Admin API Settings

Version 22.0.8342


Admin API Settings

Version 22.0.8342


The Admin API tab of the Settings page allows you to control settings related to the CData Sync API. It contains three sections:

  • Trusted IP Addresses
  • Cross-Origin Resource Sharing (CORS)
  • Other Settings

Trusted IP Addresses

This section defines the IP addresses that are allowed to make connections to the CData Sync API. The following functions are available:

  • Add Opens a modal to enter a new IP address range.
  • Edit Opens a modal to modify the selected IP address range.
  • Delete Deletes the selected IP address range from the list.

The following restrictions apply to this feature:

  • localhost is always allowed to access the CData Sync API. This cannot be changed.
  • Ranges are supported. For example, the entry 100.10.100.1-15 indicates that IP addresses between 100.10.100.1 and 100.10.100.15 are allowed. Any IP addresses outside of that range are rejected.
  • Wildcard patterns are supported. For example, the entry 100.10.100.* indicates that IP addresses beginning with 100.10.100 are allowed. Any IP addresses outside of that range are rejected.

Cross-Origin Resource Sharing (CORS)

CORS allows browser-based clients to connect to the CData Sync. Without CORS, browser-based scripts cannot connect to the Sync API because of the same-origin policy enforced by the browser. This policy restricts client-side scripts and documents from loading resources outside their origin. The origin of a script consists of the protocol, host, and port.

If you enable CORS, you can use the following options to configure it:

  • Allow all domains without ‘*‘: When this option is enabled, Sync allows any origin passed by the client by returning that origin in the Access-Control-Allow-Origin header.
  • Access-Control-Allow-Origin: Enter the origins for which Sync will participate in CORS. Sync returns these origins in the Access-Control-Allow-Origin header. When this is set to ‘*’, Sync allows any origin and pass ‘*’ in the Access-Control-Allow-Origin header. This is suitable for public APIs.
  • Access-Control-Allow-Methods: Enter a comma-separated list of allowed methods.
  • Access-Control-Allow-Headers: Enter a comma-separated list of headers that can be used in requests made by the script.
  • Access-Control-Allow-Credentials: Set this to true if you want to require that clients provide credentials.
  • Access-Control-Max-Age: Enter the number of seconds the user agent can cache preflight requests.

Other Settings

See Authentication for information about the Allow Authtoken in URL setting in this section.