Admin panel configuration

The ./config/admin.js is used to define admin panel configuration for the Strapi application.

Available options

The ./config/admin.js file can include the following parameters:

Parameter	Description	Type	Default
apiToken.salt	Salt used to generate API tokens	string	Random string
auditLogs.enabled	Enable or disable the Audit Logs feature	boolean	true
auditLogs.retentionDays	How long Audit Logs are kept, in days. The behavior differs for self-hosted vs. Strapi Cloud customers, see the note under the table.	integer	90
auth	Authentication configuration	object	-
auth.secret	Secret used to encode JWT tokens	string	undefined
auth.domain	Domain used within the cookie for SSO authentication (Enterprise only)	string	undefined
auth.providers	List of authentication providers used for SSO (Enterprise only, see SSO)	array(object)	-
auth.options	Options object passed to jsonwebtoken	object	-
auth.options.expiresIn	JWT expire time used in jsonwebtoken	object	30d
auth.events	Record of all the events subscribers registered for the authentication	object	{}
auth.events.onConnectionSuccess	Function called when an admin user log in successfully to the administration panel	function	undefined
auth.events.onConnectionError	Function called when an admin user fails to log in to the administration panel	function	undefined
url	Url of your admin panel. Default value: /admin. Note: If the url is relative, it will be concatenated with url.	string	/admin
autoOpen	Enable or disable administration opening on start.	boolean	true
watchIgnoreFiles	Add custom files that should not be watched during development. See more here (property ignored).	array(string)	[]
host	Use a different host for the admin panel. Only used along with strapi develop --watch-admin	string	localhost
port	Use a different port for the admin panel. Only used along with strapi develop --watch-admin	string	8000
serveAdminPanel	If false, the admin panel won't be served. Note: the index.html will still be served, see defaultIndex option	boolean	true
forgotPassword	Settings to customize the forgot password email (see Forgot Password Email)	object	{}
forgotPassword.emailTemplate	Email template as defined in email plugin	object	Default template
forgotPassword.from	Sender mail address	string	Default value defined in your provider configuration
forgotPassword.replyTo	Default address or addresses the receiver is asked to reply to	string	Default value defined in your provider configuration
rateLimit	Settings to customize the rate limiting of the admin panel's authentication endpoints, additional configuration options come from koa2-ratelimit	object	{}
rateLimit.enabled	Enable or disable the rate limiter	boolean	true
rateLimit.interval	Time window for requests to be considered as part of the same rate limiting bucket	object	{ min: 5 }
rateLimit.max	Maximum number of requests allowed in the time window	integer	5
rateLimit.delayAfter	Number of requests allowed before delaying responses	integer	1
rateLimit.timeWait	Time to wait before responding to a request (in milliseconds)	integer	3000
rateLimit.prefixKey	Prefix for the rate limiting key	string	${userEmail}:${ctx.request.path}:${ctx.request.ip}
rateLimit.whitelist	Array of IP addresses to whitelist from rate limiting	array(string)	[]
rateLimit.store	Rate limiting storage location (Memory, Sequelize, or Redis) and for more information please see the koa2-ratelimit documentation	object	MemoryStore
transfer.token.salt	Salt used to generate Transfer tokens. If no transfer token salt is defined, transfer features will be disabled.	string	Random string

✏️ Retention days for self-hosted vs. Strapi Cloud users

For Strapi Cloud customers, the auditLogs.retentionDays value stored in the license information is used, unless a smaller retentionDays value is defined in the config/admin.js|ts configuration file.

Configurations

The ./config/admin.js file should at least include a minimal configuration with required parameters for authentication and API tokens. Additional parameters can be included for a full configuration.

✏️ Note

Environmental configurations (i.e. using the env() helper) do not need to contain all the values so long as they exist in the default ./config/server.js.

Minimal configuration

The default configuration created with any new project should at least include the following:

JavaScript

./config/admin.js

module.exports = ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
  auditLogs: { // only accessible with an Enterprise plan
    enabled: env.bool('AUDIT_LOGS_ENABLED', true),
  },
  auth: {
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
  transfer: { 
    token: { 
      salt: env('TRANSFER_TOKEN_SALT', 'anotherRandomLongString'),
    } 
  },
});

TypeScript

./config/admin.ts

export default ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
   auditLogs: { // only accessible with an Enterprise plan
    enabled: env.bool('AUDIT_LOGS_ENABLED', true),
  },
  auth: {
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
  transfer: { 
    token: { 
      salt: env('TRANSFER_TOKEN_SALT', 'anotherRandomLongString'),
    } 
  },
});

Full configuration

JavaScript

./config/admin.js

module.exports = ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
  auditLogs: { // only accessible with an Enterprise plan
    enabled: env.bool('AUDIT_LOGS_ENABLED', true),
    retentionDays: 120,
  },
  auth: {
    events: {
      onConnectionSuccess(e) {
        console.log(e.user, e.provider);
      },
      onConnectionError(e) {
        console.error(e.error, e.provider);
      },
    },
    options: {
      expiresIn: '7d',
    },
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
  url: env('PUBLIC_ADMIN_URL', '/dashboard'),
  autoOpen: false,
  watchIgnoreFiles: [
    './my-custom-folder', // Folder
    './scripts/someScript.sh', // File
  ],
  host: 'localhost', // Only used for --watch-admin
  port: 8003, // Only used for --watch-admin
  serveAdminPanel: env.bool('SERVE_ADMIN', true),
  forgotPassword: {
    from: 'no-reply@example.com',
    replyTo: 'no-reply@example.com',
  },
  rateLimit: {
    interval: { hour: 1, min: 30 },
    timeWait: 3*1000,
    max: 10,
  },
  transfer: { 
    token: { 
      salt: env('TRANSFER_TOKEN_SALT', 'anotherRandomLongString'),
    } 
  },
});

TypeScript

./config/admin.ts

export default ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
  auditLogs: { // only accessible with an Enterprise plan
    enabled: env.bool('AUDIT_LOGS_ENABLED', true),
    retentionDays: 120,
  },
  auth: {
    events: {
      onConnectionSuccess(e) {
        console.log(e.user, e.provider);
      },
      onConnectionError(e) {
        console.error(e.error, e.provider);
      },
    },
    options: {
      expiresIn: '7d',
    },
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
  url: env('PUBLIC_ADMIN_URL', '/dashboard'),
  autoOpen: false,
  watchIgnoreFiles: [
    './my-custom-folder', // Folder
    './scripts/someScript.sh', // File
  ],
  host: 'localhost', // Only used for --watch-admin
  port: 8003, // Only used for --watch-admin
  serveAdminPanel: env.bool('SERVE_ADMIN', true),
  forgotPassword: {
    from: 'no-reply@example.com',
    replyTo: 'no-reply@example.com',
  },
  rateLimit: {
    interval: { hour: 1, min: 30 },
    timeWait: 3*1000,
    max: 10,
  },
  transfer: { 
    token: { 
      salt: env('TRANSFER_TOKEN_SALT', 'anotherRandomLongString'),
    } 
  },
});