Skip to end of metadata
Go to start of metadata

API Builder 3.x is deprecated


Support for API Builder 3.x ceased on 30 April 2020. Use the v3 to v4 upgrade guide to migrate all your applications to API Builder 4.x.

Contact if you require migration assistance.


API Builder uses the configuration files in the project's conf directory to initialize the application and its connectors. Each JavaScript file in the directory should expose an object of key-value pairs. You may add any arbitrary key-value pair beside the one described below. The values will be passed to any method that is passed the API Builder configuration object.


API key values and session object are auto-generated when you create a new project.

For environment-specific configuration files, add either .development or .production to the end of the filename. For example, foo.development.js will be used for the development environment, while foo.production.js will be used for the production environment.

If multiple files set the same keys, the value from the last file loaded will be used unless it is an environment-specific file. Files are loaded based on the order returned from the operating system's readdir() method. For example, if Foo.js and foo.development.js set the same key, the value in Foo.js is used since it is not environment specific. However, if Foo.development.js and foo.development.js set the same key, the value from foo.development.js is used since it is loaded last.

You can override the configuration file settings with an environment variable. For the setting, you want to override, prefix the variable with ARROW_. For example, if you want to override the apikey setting, set the ARROW_APIKEY environment variable.


./conf/foo.js  Expand source



Configures the Admin Console. The admin object may contain the following key-value pairs:

allowedHostsArray<String>-When the application is in production, restrict access to the Admin Console to the specified hosts
disableAPIDocBooleanfalseSet to true to not display the generated API Docs. Changing the setting only works in production. Swagger is always available in dev mode.
enabledBooleantrueSet to true to enable the Admin Console.
validEmailsArray<String>developer's e-mail addressWhen the application is in production, restrict access to the Admin Console to the specified accounts.
validOrgsArray<Number>developer's organizationWhen the application is in production, restrict access to the Admin Console to the specified organizations.


Generated API key used when testing the application; that is, running the application locally.


Generated API key used when running the application in production; that is when it is deployed to AMPLIFY Runtime Services.


Location of the authorization module if APIKeyAuthType is set to plugin.

For details, see Authentication Schemes.


String value indicating the authorization type for the application. By default, it is set to basic.

For details, see Authentication Schemes.


Prefix path to use for the API requests for Models and APIs. Each endpoint you define in a Model or API will be prefixed by this value. By default, it is set to /api.


Configures body-parser middleware settings. The bodyParser object may contain the following key-value pairs:

limitNumber/String1mbSets the maximum request body size in bytes for the body parser middleware.


Configuration object to pass to the busboy constructor, which is created when the API Builder middleware is initialized. For properties, you can set, see the busboy documentation.


Configures the connectors used by the application. The connectors field is an object of key-value pairs where the key is the name of the connector and the value is another key-value pair object used to configure the connector. The configuration object is specific to each connector.

Most connectors will have their own default configuration file in the conf directory.


Configures the CORS settings. The cors object may contain the following key-value pairs:

Access-Control-Allow-OriginStringSpecifies the URI that can access the server. Defaults to none.
safeHeadersArray<String>HTTP headers to expose and allow, that is, the specified value is set for Access-Control-Expose-Headers and Access-Control-Allow-Headers.


Specify the name of the default connector. Used if a Model does not specify one.


Set to true to ignore duplicate Model definitions. Defaults to false, which will throw an error if a model definition is duplicated.


Configures the logger utility. The logging object may contain the following key-value pairs:

logdirString./logsLocation of the transaction logs if enabled
transactionLogEnabledBooleantrueSet to true to enable transaction logs


Sets the log level for the logger utility. Accepted values are debugerrorfatalinfotrace, or warn.


Sets the port number for the server if the PORT environment variable is not set. By default, the port is set to 8080.


Configures SSL settings for the server. The ssl object may contain the following key-value pairs:

portNumber8443SSL port number