To configure REST API you need to edit the frontend configuration file app/config/frontend.ini.php, for example

$config['api'] = array(
    'baseUrl' => '/api/v1',
    'allowedOrigins' => array(),
    'auth' => array(
        'component' => 'MyCustomAuth',
        'JWT' => array(
            'expiresIn' => 600,
            'alg' => 'HS256'
    'formatting' => array(
        'fields' => array(
            // fields that should be removed from results
            'remove' => array(
                'Category' => array('name')
            // fields (removed by default) that should be kept
            'keep' => array(
                'Category' => array('object_type_id', 'priority')
    'validation' => array(
        'writableObjects' => array('document', 'event'),
        'allowedUrlParams' => array(
           'endpoint_name' => array('param_one', 'param_two')

Possible configuration params are:

  • baseUrl the base url of REST API. Every request done to baseUrl will be handled as an API REST request via routing rules

  • allowedOrigins define which origins are allowed. Leave empty to allow all origins

  • auth contains authentication configurations:

  • component define the name of auth component to use. By default ApiAuth Component is used

  • JWT define some options used in Json Web Token authentication as the “expires in” time (in seconds) and the hashing algorithm to use

  • formatting permits to setup some fomatting rules as object fields to remove or to keep

  • validation setup some validation rules used generally in write operations or to validate request and data: