Default value: false	false	Pool specific	Print OWA Debug
error.responseFormat	string	Specifies how the HTTP error responses must be formatted. Supported values: html - Force all responses to be in HTML format json - Force all responses to be in JSON format auto - Automatically determines most appropriate format for the request (default) GraphQL - Force all responses to be formatted according to the GraphQL specification	json	Global	Error Response Format
error.externalPath	string	Specifies the path to a folder that contains the custom error page.	/path/to/error/pages/folder/	Global	External Error Path
icap.port	numeric	Specifies the Internet Content Adaptation Protocol (ICAP) port to virus scan files. Either icap.port or icap.secure.port are required to have a value.	1344	Global	ICAP Port
icap.secure.port	numeric	Specifies the Internet Content Adaptation Protocol (ICAP) port to virus scan files. Either icap.port or icap.secure.port are required to have a value. If values for both icap.port and icap.secure.port are provided, then the value of icap.port is ignored.	1344	Global	ICAP Secure Port
icap.server	string	Specifies the Internet Content Adaptation Protocol (ICAP) server name or IP address to virus scan files. The icap.server is required to have a value.	servername	Global	ICAP Server
jdbc.DriverType	string	Specifies the JDBC driver type. Supported values: thin oci8 Default value: thin	thin	Pool specific	JDBC Driver Type
jdbc.InactivityTimeout	numeric	Specifies how long an available connection can remain idle before it is closed. The inactivity connection timeout is in seconds. Defaults to 1800.	1800	Pool specific	JDBC Inactivity Timeout
jdbc.InitialLimit	numeric	Specifies the initial size for the number of connections that will be created. Defaults to 0. (The default is low, and should probably be set higher in most production environments.)	10	Pool specific	Not applicable
jdbc.MaxConnectionReuseCount	numeric	Specifies the maximum number of times to reuse a connection before it is discarded and replaced with a new connection. Defaults to 1000.	1000	Pool specific	Max Connection Reuse Count
jdbc.MaxLimit	numeric	Specifies the maximum number of connections. Defaults to 10. (Might be too low for some production environments.)	20	Pool specific	Not applicable
jdbc.auth.enabled	boolean	Specifies if the PL/SQL Gateway calls can be authenticated using database users. If the value is true then this feature is enabled. If the value is false, then this feature is disabled. The default value is false. Oracle recommends not to use this feature. This feature used only to facilitate customers migrating from mod_plsql.	false	Pool specific	Basic Auth Enabled
jdbc.MaxStatementsLimit	numeric	Specifies the maximum number of statements to cache for each connection. Defaults to 10.	10	Pool specific	Max Statements
jdbc.MinLimit	numeric	Specifies the minimum number of connections. Defaults to 2.	1	Pool specific	Not applicable
jdbc.statementTimeout	numeric	Specifies a timeout period on a statement. An abnormally long running query or script, executed by a request, may leave it in a hanging state unless a timeout is set on the statement. Setting a timeout on the statement ensures that all the queries automatically timeout if they are not completed within the specified time period. Defaults to 900.	900	Pool specific	Statement Timeout
misc.defaultPage	string	Specifies the default page to display. The Oracle REST Data Services Landing Page.	apex	Pool specific	Default Page
misc.pagination.maxRows	numeric	Specifies the maximum number of rows that will be returned from a query when processing a RESTful service and that will be returned from a nested cursor in a result set. Affects all RESTful services generated through a SQL query, regardless of whether the resource is paginated. Defaults to 10000.	300	Pool specific	Pagination Max Rows
owa.docTable	string	Specifies the name of the document table used by the file upload. Defaults to FLOWS_FILES.WWV_FLOW_FILE_OBJECTS$ value. Note: For APEX 4.x and above this parameter should not be used.	MYDOCTABLE	Pool specific	Document Table
procedure.postProcess	string	Specifies the procedure name(s) to execute after executing the procedure specified on the URL. Multiple procedure names must be separated by commas.	SCHEMA1.SUBMIT.REQUEST,FINISHTASK	Pool specific	Post-Process Procedure
procedure.preProcess	string	Specifies the procedure name(s) to execute prior to executing the procedure specified on the URL. Multiple procedure names must be separated by commas.	SCOTT.PREPROC1, INITIALIZE, PKG1.PROC	Pool specific	Pre-Process Procedure
procedure.rest.preHook	string	Specifies the function to be invoked prior to dispatching each Oracle REST Data Services based REST Service. The function can perform configuration of the database session, perform additional validation or authorization of the request. The function is invoked only after authorization has been granted to a protected resource. If the function returns true, then processing of the request continues. If the function returns false, then processing of the request is aborted and an HTTP 403 Forbidden status is returned. If authorization to the protected resource fails, the pre-hook function is not invoked. Instead, ORDS returns an HTTP 401 Unauthorized Response status code.	MYAPP.VALIDATE_REST_CALL	Pool specific	REST Pre-Hook Procedure
security.disableDefaultExclusionList	boolean	If this value is set to true, then the Oracle REST Data Services internal exclusion list is not enforced. Note: The Oracle REST Data Services internal exclusion list blocks the users from accessing the following sys packages: sys.* dbms_* utl_* owa_* owa.* htp.* htf.* wpg_docload.* Supported values: true false Default value: false Oracle recommends that you do not set this value to true. That is, do not disable the default internal exclusion list. The only possible exception is temporarily disabling the internal exclusion list for debugging purposes.	false	Global	Disable Default Exclusion List
security.exclusionList	string	Specifies a pattern for procedures, packages, or schema names which are forbidden to be directly executed from a browser. Procedure names can contain the wildcard characters asterisk (*) or question mark (?). Use an asterisk (*) to substitute zero or more characters and a question mark (?) to substitute for any one character. Note: Separate multiple patterns using commas.	customer_account,bank*, employe?	Global	Exclusion List
security.externalMappingPathPrefix	boolean	Enables the use of pool identifiers of a tenant database directly within the URL of the request when trying to access it through a remote configuration.	Not applicable	Global specific	Not applicable
security.inclusionList	string	Specifies a pattern for procedures, packages, or schema names which are allowed to be directly executed from a browser. Procedure names can contain the wildcard characters asterisk (*) or question mark (?). Use an asterisk (*) to substitute zero or more characters and a question mark (?) to substitute for any one character. Note: Separate multiple patterns using commas.	apex, p, v, f, wwv_*, y*, c*	Global	Inclusion List
security.maxEntries	numeric	Specifies the maximum number of cached procedure validations. Defaults to 2000. Set this value to 0 to force the validation procedure to be invoked on each request.	2000	Global	Max Cached Procedure Validations
security.requestAuthenticationFunction	string	Specifies an authentication function to determine if the requested procedure in the URL should be allowed or disallowed for processing. The function should return true if the procedure is allowed; otherwise, it should return false. If it returns false, Oracle REST Data Services will return WWW-Authenticate in the response header.	owa_custom.authorize	Pool specific	Request Authentication Function
security.requestValidationFunction	string	Specifies a validation function to determine if the requested procedure in the URL should be allowed or disallowed for processing. The function should return true if the procedure is allowed; otherwise, return false.	CHECK_VALID_PROCEDURE	Pool specific	Request Validation Function
security.verifySSL	boolean	Specifies whether HTTPS is available in your environment. Supported values: true false Default value: true If you change the value to false, see Using OAuth2 in Non-HTTPS Environments.	true	Global	Verify SSL
restEnabledSql.active	boolean	Specifies whether the REST-Enabled SQL service is active. Supported values: true false Default value: false	true	Pool specific	Not applicable
apex.security.developer.roles	string	Comma delimited list of additional roles to assign authenticated APEX developer type users. Default value: SQL Developer, OAuth Client Developer	Not applicable	Pool specific	APEX Security Developer Roles
db.idlePoolTimeout	duration	Specifies for how long to wait before destroying an idle pool.	Not applicable	Global	Idle Pool Timeout
feature.sdw.selfServiceSchema	boolean	Specifies enable self service schema feature. Default value: false	Not applicable	Pool specific	Self Service Schema Enabled
http.cookie.filter.byValue	string	Specifies a comma separated list of HTTP Cookie values to exclude when initializing an Oracle Web Agent environment.	Not applicable	Pool specific	HTTP Cookie Filter by Value
jdbc.ConnectionWaitTimeout	numeric	Specifies the wait time (in seconds) for a used connection to be released by a client. Default value: 3	Not applicable	Pool specific	JDBC Connection Wait Timeout
jdbc.MaxConnectionReuseTime	duration	Specifies the maximum time of a connection that can be reused before it is discarded and replaced with a new connection. Default value: 60s	Not applicable	Pool specific	Max Connection Reuse Time
jdbc.driverName	string	Specifies the name of the JDBC driver to use.	Not applicable	Pool specific	Driver Name
jdbc.ucp.enableJMX	boolean	Enables JMX-Based Management in UCP. Default value: true	Not applicable	Pool specific	UCP JMX Enabled
json.sdo.geometry.output.geojson	boolean	Specifies that SDO Geometry data must be returned in GeoJSON format. Default value: false	Not applicable	Pool specific	SDO Geometry Output GeoJSON
mongo.access.log	string	Specifies the path to the folder to store API for MongoDB access logs. If mongo.access.log is not specified, then the Mongo access log is not generated.	/path/to/mongo/logs	Global	MongoDB Access Log
mongo.enabled	boolean	Enables the API for MongoDB when set to true. Default value: false	true	Global	MongoDB Enabled
mongo.host	string	Comma separated list of host names or IP addresses to identify a specific network interface on which to listen. Default value: 0.0.0.0	example.com	Global	MongoDB Host
mongo.idle.timeout	duration	Specifies the maximum idle time for a connection. Default value (in minutes): 30m	45m	Global	MongoDB Idle Timeout
mongo.op.timeout	duration	The maximum time a single request will wait on a database operation. Default value (in minutes): 10m	15m	Global	MongoDB Operation Timeout
mongo.port	numeric	Specifies listen port of API for MongoDB Wire protocol. Default value: 27017	Not applicable	Global	MongoDB Port
mongo.tls	boolean	Enables TLS for the API for MongoDB. Note, disabling TLS is strongly discouraged as third parties may be able to observe credentials transmitted by MongoDB clients Default value: true	Not applicable	Global	MongoDB TLS
oracle.jdbc.vectorDefaultGetObjectType	string	Sets the default return type of getObject() methods when the column type is VECTOR. See Oracle JDBC documentation for more information. Default value: String	Not applicable	Pool specific	Vector Default Get Object Type
public.properties.url	string	Specifies the URL to retrieve the global public properties.	Not applicable	Global	Public Properties URL
security.externalHostMappingHeader	string	Indicates the header name for identifying a tenant database when trying to access it through a remote configuration.	Not applicable	Global	Not applicable
security.externalSessionTrustedOrigins	string	Specifies a comma separated list of origins that are trusted to make Cross-Origin Resource Sharing (CORS) request. If this setting is empty or not configured, then no CORS requests are allowed for the PL/SQL gateway and results in a 403 Unauthorized status.	Not applicable	Global	External Session Trusted Origins
security.httpsHeaderCheck	string	Specifies the HTTP request header and value that indicates to ORDS the initial client request was received by a Load Balancer / Reverse Proxy over HTTPS even if the request received by ORDS was sent over HTTP.	X-Forwarded-Proto: https	Global	HTTPS Header Check
security.host.headers	string	Specifies the comma-delimited list of the allowed host names for the requests made to ORDS.	Not applicable	Global	Allowed Host Headers
security.par.enabled	boolean	Enables or disables the PAR feature. Default value: true	Not applicable	Pool specific	PAR Enabled
standalone.access.log.retainDays	numeric	Specifies the number of days before the rotated access log files are deleted. Default value (in days): 90	Not applicable	Global	Access Log Retention Days

See Also:

SODA Entries In ORDS Configuration File