Admin API Settings
Admin API Settings
The Admin API tab of the Settings page allows you to control settings related to the CData Sync API. It contains three sections:
- Trusted IP Addresses
- Cross-Origin Resource Sharing (CORS)
- Other Settings
Trusted IP Addresses
This section defines the IP addresses that are allowed to make connections to the CData Sync API. The following functions are available:
- Add Opens a modal to enter a new IP address range.
- Edit Opens a modal to modify the selected IP address range.
- Delete Deletes the selected IP address range from the list.
The following restrictions apply to this feature:
localhostis always allowed to access the CData Sync API. This cannot be changed.
- Ranges are supported. For example, the entry
22.214.171.124-15indicates that IP addresses between
126.96.36.199are allowed. Any IP addresses outside of that range are rejected.
- Wildcard patterns are supported. For example, the entry
100.10.100.*indicates that IP addresses beginning with
100.10.100are allowed. Any IP addresses outside of that range are rejected.
Cross-Origin Resource Sharing (CORS)
CORS allows browser-based clients to connect to the CData Sync. Without CORS, browser-based scripts cannot connect to the Sync API because of the same-origin policy enforced by the browser. This policy restricts client-side scripts and documents from loading resources outside their origin. The origin of a script consists of the protocol, host, and port.
If you enable CORS, you can use the following options to configure it:
- Allow all domains without ‘*‘: When this option is enabled, Sync allows any origin passed by the client by returning that origin in the Access-Control-Allow-Origin header.
- Access-Control-Allow-Origin: Enter the origins for which Sync will participate in CORS. Sync returns these origins in the Access-Control-Allow-Origin header. When this is set to ‘*’, Sync allows any origin and pass ‘*’ in the Access-Control-Allow-Origin header. This is suitable for public APIs.
- Access-Control-Allow-Methods: Enter a comma-separated list of allowed methods.
- Access-Control-Allow-Headers: Enter a comma-separated list of headers that can be used in requests made by the script.
- Access-Control-Allow-Credentials: Set this to true if you want to require that clients provide credentials.
- Access-Control-Max-Age: Enter the number of seconds the user agent can cache preflight requests.
See Authentication for information about the Allow Authtoken in URL setting in this section.