GET https://[SERVICE URL].com/imsg-service/v1/callback
Callback from IMAS login
| Name | Type | Description |
|---|---|---|
GET https://[SERVICE URL].com/imsg-service/v1/health
Health status
GET https://[SERVICE URL].com/imsg-service/v1/login
Trigger login flow
GET https://[SERVICE URL].com/imsg-service/v1/token-is-set
Check if request contains IMID token
GET https://[SERVICE URL].com/imsg-service/v1/units
List all units a subject belongs to
GET https://[SERVICE URL].com/imsg-service/v1/org/{org}/login
Trigger login flow
POST https://[SERVICE URL].com/imsg-service/v1/logout
Log out
POST https://[SERVICE URL].com/imsg-service/v1/unit
Set preferred unit
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
imid_token
string
IM ID JWT
serviceCallback
string
Where to redirect client after login
callback*
string
Where to redirect client after login
org*
string
Which org to login with
callback*
string
Where to redirect client after login
callback
string
Where to redirect client after logout
unit
string
Preferred unit
#Environment variables ##Environment variables
ANALYTICS_BATCH_INTERVALAnalytics batch interval
How long to wait before sending batched analytics events to Google Analytics if batch size has not been exceeded.
| Type | Required | Alias |
|---|---|---|
Default value:
Example value:
ANALYTICS_BATCH_SIZEAnalytics batch size
How many analytics events to batch before sending data to Google Analytics. Max 20.
| Type | Required | Alias |
|---|---|---|
Default value:
Example value:
AWS_USE_EMPTY_CREDENTIALSUse empty AWS credentials
Set to true to use empty credentials for AWS. Only set if you use AWS mocks that do not require credentials.
Example value:
CORS_ALLOWED_ADDITIONAL_HEADERSCORS allowed additional headers
Any extra headers (other than Accept,Authorization,Content-Type,If-None-Match) used by the service that should be allowed when CORS in IMSG is activated.
Default value:
Example value:
CORS_ALLOWED_ORIGINSCORS allowed origins
Origins that should be allowed by Access-Control-Allow-Origin. This will override the service's CORS configuration
Default value:
Example value:
CORS_ALLOW_ANY_HEADERSCORS allow any headers
Allow any headers in CORS. This will reflect the value of access-control-request-headers into the response access-control-allow-headers. Use with care.
Example value:
ECS_CONTAINER_METADATA_FILEDo not set manually. Filepath to the ECS container metadata file. Set automatically by ECS if ECS_ENABLE_CONTAINER_METADATA is set.
Example value:
ENABLE_API_DOCUMENTATIONSet to true to enable Swagger API documentation
Example value:
FIREHOSE_ACCESS_KEYIAM user access key
The access key for the IAM user connected to the specific Firehose stream.
Example value:
FIREHOSE_AWS_REGIONAWS region
The aws region where the Firehose is install at
Example value:
FIREHOSE_HOST_PATHFirehose host path
The host path to where the Firehose is installed. Mostly used in testing
Example value:
FIREHOSE_SECRET_KEYIAM user secret key
The secret key for the IAM user connected to the specific Firehose stream.
Example value:
FIREHOSE_STREAM_NAMEFirehose stream name
The chosen name of the Firehose Delivery stream to send data to.
Example value:
GRACE_PERIOD_TTLState API grace period
How long to stay in grace once connection to the state API is lost. Defaults to 60 minutes.
Default value:
Example value:
IMAS_URLIMAS URL
URL to IMAS
Example value:
IMID_COOKIE_DOMAINSIMID cookie domains
Domains to restrict the IMID cookies to. Usually infomaker.io
Default value:
Example value:
IMID_COOKIE_PREFIXIMID cookie prefix
Prefix to apply to IMID token cookie. Defaults to none.
Ex. if set to "dev", the cookie name will be "dev_imidToken"
In production this should always be unset.
Example value:
IMID_COOKIE_SAME_SITEIMID cookie SameSite
Sets the SameSite directive on the IMID token cookie. Defaults to Lax. If set to 'none', the SameSite` directive will not be set.
In production this should always be unset or set to lax`
Default value:
Example value:
IMID_COOKIE_SECUREIMID cookie Secure
If the Secure flag should be set on the IMID token cookie. Defaults to true.
In production this should always be unset or set to true
Default value:
Example value:
IM_LOG_LEVELLog level
Log level used by Bunyan. See Bunyan docs - Levels for details
Default value:
Example value:
IM_LOG_NAMELog name
Log name used by Bunyan. See Bunyan docs - Introduction for details
Default value:
Example value:
INCLUDE_GROUPS_IN_SERVICE_TOKENWill perserve the groups claim from IMID token in the Service Token
Example value:
INCLUDE_IMID_TOKEN_IN_REQUESTInclude IMID token in request
If enabled, authenticated requests to the service will contain the IMID token in the x-imid-token header. Note: Always make sure this header is never exposed. Only enable if access to the IMID token is necessary.
Example value:
INTERNAL_SERVICE_URLInternal service URL
URL where the service protected by IMSG can be reached
Example value:
LEGACY_MODE_ONLY_INCLUDE_UNITS_WITH_EXPLICITLY_MAPPED_PERMISSIONS_IN_SERVICE_TOKENShould only be set for legacy services not yet updated. If set, units without explicit permissions will not be included in the service token and org permissions for those units are ignored.
Example value:
ONLY_ACCEPT_ID_TOKENSOnly accept ID tokens
If enabled, only ID tokens will be accepted as valid tokens. Access tokens will be rejected with an invalid token type error.
Example value:
PORTHTTP port
Port to run the HTTP server on
Example value:
REFRESH_BACKOFF_TIMEOUTModify refresh backoff timeout
Do not modify unless for tests. Changes the default backoff time when refresh fails with other than 403 error.
Default value:
Example value:
SERVICE_ADMIN_INFOMAKER_GROUPSService admin Infomaker groups
Infomaker groups which should make subscribers service admininstrator for this service.
Default value:
Example value:
SERVICE_MAINTAINERService maintainer
Email or name used to identify who is responsible for the service.
Default value:
Example value:
SERVICE_NAMEService name
Name of the service protected by IMSG
Default value:
Example value:
SERVICE_TOKEN_SIGN_SECRETService token secret
Shared secret between IMSG and the service protected by IMSG
Example value:
STATE_API_READ_SECRETInternal API secret
Secret used to access state API.
Example value:
STATE_API_STARTUP_TIMEOUTState API grace period
How long to wait for startup before timing out.
Example value:
STATE_API_URLAWS region
URL to state API.
Example value:
TELEMETRY_API_URLTelemetry API URL
URL to telemetry API
Example value:
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
| Type | Required | Alias |
|---|---|---|
Milliseconds (integer)
False
Integer
False
Boolean
False
Comma separated values (string)
False
Comma separated values (string)
False
Boolean
False
String
False
Boolean
False
String
False
String
False
String
False
String
False
String
False
Milliseconds (integer)
False
String
True
Comma separated values (string)
False
IMID_COOKIE_DOMAIN, IMID_TOKEN_COOKIE_DOMAIN
String
False
Enum (string) [Strict, Lax, false]
False
Boolean
False
Enum (string) [trace, debug, info, warn, error, fatal]
False
String
False
SERVICE_NAME
Boolean
False
Boolean
False
String
True
Boolean
False
Boolean
False
Integer
True
Milliseconds (integer)
False
Comma separated values (string)
False
String
False
String
False
String
True
String
True
Milliseconds (integer)
True
String
True
String
False