Admin API 設定


Admin API 設定


The Admin API tab of the Settings page allows you to control settings related to the CData Sync API. It contains three sections:

  • Trusted IP Addresses
  • Cross-Origin Resource Sharing (CORS)
  • Other Settings

Trusted IP Addresses

This section defines the IP addresses that are allowed to make connections to the CData Sync API. The following functions are available:

  • Add Opens a modal to enter a new IP address range.
  • Edit Opens a modal to modify the selected IP address range.
  • Delete Deletes the selected IP address range from the list.

The following restrictions apply to this feature:

  • localhost is always allowed to access the CData Sync API. This cannot be changed.
  • Ranges are supported. For example, the entry 100.10.100.1-15 indicates that IP addresses between 100.10.100.1 and 100.10.100.15 are allowed. Any IP addresses outside of that range are rejected.
  • Wildcard patterns are supported. For example, the entry 100.10.100.* indicates that IP addresses beginning with 100.10.100 are allowed. Any IP addresses outside of that range are rejected.

Cross-Origin Resource Sharing (CORS)

CORS allows browser-based clients to connect to the CData Sync. Without CORS, browser-based scripts cannot connect to the Sync API because of the same-origin policy enforced by the browser. This policy restricts client-side scripts and documents from loading resources outside their origin. The origin of a script consists of the protocol, host, and port.

If you enable CORS, you can use the following options to configure it:

  • Allow all domains without ‘*‘: When this option is enabled, Sync allows any origin passed by the client by returning that origin in the Access-Control-Allow-Origin header.
  • Access-Control-Allow-Origin: Enter the origins for which Sync will participate in CORS. Sync returns these origins in the Access-Control-Allow-Origin header. When this is set to ‘*’, Sync allows any origin and pass ‘*’ in the Access-Control-Allow-Origin header. This is suitable for public APIs.
  • Access-Control-Allow-Methods: Enter a comma-separated list of allowed methods.
  • Access-Control-Allow-Headers: Enter a comma-separated list of headers that can be used in requests made by the script.
  • Access-Control-Allow-Credentials: Set this to true if you want to require that clients provide credentials.
  • Access-Control-Max-Age: Enter the number of seconds the user agent can cache preflight requests.

Other Settings

See Authentication for information about the Allow Authtoken in URL setting in this section.