Database Configuration
Using Sync Gateway’s Admin REST API to configure and manage databases
Related topics: Overview | Bootstrap | Database | Database Security | Access Control | Import | Inter-Sync Gateway Replication
Pre-3.0 Legacy Configuration Equivalents
This content describes configuration for Sync Gateway 3.0 and higher — for legacy configuration, see: Legacy Pre-3.0 Configuration |
Introduction
From Sync Gateway 3.0 you can use the Admin REST API to provision persistent configuration changes. This content introduces the Create Database and Configure Database endpoints for convenience — see Database Configuration for a full description of the endpoints available.
You can define 1 custom scope per database with up to 1000 custom collections. If you don’t specify a custom scope and collection, any documents you create will be saved in the default scope and collection. |
Create Database
PUT {url}/{dbname}/
This is to create a new database for Sync Gateway.
The new database name will be the name specified in the URL, not what is specified in the request body database configuration.
If the bucket is not provided in the database configuration, Sync Gateway will attempt to find and use the database name as the bucket.
By default, the new database will be brought online immediately. This can be avoided by including "offline": true
in the configuration in the request body.
Required Sync Gateway RBAC roles:
- Sync Gateway Architect
Path Parameters
Name | Description | Schema |
---|---|---|
db |
The name of the database to run the operation against. |
String |
Query Parameters
Name | Description | Schema |
---|---|---|
disable_oidc_validation |
If set, will not attempt to validate the configured OpenID Connect providers are reachable. Default: |
Boolean |
Responses
HTTP Code | Description | Schema |
---|---|---|
201 |
Database created successfully |
|
400 |
There was a problem with your request |
|
403 |
An authentication failure occurred |
|
409 |
A database already exists for this bucket |
|
412 |
A database under that name already exists |
|
500 |
A server error occurred |
Example
Here we create a new sync gateway database.
-
Curl
-
HTTP
curl --location --request PUT 'http://127.0.0.1:4985/traveldb/' \ (1)
--header 'Authorization: Basic c3luY19nYXRld2F5OnBhc3N3b3Jk' \ (2)
--header 'Content-Type: application/json' \
--data-raw '{
"bucket": "todo", (3)
"num_index_replicas": 0}'
PUT /traveldb/ HTTP/1.1 (1)
Host: 127.0.0.1:4985
Authorization: Basic c3luY19nYXRld2F5OnBhc3N3b3Jk (2)
Content-Type: application/json
Content-Length: 44
{
"bucket": "todo", (3)
"num_index_replicas": 0}
1 | Here we create a sync gateway database called traveldb |
2 | Note we are using Basic Authentication here to authenticate against an existing Couchbase Server RBAC user |
3 | Here we point to the Couchbase Server bucket called todo |
Configure Database
PUT {url}/{db}/_config
This is used to update the database configuration fields specified. Only the fields specified in the request will have their values replaced.
The bucket and database name cannot be changed. If these need to be changed, the database will need to be deleted then recreated with the new settings.
Required Sync Gateway RBAC roles:
- Sync Gateway Architect
- Sync Gateway Application
Path Parameters
Name | Description | Schema |
---|---|---|
db |
The name of the database to run the operation against. |
String |
Header Parameters
Name | Description | Schema |
---|---|---|
If-Match |
If set to a configuration's Etag value, enables optimistic concurrency control for the request. Returns HTTP 412 if another update happened underneath this one. |
String |
Responses
HTTP Code | Description | Schema |
---|---|---|
201 |
Database configuration successfully updated |
|
400 |
There was a problem with your request |
|
404 |
Not Found |
|
412 |
Precondition Failed The supplied If-Match header did not match the current version of the configuration. Returned when optimistic concurrency control is used, and there has been an update to the configuration in between this update. |
Example
Here we configure an existing sync gateway database.
-
Curl
-
HTTP
curl --location --request PUT 'http://127.0.0.1:4985/traveldb/_config/' \ (1)
--header 'Authorization: Basic c3luY19nYXRld2F5OnBhc3N3b3Jk' \ (2)
--header 'Content-Type: application/json' \
--data-raw '{
"enable_shared_bucket_access": true,
"import_docs": true
}' (3)
PUT /traveldb/_config/ HTTP/1.1 (1)
Host: 127.0.0.1:4985
Authorization: Basic c3luY19nYXRld2F5OnBhc3N3b3Jk (2)
Content-Type: application/json
Content-Length: 120
{
"enable_shared_bucket_access": true,
"import_docs": true
} (3)
1 | Here we choose to configure (_config ) a sync gateway database called traveldb |
2 | Note we are using Basic Authentication here to authenticate against an existing Couchbase Server RBAC user |
3 | Here we toggle a couple of database properties |
Schema
This section shows Sync Gateway’s database configuration settings in schema format for convenience in constructing JSON models for use in the Admin REST API.
The configuration settings described here are provisioned through the Database Configuration endpoints.
{ allow_empty_password: false, bucket: "The database name", bucket_op_timeout_ms: 0, cacertpath: "string", cache: { channel_cache: { compact_high_watermark_pct: 80, compact_low_watermark_pct: 60, enable_star_channel: true, expiry_seconds: 60, max_length: 500, max_num_pending: 10000, max_number: 50000, max_wait_pending: 5000, max_wait_skipped: 3600000, min_length: 50 }, rev_cache: { max_memory_count_mb: 0, shard_count: "16", size: "5000" } }, certpath: "string", client_partition_window_secs: 2592000, compact_interval_days: 1, cors: { headers: [], login_origin: [], origin: [] }, delta_sync: { enabled: false, rev_max_age_seconds: 86400 }, disable_password_auth: false, enable_shared_bucket_access: true, event_handlers: { db_state_changed: { filter: "string", handler: "string", options: { {additionalProperties...}: { } }, timeout: 0, url: "string" }, document_changed: { filter: "string", handler: "string", options: { {additionalProperties...}: { } }, timeout: 0, url: "string" }, max_processes: "string", wait_for_process: "string" }, guest: { admin_channels: [], admin_roles: [], all_channels: [], collection_access: { {scopename...}: { {collectionname...}: { admin_channels: [], all_channels: [], jwt_channels: [], jwt_last_updated: "string" } } }, disabled: true, email: "string", jwt_channels: [], jwt_issuer: "string", jwt_last_updated: "string", jwt_roles: [], name: "string", password: "string", roles: [] }, import_backup_old_rev: false, import_docs: true, import_filter: "function(doc) { if (doc.type != 'mobile') { return false; } return true; }", import_partitions: 16, javascript_timeout_secs: 60, keypath: "string", kv_tls_port: 11207, local_doc_expiry_secs: 7776000, local_jwt: { {providername...}: { algorithms: [], channels_claim: "string", client_id: "string", disable_session: true, issuer: "string", keys: [], register: true, roles_claim: "string", user_prefix: "string", username_claim: "string" } }, logging: { audit: { disabled_roles: [], disabled_users: [], enabled: false, enabled_events: [] }, console: { log_keys: [CRUD,HTTP,Query], log_level: "debug" } }, max_concurrent_query_ops: 1000, name: "string", num_index_replicas: 1, offline: false, oidc: { default_provider: "string", providers: { {providername...}: { InsecureSkipVerify: false, IsDefault: true, Name: "string", allow_unsigned_provider_tokens: true, callback_url: "string", channels_claim: "string", client_id: "string", disable_callback_state: false, disable_cfg_validation: false, disable_session: true, discovery_url: "string", include_access: true, issuer: "string", register: true, roles_claim: "string", scope: [], user_prefix: "string", username_claim: "string", validation_key: "string" } } }, old_rev_expiry_seconds: 300, password: "string", query_pagination_limit: 5000, replications: { replication_id: { adhoc: false, batch_size: 200, collections_enabled: false, collections_local: [scope1.collection1,scope1.collection3,scope1.collection6], collections_remote: [scope1.collectionA,,scope1.collectionF], conflict_resolution_type: "default", continuous: false, custom_conflict_resolver: "none", direction: "string", enable_delta_sync: false, filter: "string", initial_state: "running", max_backoff_time: 5, purge_on_removal: false, query_params: [], remote: "string", remote_password: "string", remote_username: "string", replication_id: "string", run_as: "string" } }, revs_limit: 100, roles: (unknown), scopes: { {scopename...}: { collections: { {collectionname...}: { import_filter: "function(doc) { if (doc.type != 'mobile') { return false; } return true; }", sync: "function(doc){channel("collection name");}" } } } }, send_www_authenticate_header: true, serve_insecure_attachment_types: false, server: "string", session_cookie_http_only: false, session_cookie_name: "string", session_cookie_secure: true, sgreplicate_enabled: true, sgreplicate_websocket_heartbeat_secs: 300, slow_query_warning_threshold: 500, suspendable: false, sync: "function(doc){channel(doc.channels);}", unsupported: { api_endpoints: { enable_couchbase_bucket_flush: true }, dcp_read_buffer: 0, force_api_forbidden_errors: true, guest_read_only: true, kv_buffer: 0, oidc_test_provider: { enabled: true }, oidc_tls_skip_verify: true, remote_config_tls_skip_verify: true, sgr_tls_skip_verify: true, user_views: { enabled: true }, warning_thresholds: { access_and_role_grants_per_doc: 0, channel_name_size: 0, channels_per_doc: 0, channels_per_user: 0, xattr_size_bytes: 0 } }, use_views: false, user_xattr_key: "string", username: "string", users: (unknown), view_query_timeout_secs: 75 }
allow_empty_password
- Type
-
boolean
- Description
-
This controls whether users that are created can have an empty password or not.
bucket
- Type
-
string
- Description
-
The Couchbase Server backing bucket for the database.
bucket_op_timeout_ms
- Type
-
number
- Description
-
This is the amount of milliseconds should pass before a bucket operation times out. An error will be returned if the bucket operation times out saying:
operation timed out
.
cacertpath
- Type
-
string
- Description
-
The root CA cert path for X.509 bucket authentication.
cache.channel_cache
- Type
-
object
- Description
-
The channel cache config settings.
cache.channel_cache.compact_high_watermark_pct
- Type
-
integer
- Description
-
The trigger value for starting the channel cache eviction process.
Specify this as a percentage which will be the percentage used on `max_number).
When the cache size, determined by
max_number
, reaches the high watermark, the eviction process iterates through the cache, removing inactive channels.
cache.channel_cache.compact_low_watermark_pct
- Type
-
integer
- Description
-
The trigger value for stopping the channel cache eviction process.
Specify this as a percentage which will be the percentage used on `max_number).
When the cache size, determined by
max_number
returns to a value lower than the percentage of it set here, the cache eviction process is stopped.
cache.channel_cache.enable_star_channel
- Type
-
boolean
- Description
-
Used to control whether Sync Gateway should use the all documents (*) channel.
cache.channel_cache.expiry_seconds
- Type
-
integer
- Description
-
The amount of time (in seconds) to keep entries in the cache beyond the minimum retained.
cache.channel_cache.max_length
- Type
-
integer
- Description
-
The maximum number of entries to maintain in the cache per channel.
cache.channel_cache.max_num_pending
- Type
-
integer
- Description
-
The maximum number of pending sequences before skipping sequences.
cache.channel_cache.max_number
- Type
-
integer
- Description
-
The maximum number of channel caches which can exist at any one point.
cache.channel_cache.max_wait_pending
- Type
-
number
- Description
-
The maximum time (in milliseconds) for waiting for a pending sequence before skipping it.
cache.channel_cache.max_wait_skipped
- Type
-
number
- Description
-
The maximum amount of time (in milliseconds) to wait for a skipped sequence before abandoning it.
cache.channel_cache.min_length
- Type
-
integer
- Description
-
The minimum number of entries to maintain in the cache per channel.
cache.rev_cache
- Type
-
object
- Description
-
The revision cache config settings.
cache.rev_cache.max_memory_count_mb
- Type
-
integer
- Description
-
The maximum amount of memory the revision cache should take up in MB, setting to 0 will disable any eviction based on memory at rev cache. When set this memory limit will work in in hand with revision cache size parameter. So you will potentially get eviction at revision cache both based off memory footprint and number of items in the cache. This is an Enterprise Edition feature only
cache.rev_cache.shard_count
- Type
-
string
- Description
-
The number of shards the revision cache should be split into.
cache.rev_cache.size
- Type
-
string
- Description
-
The maximum number of revisions that can be stored in the revision cache.
certpath
- Type
-
string
- Description
-
The cert path (public key) for X.509 bucket auth.
client_partition_window_secs
- Type
-
integer
- Description
-
How long (in seconds) clients can remain offline for without losing replication metadata.
Defaults to 30 days (in seconds)
compact_interval_days
- Type
-
number
- Description
-
The interval between scheduled tombstone compaction runs (in days). This can be a floating point number.
If set to 0, compaction will not run automatically.
cors
- Type
-
object
- Description
-
CORS configuration for this database; if present, overrides server's config.
cors.headers
- Type
-
array
- Description
-
List of allowed headers
cors.login_origin
- Type
-
array
- Description
-
List of allowed login origins
cors.origin
- Type
-
array
- Description
-
List of allowed origins, use ['*'] to allow access from everywhere
delta_sync
- Type
-
object
- Description
-
Delta sync configuration settings.
This is an Enterprise Edition feature only
delta_sync.enabled
- Type
-
boolean
- Description
-
Whether delta sync is enabled.
This is an Enterprise Edition feature only
delta_sync.rev_max_age_seconds
- Type
-
number
- Description
-
The number of seconds deltas for old revisions are available for.
This defaults to 24 hours (in seconds).
disable_password_auth
- Type
-
boolean
- Description
-
Whether to disable username/password authentication and only allow OIDC and guest access.
enable_shared_bucket_access
- Type
-
boolean
- Description
-
Whether to use extended attributes to store Sync Gateway document (
_sync
) metadata.
event_handlers
- Type
-
object
- Description
-
These are the settings for webhooks.
event_handlers.db_state_changed.filter
- Type
-
string
- Description
-
The Javascript function to use to filter the webhook events.
event_handlers.db_state_changed.handler
- Type
-
string
- Description
-
The handler type.
event_handlers.db_state_changed.options
- Type
-
object
- Description
-
The options for the event.
event_handlers.db_state_changed.options.{additionalProperties…}
- Type
-
object
- Description
-
The option key and value.
event_handlers.db_state_changed.timeout
- Type
-
number
- Description
-
The amount of time (in seconds) to attempt connect to the webhook before giving up.
event_handlers.db_state_changed.url
- Type
-
string
- Description
-
The URL of the webhook.
event_handlers.document_changed.filter
- Type
-
string
- Description
-
The Javascript function to use to filter the webhook events.
event_handlers.document_changed.handler
- Type
-
string
- Description
-
The handler type.
event_handlers.document_changed.options
- Type
-
object
- Description
-
The options for the event.
event_handlers.document_changed.options.{additionalProperties…}
- Type
-
object
- Description
-
The option key and value.
event_handlers.document_changed.timeout
- Type
-
number
- Description
-
The amount of time (in seconds) to attempt connect to the webhook before giving up.
event_handlers.document_changed.url
- Type
-
string
- Description
-
The URL of the webhook.
event_handlers.max_processes
- Type
-
string
- Description
-
The maximum amount of concurrent event handling independent functions that can be running at the same time.
event_handlers.wait_for_process
- Type
-
string
- Description
-
The maximum amount of time (in milliseconds) to wait when the even queue is full.
guest
- Type
-
object
- Description
-
Properties associated with a user
guest.admin_channels
- Type
-
array
- Description
-
A list of channels to explicitly grant to the user for the default collection.
guest.admin_roles
- Type
-
array
- Description
-
A list of roles to explicitly grant to the user.
guest.all_channels
- Type
-
array (readOnly)
- Description
-
All the channels that the user has been granted access to for the default collection.
Access could have been granted through the sync function, roles, or explicitly on the user under the
admin_channels
property.
guest.collection_access
- Type
-
object
- Description
-
A set of access grants by scope and collection.
guest.collection_access.{scopename…}
- Type
-
object
- Description
-
An object keyed by scope, containing a set of collections.
guest.collection_access.{scopename…}.{collectionname…}
- Type
-
object
- Description
-
An object keyed by collection name, defines access for the collection.
guest.collection_access.{scopename…}.{collectionname…}.admin_channels
- Type
-
array
- Description
-
A list of channels to explicitly grant to the user.
guest.collection_access.{scopename…}.{collectionname…}.all_channels
- Type
-
array (readOnly)
- Description
-
All the channels that the user has been granted access to.
Access could have been granted through the sync function, roles, or explicitly on the user under the
admin_channels
property.
guest.collection_access.{scopename…}.{collectionname…}.jwt_channels
- Type
-
array (readOnly)
- Description
-
The channels that the user has been granted access to through channels_claim.
guest.collection_access.{scopename…}.{collectionname…}.jwt_last_updated
- Type
-
string (readOnly)
- Description
-
The last time that the user's JWT roles/channels were updated.
guest.disabled
- Type
-
boolean
- Description
-
If true, the user will not be able to login to the account as it is disabled.
guest.email
- Type
-
string
- Description
-
The email address of the user.
guest.jwt_channels
- Type
-
array (readOnly)
- Description
-
The channels that the user has been granted access to through channels_claim.
guest.jwt_issuer
- Type
-
string (readOnly)
- Description
-
The issuer of the last JSON Web Token that the user last used to sign in.
guest.jwt_last_updated
- Type
-
string (readOnly)
- Description
-
The last time that the user's JWT roles/channels were updated.
guest.jwt_roles
- Type
-
array (readOnly)
- Description
-
The roles that the user has been added to through roles_claim.
guest.name
- Type
-
string
- Description
-
The name of the user.
User names can only have alphanumeric ASCII characters and underscores.
guest.password
- Type
-
string
- Description
-
The password of the user.
Mandatory. unless
allow_empty_password
istrue
in the database configs.
guest.roles
- Type
-
array (readOnly)
- Description
-
All the roles that the user has been granted access to.
Access could have been granted through the sync function, roles_claim, or explicitly on the user under the
admin_roles
property.
import_backup_old_rev
- Type
-
boolean
- Description
-
This controls whether import should attempt to create a temporary backup of the previous revision body (if available) when the document is modified in the bucket.
import_docs
- Type
-
boolean
- Description
-
If true, documents will be imported in to Sync Gateway from the bucket when requested. Documents will be ran through the set
import_filter
if any is set.The default value depends on the edition of Sync Gateway being used. If the edition is the Community Edition, then this will default to
false
or else in the Enterprise Edition, it will default totrue
.This can also be set to the string
continuous
which maps to true.
import_filter
- Type
-
string
- Description
-
This is the function that all imported documents in the default scope and collection are ran through in order to filter out what to import and what not to import. This allows you to control what is made available to Couchbase Mobile clients. If it is not set, then no documents are filtered when imported.
import_docs
must be true to make this field applicable.If
scopes
parameter is set, this is ignored.
import_partitions
- Type
-
number
- Description
-
** This is an Enterprise Edition feature only**
This is how many import partitions should be used for import sharding.
Partitions are distributed among all Sync Gateway nodes participating in import processing (
import_docs=true
), and each process a subset of the server's vbuckets.Each partition is processed by an independent function that runs simultaneously to others, so
import_partitions
can be used to tune concurrency based on the number of Sync Gateway nodes, and the number of cores per node.
javascript_timeout_secs
- Type
-
number
- Description
-
The maximum number of seconds the sync, import filter, and custom conflict resolver JavaScript functions are allowed to run for before timing out. Set to 0 to allow the JS functions to run uncapped.
keypath
- Type
-
string
- Description
-
The key path (private key) for X.509 bucket auth
kv_tls_port
- Type
-
integer
- Description
-
The Memcached TLS port.
local_doc_expiry_secs
- Type
-
integer
- Description
-
The number of seconds before a
_local
document should expire.
local_jwt
- Type
-
object
- Description
-
Configuration for Local JWT authentication.
local_jwt.{providername…}
- Type
-
object
- Description
-
The providers name.
local_jwt.{providername…}.algorithms
- Type
-
array
- Description
-
The JWT signing algorithms to accept for authentication.
local_jwt.{providername…}.channels_claim
- Type
-
string
- Description
-
If set, the value(s) of the given JSON Web Token claim will be added to the user's channels.
The value of this claim must be either a string or an array of strings, any other type will result in an error.
local_jwt.{providername…}.client_id
- Type
-
string
- Description
-
The value to match against the "aud" claim of JWTs. Set to an empty string to disable audience validation.
local_jwt.{providername…}.disable_session
- Type
-
boolean
- Description
-
Disable Sync Gateway session creation on successful JWT authentication.
local_jwt.{providername…}.issuer
- Type
-
string
- Description
-
The value to match against the "iss" claim of JWTs.
local_jwt.{providername…}.keys
- Type
-
array
- Description
-
The JSON Web Keys to use to validate JWTs.
local_jwt.{providername…}.register
- Type
-
boolean
- Description
-
If to register a new Sync Gateway user account when a user logs in with a JWT.
local_jwt.{providername…}.roles_claim
- Type
-
string
- Description
-
If set, the value(s) of the given JSON Web Token claim will be added to the user's roles.
The value of this claim must be either a string or an array of strings, any other type will result in an error.
local_jwt.{providername…}.user_prefix
- Type
-
string
- Description
-
This is the username prefix for all users created through this provider.
local_jwt.{providername…}.username_claim
- Type
-
string
- Description
-
Allows a different OpenID Connect field to be specified instead of the Subject (
sub
).The field name to use can be specified here.
logging
- Type
-
object
- Description
-
Per-database logging configuration.
logging.audit
- Type
-
object
- Description
-
Audit logging configuration.
logging.audit.disabled_roles
- Type
-
array
- Description
-
List of roles for which audit logging is disabled. Either cbs or sgw.
logging.audit.disabled_users
- Type
-
array
- Description
-
List of users for which audit logging is disabled.
logging.audit.enabled
- Type
-
boolean
- Description
-
Whether audit logging is enabled.
logging.audit.enabled_events
- Type
-
array
- Description
-
List of enabled audit events for this database.
logging.console
- Type
-
object
- Description
-
Console logging configuration.
logging.console.log_keys
- Type
-
array
- Description
-
Log Keys for the console output
logging.console.log_level
- Type
-
string
- Description
-
Log Level for the console output
max_concurrent_query_ops
- Type
-
integer
- Description
-
The maximum amount of query operations that can be running at any one point.
name
- Type
-
string
- Description
-
The name of the database.
num_index_replicas
- Type
-
number
- Description
-
This is the number of Global Secondary Indexes (GSI) to use for core indexes.
offline
- Type
-
boolean
- Description
-
Start the database in an offline state.
oidc
- Type
-
object
- Description
-
Configuration for OpenID Connect authentication.
oidc.default_provider
- Type
-
string
- Description
-
The default provider to use when the provider is not specified in the client.
oidc.providers
- Type
-
object
- Description
-
List of OpenID Connect issuers.
oidc.providers.{providername…}
- Type
-
object
- Description
-
The providers name.
oidc.providers.{providername…}.InsecureSkipVerify
- Type
-
boolean
- Description
-
Determines whether the TLS certificate verification should be disabled for this provider.
oidc.providers.{providername…}.IsDefault
- Type
-
boolean
- Description
-
Indicates if this is the default OpenID Connect provider.
oidc.providers.{providername…}.Name
- Type
-
string
- Description
-
The name of the OpenID Connect Provider.
oidc.providers.{providername…}.allow_unsigned_provider_tokens
- Type
-
boolean
- Description
-
Allows users accept unsigned tokens from providers.
oidc.providers.{providername…}.callback_url
- Type
-
string
- Description
-
The URL that the OpenID Connect will redirect to after authentication.
If not provided, a callback URL will be generated.
oidc.providers.{providername…}.channels_claim
- Type
-
string
- Description
-
If set, the value(s) of the given OpenID Connect authentication token claim will be added to the user's channels.
The value of this claim must be either a string or an array of strings, any other type will result in an error.
oidc.providers.{providername…}.client_id
- Type
-
string
- Description
-
The OpenID Connect provider client ID.
oidc.providers.{providername…}.disable_callback_state
- Type
-
boolean
- Description
-
Controls whether to maintain state between the auth request and callback endpoints (
/_oidc
and/_oidc_callback
).This is not recommended as it would cause OpenID Connect authentication to be vulnerable to Cross-Site Request Forgery (CSRF, XSRF).
oidc.providers.{providername…}.disable_cfg_validation
- Type
-
boolean
- Description
-
This bypasses the configuration validation based on the OpenID Connect specifications. This may be required for some OpenID providers that don't strictly adhere to the specifications.
oidc.providers.{providername…}.disable_session
- Type
-
boolean
- Description
-
Disable Sync Gateway session creation on successful OpenID Connect authentication.
oidc.providers.{providername…}.discovery_url
- Type
-
string
- Description
-
The non-standard discovery endpoint.
oidc.providers.{providername…}.include_access
- Type
-
boolean
- Description
-
This is whether the
_oidc_callback
response should include the OpenID Connect access token and associated fields (such astoken_type
, andexpires_in
).
oidc.providers.{providername…}.issuer
- Type
-
string
- Description
-
The URL for the OpenID Connect issuer.
oidc.providers.{providername…}.register
- Type
-
boolean
- Description
-
If to register a new Sync Gateway user account when a user logs in with OpenID Connect.
oidc.providers.{providername…}.roles_claim
- Type
-
string
- Description
-
If set, the value(s) of the given OpenID Connect authentication token claim will be added to the user's roles.
The value of this claim must be either a string or an array of strings, any other type will result in an error.
oidc.providers.{providername…}.scope
- Type
-
array
- Description
-
The scope sent for the OpenID Connect request.
oidc.providers.{providername…}.user_prefix
- Type
-
string
- Description
-
This is the username prefix for all users created through this provider.
oidc.providers.{providername…}.username_claim
- Type
-
string
- Description
-
Allows a different OpenID Connect field to be specified instead of the Subject (
sub
).The field name to use can be specified here.
oidc.providers.{providername…}.validation_key
- Type
-
string
- Description
-
The OpenID Connect provider client secret.
old_rev_expiry_seconds
- Type
-
number
- Description
-
The number of seconds before old revisions are removed from the Couchbase Server bucket.
password
- Type
-
string
- Description
-
The password for authenticating to the server.
query_pagination_limit
- Type
-
integer
- Description
-
The query limit to be used during pagination of large queries.
replications.replication_id
- Type
-
object
- Description
-
Properties of a replication
replications.replication_id.adhoc
- Type
-
boolean
- Description
-
Set to true to run the replication as an adhoc replication instead of a persistent one.
This means that the replication will only last the period of the replication until the status is changed to
stopped
and then it will be removed automatically. It will also be removed if Sync Gateway restarts or if removed due to user action.
replications.replication_id.batch_size
- Type
-
integer
- Description
-
The amount of changes to be sent in one batch of replications. Changing this is an Enterprise Edition only feature.
replications.replication_id.collections_enabled
- Type
-
boolean
- Description
-
If true, the replicator will run with collections, and will replicate all collections, unless otherwise limited by
keyspace_map
.If false, the replicator will only replicate the default collection.
replications.replication_id.collections_local
- Type
-
array
- Description
-
Limits the set of collections replicated to those listed in this array.
The replication will use all collections defined on the database if this list is empty.
replications.replication_id.collections_remote
- Type
-
array
- Description
-
Remaps the local collection name to the one specified in this array when replicating with the remote.
If only a subset of collections need remapping, elements in this array can be specified as
null
to preserve the local collection name.The same index is used for both
collections_remote
andcollections_local
, and both arrays must be the same length.
replications.replication_id.conflict_resolution_type
- Type
-
string
- Description
-
This defines what conflict resolution policy Sync Gateway should use to apply when resolving conflicting revisions.
Changing this is an Enterprise Edition only feature.
Behaviour
- default - In priority order, this will cause
- Deletes to always win (the delete with the longest revision history wins if both revisions are deletes)
- The revision with the longest revision history to win. This means the the revision with the most changes and therefore the highest revision ID will win.
- localWins - This will result in local revisions always being the winner in any conflict.
- remoteWins - This will result in remote revisions always being the winner in any conflict.
- custom - This will result in conflicts going through your own custom conflict resolver. You must provide this logic as a Javascript function in the
custom_conflict_resolver
parameter. This is an Enterprise Edition only feature.
Note: replications created prior to Sync Gateway 2.8 will default to
default
. - default - In priority order, this will cause
replications.replication_id.continuous
- Type
-
boolean
- Description
-
If true, changes will be immediately synced when they happen. This is known as a continuous replication.
If false, all changes will be synced until they have been processed. The replication will then cease and not process any future changes (unless started again by the user). This is known as a one-shot replication.
replications.replication_id.custom_conflict_resolver
- Type
-
string
- Description
-
This specifies the Javascript function to use to resolve conflicts between conflicting revisions.
This must be used when
conflict_resolution_type=custom
. This property will be ignored whenconflict_resolution_type
is notcustom
.The Javascript function to provide this property should be in backticks (like the sync function). The function takes 1 parameter which is a struct that represents the conflict. This struct has 2 properties:
LocalDocument
- The local document. This contains the document ID under the_id
key.RemoteDocument
- The remote document The function should return the new documents body. This can be the winning revision (for example,return conflict.LocalDocument
), a new body, ornil
to resolve as a delete.
Example:
"custom_conflict_resolver":\` function(conflict) { console.log("Doc ID: "+conflict.LocalDocument._id); console.log("Full remote doc: "+JSON.stringify(conflict.RemoteDocument)); return conflict.RemoteDocument; } \`
Using complex
custom_conflict_resolver
functions can noticeably degrade performance. Use a built-in resolver whenever possible.This is an Enterprise Edition only feature.
replications.replication_id.direction
- Type
-
string
- Description
-
This specifies which direction the replication will be replicating with the
remote
replicator.The directions are:
pull
- changes are pulled from the remote databasepush
- changes are pushed to the remote databasepushAndPull
- changes are both push-to and pulled-from the remote database
Replications created prior to Sync Gateway 2.8 derive their
direction
from the source/target URL of the replication.
replications.replication_id.enable_delta_sync
- Type
-
boolean
- Description
-
This will turn on delta- sync for the replication. This works in conjunction with the database level setting
delta_sync.enabled
If set to true, delta-sync will be used as long as both databases involved in the replication have delta-sync enabled. If a database does not have delta-sync enabled, then the replication will run without delta-sync.
Replications created prior to Sync Gateway 2.8 must have delta-sync disabled.
Enabling this is an Enterprise Edition only feature.
replications.replication_id.filter
- Type
-
string
- Description
-
This defines whether to filter documents by their channels or not.
If set to
sync_gateway/bychannel
then a pull replication will be limited to a specific set of channels specified by thequery_params.channels
property.This only can be used with pull replications.
replications.replication_id.initial_state
- Type
-
string
- Description
-
This is what state to start the replication in when creating a new replication.
This allows you to control if the replication starts in a
stopped
start orrunning
state.Replications prior to Sync Gateway 2.8 will run in the default state
running
.
replications.replication_id.max_backoff_time
- Type
-
integer
- Description
-
Specifies the maximum time-period (in minutes) that Sync Gateway will attempt to reconnect to a lost or unreachable remote.
When a disconnection happens, Sync Gateway will do an exponential backoff up to this specified value. When this value is met, it will attempt to reconnect indefinitely every
max_backoff_time
minutes.If this is set to 0, Sync Gateway will do the normal exponential backoff after the disconnect happens but then attempting 10 minutes and stop the replication.
Note: this defaults to 5 minutes for replications created prior to Sync Gateway 2.8.
replications.replication_id.purge_on_removal
- Type
-
boolean
- Description
-
Specifies whether to purge a document if the remote user loses access to all of the channels on the document when attempting to pull it from the remote.
If false, documents will not be replicated and not be purged when the user loses access.
replications.replication_id.query_params
- Type
-
array
- Description
-
This is a set of key/value pairs used in the query string of the replication.
If
filters=sync_gateway/bychannel
then this can be used to set the channels to filter by in a pull replication. To do this, set thechannels
key to a string array of the channels to filter by. For example:"filter":"sync_gateway/bychannel", "query_params": { "channels":["chanUser1"] },
replications.replication_id.remote
- Type
-
string
- Description
-
This is the endpoint of the database for the remote Sync Gateway that is the subject of this replication's
push
,pull
, orpushAndPull
action.Typically this would include the URI, port, and database name. For example,
http://localhost:4985/db
.How this remote is used depends on the
direction
of the replication:pull
- this replicator pulls changes from theremote
push
- this replicator pushes changes to thisremote
pushAndPull
- this replicator pushes changes to thisremote
, while also pulling receiving changes
replications.replication_id.remote_password
- Type
-
string
- Description
-
The password to use to authenticate with the remote.
This password will be redacted in the replication config.
This can only be used for a pull replication.
replications.replication_id.remote_username
- Type
-
string
- Description
-
The username to use to authenticate with the remote.
This can only be used for a pull replication.
replications.replication_id.replication_id
- Type
-
string
- Description
-
This is the ID of the replication.
When creating a new replication using a POST request, this will be set to a random UUID if not explicitly set.
When the replication ID is specified in the URL, this must be set to the same replication ID if specifying it at all.
replications.replication_id.run_as
- Type
-
string
- Description
-
This is used if you want to specify a user to run the replication as. This means that the replication will only be able to replicate what the user access to what the user has access to.
revs_limit
- Type
-
number
- Description
-
The maximum depth a document's revision tree can grow too.
The minimum is
20
if conflicts are allowed and 0 if not. It is not recommended to go below100
when conflicts are allowed.
scopes
- Type
-
object
- Description
-
An object keyed by scope name containing config for the specific collection.
scopes.{scopename…}
- Type
-
object
- Description
-
Scope-specific configuration.
scopes.{scopename…}.collections
- Type
-
object
- Description
-
An object keyed by collection name containing config for the specific collection.
scopes.{scopename…}.collections.{collectionname…}
- Type
-
object
- Description
-
Collection-specific configuration.
scopes.{scopename…}.collections.{collectionname…}.import_filter
- Type
-
string
- Description
-
This is the function that all imported documents in this collection are ran through in order to filter out what to import and what not to import. This allows you to control what is made available to Couchbase Mobile clients. If it is not set, then no documents are filtered when imported.
import_docs
in the database config must be true to make this field applicable.
scopes.{scopename…}.collections.{collectionname…}.sync
- Type
-
string
- Description
-
The Javascript function that newly created documents in this collection are ran through.
send_www_authenticate_header
- Type
-
boolean
- Description
-
Controls whether to send a
WWW-Authenticate
header in401 Unauthorized
HTTP responses.
serve_insecure_attachment_types
- Type
-
boolean
- Description
-
If set, always serve attachments with the
Content-Type
header set to the type of the attachment.When serving an attachment, usually the
Content-Type
header is set to the type of the attachment but theContent-Disposition
response header will be set instead if the content type is vulnerable to a phishing attack, causing the browser to download the file instead of display it. This option will override that behaviour and always set theContent-Type
header.
server
- Type
-
string
- Description
-
This is the Couchbase Server address or addresses that the database connect to.
session_cookie_http_only
- Type
-
boolean
- Description
-
Make all session cookies for the database set the
HttpOnly
flag so they are inaccessible to JavaScript.
session_cookie_name
- Type
-
string
- Description
-
This can be used to define a custom per-database session cookie name.
session_cookie_secure
- Type
-
boolean
- Description
-
Override the session cookie
secure
flag. If set, the cookie will have thesecure
flag.This will default to
true
if startup configapi.https.tls_cert_path
is set otherwise it will default tofalse
.
sgreplicate_enabled
- Type
-
boolean
- Description
-
Whether the node should accept assign replications (
true
) or not (false
).
sgreplicate_websocket_heartbeat_secs
- Type
-
integer
- Description
-
Use a custom heartbeat interval (in seconds) for websocket ping frames.
slow_query_warning_threshold
- Type
-
number
- Description
-
The amount of milliseconds a N1QL query should run before logging a warning.
suspendable
- Type
-
boolean
- Description
-
Set to true to allow the database to be suspended.
Defaults to true when running in serverless mode otherwise defaults to false.
sync
- Type
-
string
- Description
-
The Javascript function that newly created documents are ran through for the default scope and collection. If
scopes
parameter is set, this is ignored.
unsupported
- Type
-
object
- Description
-
These are unsupported options and therefore it is not recommended to use them.
unsupported.api_endpoints.enable_couchbase_bucket_flush
- Type
-
boolean
- Description
-
Setting for test purposes only
Whether Couchbase buckets can be flushed via Admin REST API.
unsupported.dcp_read_buffer
- Type
-
number
- Description
-
Set the dcp feed to use a different read buffer size.
unsupported.force_api_forbidden_errors
- Type
-
boolean
- Description
-
Force REST API errors to return forbidden
unsupported.guest_read_only
- Type
-
boolean
- Description
-
Restrict GUEST document access to read-only.
unsupported.kv_buffer
- Type
-
number
- Description
-
Set the kv pool to use a different buffer size.
unsupported.oidc_test_provider.enabled
- Type
-
boolean
- Description
-
Whether the
oidc_test_provider
endpoints should be exposed on the public API.
unsupported.oidc_tls_skip_verify
- Type
-
boolean
- Description
-
Enable self-signed certificates for OIDC testing.
unsupported.remote_config_tls_skip_verify
- Type
-
boolean
- Description
-
Enable self-signed certificates for external JavaScript load.
unsupported.sgr_tls_skip_verify
- Type
-
boolean
- Description
-
Enable self-signed certificates for SG-replicate testing.
unsupported.user_views.enabled
- Type
-
boolean
- Description
-
Whether pass-through view query is supported through public API.
unsupported.warning_thresholds.access_and_role_grants_per_doc
- Type
-
number
- Description
-
The number of access and role grants per document to be used as a threshold for grant count warnings.
unsupported.warning_thresholds.channel_name_size
- Type
-
number
- Description
-
The number of channel name characters to be used as a threshold for channel name warnings.
unsupported.warning_thresholds.channels_per_doc
- Type
-
number
- Description
-
The number of channels per document to be used as a threshold for the channel count warnings.
unsupported.warning_thresholds.channels_per_user
- Type
-
number
- Description
-
The number of channels per user to be used as a threshold for channel count warnings.
unsupported.warning_thresholds.xattr_size_bytes
- Type
-
number
- Description
-
The number of bytes to be used as a threshold for xattr size limit warnings.
use_views
- Type
-
boolean
- Description
-
Force the use of views instead of GSI.
user_xattr_key
- Type
-
string
- Description
-
The key to use for the user xattr that will be accessible from the sync function. IF empty, the feature will be disabled.
username
- Type
-
string
- Description
-
The username for authenticating to the server.
view_query_timeout_secs
- Type
-
integer
- Description
-
The number of seconds before a view query should timeout.