Page Contents


Define application server-side settings in /server/config.json. For example here are the default settings:


  "restApiRoot": "/api",
  "host": "",
  "port": 3000,
  "remoting": {
    // See below

Top-level properties

The following table describes the properties you can configure.

Property Description Default
aclErrorStatus When an authenticated user is denied access because of an ACL, by default the application returns HTTP error status code 401 unauthorized. If you want instead to return 403 (forbidden) set the value here. This may be required, for example, when using an AngularJS interceptor to differentiate between the need to show an access denied/request access page instead of a login dialog. Can also set this in the Model definition JSON file to define per-model. 401
host Host or IP address used to create the Node HTTP server. If a request comes to a different host or IP address, then the application won't accept the connection. See server.listen() for more information.
legacyExplorer Set to false to disable old routes /models and /routes that are exposed, but no longer used by API Explorer; use true or omit the option to keep them enabled. true
port TCP port to use. 3000
remoting See Remoting properties below. N/A
restApiRoot Root URI of REST API /api

To access the settings in application code, use app.get('property-name').

You can also retrieve Express app object properties with this method. See app.get() in Express documentation for more information.

Remoting properties

Properties under the remoting top-level property determine how the application performs remote operations using strong-remoting; for example:

"remoting": {
  "context": false,
  "rest": {
    "normalizeHttpPath": false,
    "xml": false,
    "handleErrors": false
  "json": {
    "strict": false,
    "limit": "100kb"
  "urlencoded": {
    "extended": true,
    "limit": "100kb"
  "cors": false

The following table describes the remoting properties. For more information on error-handler properties, see Using strong-error-handler.

Property Type Description Default
cors Boolean If false, use the CORS settings in middleware.json. false
context Boolean Advanced feature. For more information, see Using current context. false
errorHandler Object Configuration passed to the strong-error-handler middleware injected by strong-remoting when rest.handleErrors is set true. This is typically not used, as the error handler is more commonly configured via middleware config. See Using strong-error-handler false
json.limit String Maximum request body size. You can set other JSON propertis as well; see body-parser.json(). 100kb
json.strict Boolean Parse only objects and arrays. You can set other JSON propertis as well; see body-parser.json(). false
Boolean If true, then the REST adapter handles all errors by sending back a JSON-formatted error response. If false, then errors are passed to the top-level application error-handler. This is often set to false to allow for error handling middleware to be set up and configured via the app's middleware config. true
Boolean If true, in HTTP paths, converts:
  • Uppercase letters to lowercase.
  • Underscores (_) to dashes (-).
  • CamelCase to dash-delimited.

Does not affect placeholders (for example ":id").

For example, "MyClass" or "My_class" becomes "my-class".

Boolean If true, then the REST adapter emits a 404 error for unknown paths. The REST error handler or the application error handler then handle this error. See rest.handleErrors above. If false, then the REST adapter delegates handling unknown paths to the top-level application by calling next(). true
Array List of content types that the API supports in HTTP responses. The response type will match that specified in the HTTP request "accepts" header, if it is in this list of supported types. If this property is set, then rest.xml is ignored.

NOTE: 'application/vnd.api-json' is supported, but is not one of the default types.
rest.xml Boolean If true, then 'xml' is added to the supported content types. Then, the API will then respond with XML when the HTTP request "accepts" type contains 'xml'. false
Boolean Parse extended syntax with the qs module. For more information, see bodyParser.urlencoded(). true
urlencoded.limit String Maximum request body size. For more information, see bodyParser.urlencoded(). 100kb

Environment-specific settings

You can override values that are set in config.json in:

  • config.local.js or config.local.json
  • config._env_.js or config._env_.json, where env is the value of NODE_ENV (typically development or production); so, for example config.production.json.

For example:


module.exports = {
  host: process.env.CUSTOM_HOST,
  port: process.env.CUSTOM_PORT

For more information, see Environment-specific configuration.