# System Configuration You can set several configuration variables for the Appmixer engine through the Backoffice. We'll specify which variables can be configured in this section. ### Using the System section You can find the *System* section in the left menu. When you click it, you will see a screen like this: ![System Configuration](https://1411580035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2wQccpxu7ZEfAoEgdnOc%2Fuploads%2FRVnll6nYOTB0ftYoGyBk%2FAppmixer_Backoffice.png?alt=media\&token=599d9cab-072a-4765-b8b2-75449b579695) There is a table with a list of the variables already defined. Each variable has the options for viewing in detail, editing, and removing. You can also add a new configuration option using the "Add" button on the top right. Then a new row will be created with the key and value inputs for you to fill in. ### Possible configuration values Here is a list of the possible configuration values, a short explanation for each of them, and their default value (the value that Appmixer uses, in case it is not defined anywhere):

Key	Detail	Default value	Needs restart
API_USER_CREATE_SCOPE	By default, the POST /user API is open to enable the sign-in feature for everyone. This option can restrict the access to this endpoint. It takes a list of scopes (comma-separated). If the value is not null, then a JWT token has to be used to call this API. Typically, the value is set to `admin`.	null	true
APP_NAME	This will for example appear in the head title of a sign-in popup for Api Key services.	Appmixer	false
DEFAULT_USER_VENDOR	Vendor assigned to newly created users.	No value	false
AUTH_POPUP_DISPLAY_ERR	Whether to display validation errors from the authentication modules.	true	false
AUTH_POPUP_TIMEOUT_ERR	How many seconds before automatically closing the Connecting Account Failed popup window.	5	false
BROKER_MESSAGE_ACK_TIMEOUT	Timeout for message processing.	1500000	false
COMPONENT_FACTORY_TIMEOUT	An attempt to create a component will fail after this timeout.	300000	false
COMPONENT_RECEIVE_TIMEOUT	A message will be retried if the receive() function does not return within this timeout.	1380000	false
DISPATCHER_PREFETCH_COUNT	The maximum number of Rabbit messages being dispatched at the same time.	500	true
INPUT_QUEUE_PREFETCH_COUNT	The maximum number of outgoing Rabbit messages waiting for aknowledgement at the time in the Input Queue. Subsequent incoming messages will not be sent until pending messages are aknowledged.	300	true
LIMIT_FLOW_UPDATE_BYTES	The max size in bytes of a flow descriptor to be able to be saved.	2097152	false
LIMIT_CC_ARCHIVE_MAX_BYTES	Maximum size in bytes for custom components.	10485760	false
LIMIT_WEBHOOK_BYTES	Maximum payload size in bytes for webhook components.	1048576	false
LIMIT_COMPONENT_STATIC_CALL_MAX_BYTES	Maximum size in bytes of the payload for component static calls.	104857600	false
PUBLIC_FILES_PREFIX	Public files (needed usually for domain verification) can be served from different paths. Path prefixes have to be separated by `:`	`/:/.well-known`	true
RETRY_INIT_EXP	In case of an error, message for a Component is rescheduled for another attempt. Backoff strategy is used. This retryInitExpiration is the initial value for the backoff, it says after how many milliseconds the first attempt after a failure is going to happen.	60000	true
RETRY_MAX_COUNT	How many times does the engine try to process the message before rejecting it forever (and moving into the Unprocessed Messages collection).	30	true
RETRY_MAX_EXP	Maximum interval in milliseconds between retry attempts.	3600000	true
STRICT_COOKIES	If set to true, the engine will reject any incoming HTTP requests that have cookies that don't comply with the HTTP cookies RFC specification.	true	true
WEBHOOK_PREFETCH_COUNT	This is for webhooks from Appmixer to registered URLs. This is the amount of webhook messages that will be processing at a time.	50	true
WEBHOOK_RETRY_COUNT	Number of times that Appmixer will retry sending a webhook. Applies for all webhooks.	20	false
WEBHOOK_RETRY_INTERVAL	Initial interval in milliseconds for retries. Subsequent retries will take longer (multiplied by an internal factor).	30000	false
WEBHOOK_RETRY_MAX	Maximum interval in milliseconds between retries.	1800000	false
WEBHOOK_REQUEST_TIMEOUT	Timeout in milliseconds for webhook component requests.	10000	false
WEBHOOK_USER_CREATED	URL that will be called when new user is created (sign-up).	No value	false
WEBHOOK_FLOW_COMPONENT_ERROR	URL that will be called when a running flow encounters an error.	No value	false

Setting some configuration values won't take effect immediately, but the Appmixer engine needs to be restarted. ### Forgot Password Service Appmixer engine has an [API](https://docs.appmixer.com/6.0/5.1/api/user#forgot-password) to reset forgotten passwords. This works together with the Appmixer Frontend application (not the Appmixer SDK), if you use the frontend application, you can set up the forgot password service. ![](https://1411580035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2wQccpxu7ZEfAoEgdnOc%2Fuploads%2FiKcI0jZCdsgi6ZIpzql6%2FAppmixer.png?alt=media\&token=e2759f34-2c7a-4f51-801f-db0559d4b7da) In order to create a link that can be sent to the user, the Appmixer engine needs to know the frontend URL, there are two variables that can be set for that:

Key	Detail	Default value	Required
APPMIXER_FE_URL	The Frontned URL	http://localhost:8080	false
RESET_PASSWORD_FE_URL_SUFFIX	URL path with the reset password form	reset-password	false

Without any changes, the *link* will be . ![](https://1411580035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2wQccpxu7ZEfAoEgdnOc%2Fuploads%2FvDn8MKgf7IWDosn4zOVt%2FAppmixer.png?alt=media\&token=6d1e0c0d-6622-45d1-bbb3-8082a621517c) That link has to be then delivered to the user. There are two ways this can be done: #### Webhook You can register a system webhook that will be triggered every time a user requests to change their password. The webhook URL can be registered under the key WEBHOOK\_USER\_FORGOT\_PASSWORD and the JSON object sent to that URL will be: ```json { "code": 'unique code generated for identifying forgot password request', "email": 'email address of the user', "userId": 'User Id', "created": 'date when a user requested for forgot password', "link": 'Link to access forgot password page on the frontend' } ``` You can use Appmixer to create a simple flow, that would send emails with the *reset password* link. ![](https://1411580035-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2wQccpxu7ZEfAoEgdnOc%2Fuploads%2FxZnd8hU6wWsjlw7B8i94%2FAppmixer.png?alt=media\&token=d6e165e9-b856-4c6a-b14a-72d67c46fbec) #### SMTP The other way is to configure the SMTP server, Appmixer will then send an email with the reset password link to the user's email address.

Key	Detail	Default value	Required
MAIL_SMTP_HOST	SMTP server address		true
MAIL_SMTP_PORT	SMTP server port	465	false
MAIL_SMTP_USER	username		true
MAIL_SMTP_PASS	password		true
MAIL_FROM_NAME	Sender name	Appmixer	false
MAIL_FROM_EMAIL	Sender email	info@appmixer.com	false
FORGOT_PASSWORD_MAIL_SUBJECT	Reset password email subject.	Reset your password	false
FORGOT_PASSWORD_MAIL_BODY	The reset password email body.	See below	false

The default email body: ```

Hi,

You have requested to reset your password. Please click on the link below to reset your password.

Reset Password

If you are unable to click on the link, please copy and paste the following link into your browser:

``` {% hint style="info" %} If the forgot password webhook is configured as explained above, the Appmixer engine will not send the email to the user and it will trigger the webhook instead. {% endhint %}