Select release
Introduction

Home

Installation

Configuration

Integration

Migration Instructions

API Reference

General Principles

Admin API

Audit API

Authentication API

Communication API

Operations API

Registrations API

Reference

Callbacks API (Webhooks)

Configuration Properties

Database Structure

Internal Architecture

Additional Topics

Database Setup for PostgreSQL

Database Setup for Oracle

Database Setup for MSSQL

Examples

Examples of Operation Types

Configuration Properties

View product develop

You can set the following configurations to the PowerAuth Cloud components:

PowerAuth Server

Environment Variable Default Value Description
POWERAUTH_SERVER_JPA_CHARSET utf8  
POWERAUTH_SERVER_JPA_CHARACTER_ENCODING utf8  
POWERAUTH_SERVER_JPA_USE_UNICODE true  
POWERAUTH_SERVER_JPA_LOCK_TIMEOUT 10000 Database lock timeout configuration
POWERAUTH_SERVER_DATASOURCE_JNDI_NAME false  
POWERAUTH_SERVER_SPRING_JMX_ENABLED false  
POWERAUTH_SERVER_SPRING_JMX_DEFAULT_DOMAIN powerauth-server  
POWERAUTH_SERVER_HTTP_PROXY_ENABLED false  
POWERAUTH_SERVER_HTTP_PROXY_HOST 127.0.0.1 Proxy host
POWERAUTH_SERVER_HTTP_PROXY_PORT 8080 Proxy port
POWERAUTH_SERVER_HTTP_PROXY_USERNAME   Proxy username
POWERAUTH_SERVER_HTTP_PROXY_PASSWORD   Proxy password
POWERAUTH_SERVER_HTTP_CONNECTION_TIMEOUT 5000 Service connect timeout in milliseconds
POWERAUTH_SERVER_TOKEN_TIMESTAMP_VALIDITY 7200000 Token timestamp validity in milliseconds
POWERAUTH_SERVER_RESTRICT_ACCESS false Whether access to the REST API is restricted
POWERAUTH_SERVER_ACTIVATION_VALIDITY_MILLIS 120000 Default expiration period for activations
POWERAUTH_SERVER_RECOVERY_MAX_FAILED_ATTEMPTS 5 Maximum failed attempts for activation recovery
POWERAUTH_SERVER_DB_MASTER_ENCRYPTION_KEY   Master DB encryption key
POWERAUTH_SERVER_SECURE_VAULT_ENABLE_BIOMETRY false Whether biometry is enabled in Secure Vault
POWERAUTH_SERVER_APPLICATION_NAME powerauth-server  
POWERAUTH_SERVER_APPLICATION_DISPLAY_NAME PowerAuth Server  
POWERAUTH_SERVER_APPLICATION_ENVIRONMENT   Application environment exposed in status endpoint
POWERAUTH_SERVER_LOGGING    
POWERAUTH_SERVER_SIGNATURE_MAX_FAILED_ATTEMPTS 5 Maximum failed attempts for signature verification
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_LENGTH 8 Length of OTP generated for proximity check
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_STEP_DURATION 30s Time-step duration used for generating and validating TOTP for the proximity check
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_STEP_COUNT 1 Number of past time-steps used for validating TOTP for the proximity check
POWERAUTH_SERVER_CALLBACKS_DEFAULT_MAX_ATTEMPTS 1 Default maximum number of dispatch attempts for a callback event
POWERAUTH_SERVER_CALLBACKS_DEFAULT_RETENTION_PERIOD 30d Default retention period of a completed callback event before deleting its record from the database table
POWERAUTH_SERVER_CALLBACKS_DEFAULT_INITIAL_BACKOFF 2s Default initial backoff after an unsuccessful attempt to dispatch a callback event
POWERAUTH_SERVER_CALLBACKS_MAX_BACKOFF 32s The maximum allowable backoff period between successive attempts to dispatch a callback event
POWERAUTH_SERVER_CALLBACKS_BACKOFF_MULTIPLIER 1.5 The multiplier used to calculate the backoff period
POWERAUTH_SERVER_CALLBACKS_PENDING_CALLBACK_URL_EVENTS_DISPATCH_LIMIT 100 Maximum number of pending callback events that will be dispatched in a single scheduled job run
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_CORE_SIZE 1 Number of core threads in the thread pool used by the executor
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_MAX_SIZE 2 Maximum number of threads in the thread pool used by the executor
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_QUEUE_CAPACITY 1000 Queue capacity of the thread pool used by the executor
POWERAUTH_SERVER_CALLBACKS_FORCE_RERUN_PERIOD   Time period after which a currently processed callback event is considered stale and should be scheduled to rerun
POWERAUTH_SERVER_CALLBACKS_FAILURE_THRESHOLD 200 The number of consecutive failures allowed for callback events with the same configuration. If set to -1, unlimited number of failures is allowed
POWERAUTH_SERVER_CALLBACKS_FAILURE_RESET_TIMEOUT 60s Time period after which a Callback URL Event will be dispatched, even if failure threshold has been reached
POWERAUTH_SERVER_CALLBACKS_CLIENTS_CACHE_REFRESH_AFTER_WRITE 5m Callback REST clients are cached and automatically evicted if updated through the Callback Management API on a single node. Time-based refreshing mechanism is a fallback in clustered environments

Push Server

Environment Variable Default Value Description
PUSH_SERVER_POWERAUTH_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth REST API response timeout
PUSH_SERVER_POWERAUTH_SERVICE_MAX_IDLE_TIME 200s PowerAuth REST API max idle time
PUSH_SERVER_SECURITY_CLIENT_TOKEN   PowerAuth REST API authentication token
PUSH_SERVER_SECURITY_CLIENT_SECRET   PowerAuth REST API authentication secret / password
PUSH_SERVER_ACCEPT_INVALID_SSL_CERTIFICATE false Whether to accept invalid SSL certificate.
PUSH_SERVER_JPA_CHARSET utf8  
PUSH_SERVER_JPA_CHARACTER_ENCODING utf8  
PUSH_SERVER_JPA_USE_UNICODE true  
PUSH_SERVER_APNS_DEVELOPMENT true Flag indicating that the development instance of APNS service should be used
PUSH_SERVER_APNS_PROXY_ENABLED false Flag indicating if the communication needs to go through proxy
PUSH_SERVER_APNS_PROXY_HOST 127.0.0.1 Proxy host
PUSH_SERVER_APNS_PROXY_PORT 8080 Proxy port
PUSH_SERVER_APNS_PROXY_USERNAME   Proxy username
PUSH_SERVER_APNS_PROXY_PASSWORD   Proxy password
PUSH_SERVER_FCM_PROXY_ENABLED false Flag indicating if the communication needs to go through proxy
PUSH_SERVER_FCM_PROXY_HOST 127.0.0.1 Proxy host
PUSH_SERVER_FCM_PROXY_PORT 8080 Proxy port
PUSH_SERVER_FCM_PROXY_USERNAME   Proxy username
PUSH_SERVER_FCM_PROXY_PASSWORD   Proxy password
PUSH_SERVER_FCM_DATA_NOTIFICATION_ONLY false Flag indicating that FCM service should never use “notification” format, only a data format with extra payload representing the notification
PUSH_SERVER_HMS_PROXY_ENABLED false Flag indicating if the communication needs to go through proxy
PUSH_SERVER_HMS_PROXY_HOST 127.0.0.1 Proxy host
PUSH_SERVER_HMS_PROXY_PORT 8080 Proxy port
PUSH_SERVER_HMS_PROXY_USERNAME   Proxy username
PUSH_SERVER_HMS_PROXY_PASSWORD   Proxy password
PUSH_SERVER_HMS_DATA_NOTIFICATION_ONLY false Flag indicating that HMS service should never use “notification” format, only a data format with extra payload representing the notification
PUSH_SERVER_DATASOURCE_JNDI_NAME false  
PUSH_SERVER_CAMPAIGN_BATCH_SIZE 100000  
PUSH_SERVER_MESSAGE_STORAGE_ENABLED false Whether persistent storing of sent messages is enabled
PUSH_SERVER_REGISTRATION_MULTIPLE_ACTIVATIONS_ENABLED false Whether push registration supports “associated activations”
PUSH_SERVER_SPRING_BATCH_JOB_ENABLED false  
PUSH_SERVER_SPRING_JMX_ENABLED false  
PUSH_SERVER_SPRING_JMX_DEFAULT_DOMAIN powerauth-push-server  
PUSH_SERVER_FCM_CONNECT_TIMEOUT 5000 Push message gateway connect timeout in milliseconds
PUSH_SERVER_APNS_CONNECT_TIMEOUT 5000 Push message gateway connect timeout in milliseconds
PUSH_SERVER_HMS_CONNECT_TIMEOUT 5000 Push message gateway connect timeout in milliseconds
PUSH_SERVER_APPLICATION_NAME powerauth-push-server  
PUSH_SERVER_APPLICATION_DISPLAY_NAME PowerAuth Push Server  
PUSH_SERVER_APPLICATION_ENVIRONMENT   Environment identifier
PUSH_SERVER_LOGGING    

PowerAuth Cloud

Environment Variable Default Value Description
POWERAUTH_CLOUD_POWERAUTH_SERVICE_SECURITY_CLIENT_SECRET   PowerAuth REST API authentication secret / password
POWERAUTH_CLOUD_POWERAUTH_SERVICE_SECURITY_CLIENT_TOKEN   PowerAuth REST API authentication token
POWERAUTH_CLOUD_POWERAUTH_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth REST API response timeout
POWERAUTH_CLOUD_POWERAUTH_SERVICE_MAX_IDLE_TIME 200s PowerAuth REST API max idle time
POWERAUTH_CLOUD_FIDO2_SERVICE_SECURITY_CLIENT_SECRET   PowerAuth FIDO2 API authentication secret / password
POWERAUTH_CLOUD_FIDO2_SERVICE_SECURITY_CLIENT_TOKEN   PowerAuth FIDO2 API authentication token
POWERAUTH_CLOUD_FIDO2_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth FIDO2 API response timeout
POWERAUTH_CLOUD_FIDO2_SERVICE_MAX_IDLE_TIME 200s PowerAuth FIDO2 API max idle time
POWERAUTH_CLOUD_PUSH_SERVER_RESPONSE_TIMEOUT 60s Push Server API response timeout
POWERAUTH_CLOUD_PUSH_SERVER_MAX_IDLE_TIME 200s Push Server API max idle time
POWERAUTH_CLOUD_DATASOURCE_JNDI_NAME false  
POWERAUTH_CLOUD_DATASOURCE_URL jdbc:postgresql://host.docker.internal:5432/powerauth  
POWERAUTH_CLOUD_DATASOURCE_USERNAME $USERNAME$  
POWERAUTH_CLOUD_DATASOURCE_PASSWORD $PASSWORD$  
POWERAUTH_CLOUD_JPA_CHARSET utf8  
POWERAUTH_CLOUD_JPA_CHARACTER_ENCODING utf8  
POWERAUTH_CLOUD_JPA_USE_UNICODE true  
POWERAUTH_CLOUD_JPA_LOCK_TIMEOUT 10000 Database lock timeout configuration
POWERAUTH_CLOUD_LOGGING    
POWERAUTH_CLOUD_SECURITY_AUTH_TYPE BASIC_HTTP BASIC_HTTP for basic HTTP authentication or OIDC for OpenID Connect. If OIDC is enabled, the properties below must be configured.
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_ROLES_CLAIM   A name of the claim in the JWT that contains the user roles.
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_ISSUER_URI   URL of the provider, e.g. https://sts.windows.net/example/
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_AUDIENCES   A comma-separated list of allowed aud JWT claim values to be validated.

Enrollment Server

Environment Variable Default Value Description
ENROLLMENT_SERVER_POWERAUTH_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth REST API response timeout
ENROLLMENT_SERVER_POWERAUTH_SERVICE_MAX_IDLE_TIME 200s PowerAuth REST API max idle time
ENROLLMENT_SERVER_POWERAUTH_SERVICE_SECURITY_CLIENT_SECRET   PowerAuth REST API authentication secret / password
ENROLLMENT_SERVER_POWERAUTH_SERVICE_SECURITY_CLIENT_TOKEN   PowerAuth REST API authentication token
ENROLLMENT_SERVER_PUSH_SERVER_RESPONSE_TIMEOUT 60s Push Server response timeout
ENROLLMENT_SERVER_PUSH_SERVER_MAX_IDLE_TIME 200s Push Server max idle time
ENROLLMENT_SERVER_MTOKEN_ENABLED true Publishing of Mobile Token endpoints can be enabled or disabled using this property
ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED false The activation spawn functionality can be enabled or disabled using this property
ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME false  
ENROLLMENT_SERVER_ADMIN_ENABLED true The admin API can be enabled or disabled using this property
ENROLLMENT_SERVER_JPA_CHARSET utf8  
ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING utf8  
ENROLLMENT_SERVER_JPA_USE_UNICODE true  
ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT 10000 Database lock timeout configuration
ENROLLMENT_SERVER_USER_INFO_PROVIDER   Whether to register minimal claims provider (value MINIMAL) or REST provider (value REST)
ENROLLMENT_SERVER_USER_INFO_REST_URL   Base URL of user-info storage. Must be specified if the provider is type of REST
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_ENABLED false Whether Basic authentication enabled
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_USERNAME   Basic authentication username
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_PASSWORD   Basic authentication password
ENROLLMENT_SERVER_LOGGING    

Please note that under normal circumstanced you are supposed to define only:

POWERAUTH_CLOUD_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth
POWERAUTH_CLOUD_DATASOURCE_USERNAME=$USERNAME$
POWERAUTH_CLOUD_DATASOURCE_PASSWORD=$PASSWORD$

Consult support if you have some specific request.

Last updated on Jun 12, 2025 (11:34) View product
On this page:
Search

develop

PowerAuth Cloud