Skip to main content

Admin panel configuration

The ./config/admin.js is used to define admin panel configuration for the Strapi application.

Available options

The ./config/admin.js file can include the following parameters:

ParameterDescriptionTypeDefault
apiToken.saltSalt used to generate API tokensstringRandom string
authAuthentication configurationobject-
auth.secretSecret used to encode JWT tokensstringundefined
auth.optionsOptions object passed to jsonwebtokenobject-
auth.options.expiresInJWT expire time used in jsonwebtokenobject30d
auth.eventsRecord of all the events subscribers registered for the authenticationobject{}
auth.events.onConnectionSuccessFunction called when an admin user log in successfully to the administration panelfunctionundefined
auth.events.onConnectionErrorFunction called when an admin user fails to log in to the administration panelfunctionundefined
urlUrl of your admin panel. Default value: /admin. Note: If the url is relative, it will be concatenated with url.string/admin
autoOpenEnable or disabled administration opening on start.booleantrue
watchIgnoreFilesAdd custom files that should not be watched during development. See more here (property ignored).array(string)[]
hostUse a different host for the admin panel. Only used along with strapi develop --watch-adminstringlocalhost
portUse a different port for the admin panel. Only used along with strapi develop --watch-adminstring8000
serveAdminPanelIf false, the admin panel won't be served. Note: the index.html will still be served, see defaultIndex optionbooleantrue
forgotPasswordSettings to customize the forgot password email (see Forgot Password Email)object{}
forgotPassword.emailTemplateEmail template as defined in email pluginobjectDefault template
forgotPassword.fromSender mail addressstringDefault value defined in your provider configuration
forgotPassword.replyToDefault address or addresses the receiver is asked to reply tostringDefault value defined in your provider configuration
rateLimitSettings to customize the rate limiting of the admin panel's authentication endpoints, additional configuration options come from koa2-ratelimitobject{}
rateLimit.enabledEnable or disable the rate limiterbooleantrue
rateLimit.intervalTime window for requests to be considered as part of the same rate limiting bucketobject{ min: 5 }
rateLimit.maxMaximum number of requests allowed in the time windowinteger5
rateLimit.delayAfterNumber of requests allowed before delaying responsesinteger1
rateLimit.timeWaitTime to wait before responding to a request (in milliseconds)integer3000
rateLimit.prefixKeyPrefix for the rate limiting keystring${userEmail}:${ctx.request.path}:${ctx.request.ip}
rateLimit.whitelistArray of IP addresses to whitelist from rate limitingarray(string)[]
rateLimit.storeRate limiting storage location (Memory, Sequelize, or Redis) and for more information please see the koa2-ratelimit documentationobjectMemoryStore

Configurations

The ./config/admin.js file should at least include a minimal configuration with required parameters for authentication and API tokens. Additional parameters can be included for a full configuration.

note

Environmental configurations (i.e. using the env() helper) do not need to contain all the values so long as they exist in the default ./config/server.js.

The default configuration created with any new project should at least include the following:

./config/admin.js

module.exports = ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
  auth: {
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
});