Professional Documents
Culture Documents
APIServer 24.1
APIServer 24.1
Reference Guide
Includes:
Installation Guide
Administration Guide
Foundation 24.1
API Server
Documentation Notice
Information in this document is subject to change without notice. The software described in this
document is furnished only under a separate license agreement and may only be used or copied
according to the terms of such agreement. It is against the law to copy the software except as
specifically allowed in the license agreement. This document or accompanying materials may
contain certain information which is confidential information of Hyland Software, Inc. and its
affiliates, and which may be subject to the confidentiality provisions agreed to by you.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright law, no part of this document may be reproduced, stored in or introduced into
a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of Hyland
Software, Inc. or one of its affiliates.
Hyland, Hyland Experience, OnBase, Alfresco, Nuxeo, and product names are registered and/or
unregistered trademarks of Hyland Software, Inc. and its affiliates in the United States and other
countries. All other trademarks, service marks, trade names and products of other companies are the
property of their respective owners.
© 2024 Hyland Software, Inc. and its affiliates.
The information in this document may contain technology as defined by the Export Administration
Regulations (EAR) and could be subject to the Export Control Laws of the U.S. Government including
for the EAR and trade and economic sanctions maintained by the Office of Foreign Assets Control as
well as the export controls laws of your entity’s local jurisdiction. Transfer of such technology by any
means to a foreign person, whether in the United States or abroad, could require export licensing or
other approval from the U.S. Government and the export authority of your entity’s jurisdiction. You are
responsible for ensuring that you have any required approvals prior to export.
DISCLAIMER: This documentation contains available instructions for a specific Hyland product
or module. This documentation is not specific to a particular customer or industry. Hyland
customers are responsible for making their own independent assessment of the information in
this documentation. This documentation: (a) is for informational purposes only, (b) is subject to
change without notice, and (c) does not create any commitments or assurances by Hyland or its
affiliates. This documentation is provided “as is” without representation or warranty of any kind.
Hyland expressly disclaims all implied, express, or statutory warranties. Hyland’s responsibilities and
liabilities to its customers are controlled by the applicable Hyland agreement. This documentation
does not modify any agreement between Hyland and its customers.
Document Name
API Server
Department/Group
Documentation
Revision Number
Foundation 24.1
Overview
Contents
Overview....................................................................................................................................................... 1
Licensing........................................................................................................................................................ 1
Installation Guide
Installation
Requirements...............................................................................................................................................3
General Requirements....................................................................................................................... 3
Microsoft Hosting Bundle Requirements......................................................................................... 3
Hyland IdP Server...............................................................................................................................3
Licensing........................................................................................................................................................ 3
API Server Installation.............................................................................................................................. 4
Overview............................................................................................................................................. 4
Installing the API Server.................................................................................................................... 6
Verifying the Installation..................................................................................................................12
Troubleshooting........................................................................................................................................12
Internet Information Services (IIS) Considerations....................................................................... 12
Authentication Modules Besides Anonymous Authentication................................................12
WebDAV Publishing Module...................................................................................................... 13
Administration Guide
Overview
The OnBase API Server is a network server through which OnBase APIs connect to and interact
with the OnBase database. The API Server hosts various APIs which serve clients by performing
processing tasks, retrieving information from the OnBase database, and, optionally, retrieving
documents from the OnBase disk groups.
Licensing
The API Server requires no additional OnBase licensing, but OnBase modules that rely on the API
Server may require additional licensing. For licensing requirements, see the module reference guide
or help files for those modules.
Installation Guide
Foundation 24.1
Installation
Requirements
The following sections outline requirements information specific to API Server in OnBase Foundation
24.1.
General Requirements
For general requirements information that applies to both API Server and other modules, see the
sections on the following topics in the Installation Requirements manual:
• Databases Supported
• Operating System Requirements
• Microsoft .NET Framework Requirements
• Microsoft Visual C++ Requirements
• Server and Core Services Hardware Requirements
Note: Support for ASP.NET Core 2.1 on .NET Framework matches the ASP.NET Support policy for
other package-based ASP.NET frameworks. The complete list of packages covered by this policy can
be see in ASP.NET Core 2.1 Supported Packages.
The .NET Framework and Hosting Bundle is a Microsoft product. For additional installation and
configuration procedures, see the Microsoft documentation.
Licensing
See Licensing on page 1 for licensing requirements.
Note: For complete instructions on installing and configuring the Hyland IdP Server, see the
Identity and Access Management Services reference guide.
• Installing the API Server on page 6
• Configuring Hyland.Logging on page 21
Additionally, if your solution configuration requires the Temp File Service:
• Installing the Temp File Service on page 14
Note: If your solution requires the ability to upload documents, you will require the Temp File Service.
Overview
There are two methods for installing the API Server: Interactive and silent. An interactive installation
requires user interaction with dialog boxes during the installation process. A silent installation does
not require user interaction during the installation process.
Note: The installer automatically installs the ASP.Net Core Hosting Bundle v2.1.26 if it detects that it
is not cureently installed.
The installation executable validates that all prerequisites are met before proceeding with the
installation. If any missing prerequisites are identified, the installer alerts the user.
Note: The Microsoft .NET Framework prerequisite must always be installed separately before
running the installer.
For instructions on interactively installing the API Server, see Installing the API Server on page 6.
User Account Control (UAC)
If Windows User Account Control (UAC) is enabled, the installer must be run with elevated
administrator privileges, even if an administrator is currently logged on. If you are running a silent
installation, you must use a command prompt with elevated permissions.
Silent Installation
If you are running the installation executable silently from the command line you must include the /
silent command in addition to any required command-line parameters and flags, as in the following
example:
Hyland.ApiServer.Setup.exe /silent "WEB_SITE_ID=1" "APPNAME=ApiServer"
Note: You should check the return value of the process. A return value of 0(zero) indicates success.
Any other value returned may indicate that an error was encountered and the installation failed.
The following command-line parameters are available for use:
APIROOT The file path to the root folder where the API Server will be installed.
If this command-line parameter is not present, the default root folder
path is .\Program Files\Hyland\ApiServer.
APPPOOL The name of the application pool in IIS that you want to be created to
run the API Server.
If this command-line parameter is not present, the name of the default
application that is created is ApiServerAppPool.
WEB_SITE_ID The ID of the site in IIS that you want to host the API Server application.
Note: This is a required command-line parameter if the
WEB_SITE_NAME command-line parameter is not present.
WEB_SITE_NAME The name of the site in IIS that you want to host the API Server
application.
Note: This is a required command-line parameter if the WEB_SITE_ID
command-line parameter is not present.
USE_APPPOOL_IDENTITY Determines whether you want to specify the application pool identity.
The value is either true or false.
If this command-line parameter is not present, the default value is
false.
APPPOOL_USER The user name of the identity that will be used for the application pool.
Note: This is only required if the USE_APPPOOL_IDENTITY command-
line parameter is present and the value is true.
APPPOOL_USER_PASS The password of the identity that will be used for the application pool.
Note: This is only required if the USE_APPPOOL_IDENTITY command-
line parameter is present and the value is true.
CONFIGURATIONDIRECTO The directory containing the configuration files for the API Server.
RY This parameter preserves existing configuration files during repair and
upgrade installs.
REQUIRESSL Sets the Require SSL property in IIS to true if any value is provided.
SKIPCONFIGUREIIS Prevents the installer from modifying IIS if any value is provided.
Note: IIS must be configured manually if this parameter is included.
-layout This flag is used to make the API Server installer download the ASP.Net
Core Hosting Bundler installer in advance. As long as the installer is
kept next to the actual API Server installer, the local copy of the hosting
bundle installer will be used instead of attempting to download it.
5. Select a Web Site to install the API Server to from the drop-down list. The Web Site list is
populated with the web servers configured in IIS and available to the target machine.
Enter a name for the API Server in the Application Name field.
Enter a name for the application pool that will be created that you want to run the API Server in
the Application Pool field.
6. Click Next. The IIS Settings window is displayed.
7. If you want to specify the credentials of the application pool running the API Server in IIS, select
the Specify IIS Application Pool Credentials option.
Enter the user name and password of the user whose credentials you want to use for the
application pool.
Note: If your solution requires the Temp File Service and you are using a UNC storage system, the
user whose credentials you use for the application pool must have rights to the UNC shares. For
more information see Storage Systems on page 14.
9. Enter the top-level installation directory in the field provided, or click Change to browse to it.
If Change is clicked, the Change destination folder window is displayed.
Enter a folder name in the Folder name field or select it from the Look in drop-down list, then
click OK.
If the destination folder is not changed, the default location is used.
10. Click Next. The Ready to install window is displayed.
11. Click Install to install the API Server. Click Back if you want to return to the previous window.
Click Cancel if you want to exit the wizard without installing the API Server.
12. When the installer finishes installing the API Server, click Finish. Click Close to close the dialog.
13. In Windows, launch the Internet Information Services (IIS) Manager as an administrator.
Note: IIS is a Microsoft product. For more detailed instructions on using and configuring IIS
settings, see the Microsoft documentation.
14. In the tree view, expand the site under which you installed the API Server application, locate the
API Server application itself and open the Modules configuration.
Tip: Changing any of these settings in IIS Manager on the installed application will make non-
permanent changes to the web.config file of the API Server. If the API Server is modified
or upgraded using the installer, any changes made will be removed. If it is possible, it is
recommended to make these changes at the site level so that any application of that site will
inherit the configurations.
15. Ensure the following items are present in the list of modules:
• AnonymousAuthenticationModule
• AspNetCoreModule
• HttpCacheModule
• UriCacheModule
If any of these modules are not present, click Configure Native Modules...
In the Configure Native Modules dialog, locate the missing module or modules, select them,
and then click OK.
16. Browse to the config directory in your API Server's installation directory. In a default installation,
this directory is located at C:\Program Files\Hyland\ApiServer\config.
17. Open the 5_scim.json file of the API Server in a plain-text editor.
Setting Value
Authority The URL of the Hyland IdP server. For example, https://my.server.net/
identityprovider, where my.server.net is replaced with your host
domain.
Tip: Make sure the use of HTTP or HTTPS matches the configuration
of your domain in IIS.
Audience The URL of the resources directory on the Hyland IdP server. For
example, https://my.server.net/identityprovider/resources, where
my.server.net is replaced with your host domain.
Tip: Make sure the use of HTTP or HTTPS matches the configuration
of your domain in IIS.
Setting Value
DataProvider The database provider type. Set the value to SQL for SQL or ORACLE
for Oracle.
Setting Value
ConnectionString A valid connection string to the OnBase database for the database
provider type (SQL or Oracle). The connection string must include Data
Source, database, User Id, and Password information.
Tip: ADO connections strings are a method of connecting applications
to databases. Complete details on connection strings and how to
create them are available from Microsoft.
Note: Make sure you include the double-slash (\\) between the server
and the database instance to account for JSON formatting. For
example, Data Source=MyDB\\SQLInstance;
24. Save and close the file and recycle your application pool for the changes to take effect.
Troubleshooting
Internet Information Services (IIS) Considerations
Certain modules in IIS have been identified as potentially causing issues with the API Server. The
following considerations should be carefully evaluated when configuring your environment to
prepare for installing the API Server.
EP2 1.0.x
EP3 1.2.x
EP4 1.5.x
EP5 1.6.x
22.1 1.7.4
23.1 1.7.4
24.1 1.7.5
Storage Systems
The Temp File Service supports both S3 and UNC storage systems, but S3 is the recommended
storage system. S3 storage systems are more secure by limiting access to only those with
credentials, which can be limited to only the Temp File Service. However, if S3 storage systems are
not available for use, UNC can be used.
If you are using an S3 storage system, before deploying the Temp File Service you must have access
to an S3 server (server URL, access key and secret key) and a bucket therein that is not shared with
any other system.
If you are using a UNC storage system, you must have access to a UNC share that is similarly not
shared with any other system. Additionally, the user running the application pool for the API Server
must have rights to the UNC shares.
The Temp File Service can be used in a load balanced environment. To configure the Temp File
Service for such an environment, contact your first line of support.
4. After "StartupDelaySeconds" :, enter the number of seconds you want the Cleanup
Processor to wait before processing after the Temp File Service restarts.
By default, this option is set to 0 seconds.
5. After "RunDelaySeconds" :, enter the number of seconds you want the Cleanup Processor to
wait between each time it runs.
By default, this option is set to 300 seconds.
6. After "ErrorBehavior" :, enter one of the following options for how the processor should
behave when an error occurs:
• Enter LogAndContinue to have the processor log the error and wait the amount of time
configured in the RunDelaySeconds option before continuing.
• Enter HaltProcessor to have the processor stop running entirely when it encounters an error.
By default, this option is set to LogAndContinue.
7. Save the configuration file.
If the API Server was installed in the default directory, the following command can be used:
If you use Oracle database, the use of quoted identifiers will cause all identifiers to be case sensitive.
This means that the hsitempfile user must be created as "hsitempfile", including the double
quotation marks, or the migration will not recognize it.
To configure this password, execute the following command, with [path to 5_tempfs.json]
replaced with the path to the 5_tempfs.json file and [my_password_here] replaced with the
password:
Note: Once this command is run, the password is encrypted using the Windows DPAPI.
Note: The Set Active Storage System options for TempFS are part of the storage system that
needs to be set as the active storage system. TempFS offers various types of storage classes
which consumes software. Currently, OnBase software only supports short-term storage. The --
mid-term and –cache options exist for developers if they know they need to set them and any
additional requirements or configurations. The proper choices for OnBase would be Short-Term
Storage = TRUE, and Mid-Term and Cache Storage Systems = FALSE.
Note: The returned and displayed ID is needed for the other commands.
• Update: This command is used to update the settings of an existing storage system. For
example: TempFileService.Configuration.exe storage-scriptable update --id
7 --type S3 --url http://localhost:9000 --bucket user-bucket --access-
key manager --secret-key password --force-http --force-path --tenant
MyTenantNameHere --json-config M:\TEMPFS\5_tempfs.json
• Delete: This command is used to delete an existing storage system. For example:
TempFileService.Configuration.exe storage-scriptable delete --id 6 --tenant
MyTenantNameHere --json-config M:\TEMPFS\5_tempfs.json
• Set Active: This command sets the specified storage system as the active system. For example:
TempFileService.Configuration.exe storage-scriptable set-active --id 7 --
short-term --mid-term --cache --tenant MyTenantNameHere --json-config M:
\TEMPFS\5_tempfs.json
During configuration, scriptable configuration should be used to configure tenant storage methods
using the Add command and set the active storage system using the Set Active command. For most
other uses, scriptable configuration should only be used by advanced users. For additional guidance,
contact your first line of support.
Administration Guide
Foundation 24.1
API Server Logging
Configuring Hyland.Logging
A Hyland.Logging section is available in the 0_logging.json file. This section controls diagnostics
logging for the API Server.
4. In the section for the route you are configuring, ensure that a Minimum-Level attribute is
included. Add the attribute if it does not already exist. For example:
Note: Depending on the application, this attribute might be included by default but commented
out. Remove the /* and */ from the line to uncomment the line.
5. To refine the severity of messages being received by the diagnostics route, you can edit the
attribute for minimum and maximum logging levels:
• The Minimum-Level attribute limits the lowest-severity log level that is received.
• You can add a Maximum-Level attribute, which limits the highest-severity log level that is
received.
• The values for these attributes can be set to any of the following log level severities, listed
from most severe to least severe.
Error Logs that highlight when the current flow of execution is stopped due to
a failure. These logs indicate a failure in the current activity, but not an
application-wide failure.
Debug Logs that are used for interactive investigation during development.
Trace Logs that contain the most detailed messages and may include sensitive
data. These logs should never be enabled in a production environment.
None A logging category that does not write any logging messages.
For example, a route in the .json file could be edited to include the following attributes:
"Minimum-Level": "Debug",
"Maximum-Level": "Error"
This example specifies that the logging route only receives logging messages with a severity
level of Debug or above, and it receives no messages with a higher severity level than Error.
Note: The default severity level of a route is a minimum of Information and a maximum
of Critical. The route uses these severity levels if it does not include a Minimum-Level or
Maximum-Level line specified in the .json file.
6. Save the file and restart the application.
Interval Description
8. Set the "FileRollOnSize" attribute to "true" or "false" to limit log files based on size. If set to
"true", a new log file to be created when the current log file reaches the configured size limit.
9. Set the "FileCountLimit" attribute to the number of log files to be kept before older files are
deleted. If you do not want to delete older files, you can set the value to "null".
10. Set the "FileByteLimit" attribute to the maximum size in bytes a log file can be before creating a
new file. This attribute is only active if "FileRollOnSize" is set to "true".
11. Save the file and close the text editor.
12. Reset the application.
"TruncateLogValues": "NUMBER"
4. Replace "NUMBER" with the desired length for log entries in characters in quotation marks. For
example, replacing "NUMBER" with "20" will truncate all messages at 20 characters in length.
5. Save the file and close the text editor.
6. Reset the API Server.
Note: Decryption of configuration values encrypted by the Hyland Application Settings Utility is
not supported for all modules or applications. If you encrypt values in a configuration file for an
unsupported application, that application will not be able to decrypt the values at runtime.
Overview
This section explains how use the Hyland Application Settings Utility. For more information on how
to acquire the utility, contact your first line of support.
To deploy the Hyland Application Settings Utility, unpackage the files in the release package by
extracting them to a location in your environment. You can then use the command line from that
location to execute the commands for the utility.
The following commands are available:
Command Description
write Writes a specified property value to a JSON configuration file. You can also
encrypt the property value with this command.
See Writing a Value in a JSON File on page 26.
read Reads a specified property value in a JSON configuration file and returns it in the
command-line console output. You can also decrypt an encrypted property value
with this command.
See Reading a Value in a JSON File on page 27.
help Returns a list of available commands and a short description of each command.
You can add a command after the help command to return a list of the
parameters used by that command.
For example, the following command returns a list of the parameters for the write
command:
Hyland.Application.Settings.Utility.exe help write
version Returns the full name and version number of the Hyland Application Settings
Utility.
CAUTION: Be very careful when updating the JSON configuration files. If a copy exists with a similar
naming scheme (for example, appsettings.backup.json), and that copy is not deleted, the incorrect
JSON configuration file may be used. Configuration files are read in lexicographic order, or the order
in which they are loaded. This means that the last file saved is the first file loaded. The order of
precedence for the loading of the configuration sources is: 1) appsettings.json file, 2) appsettings.
{AltName}.json file, 3) Key-per-file directories, 4) Environment variables, and 5) Command Line
arguments. As a result, if a JSON configuration file is configured with an alternate name, and is the
most recently saved version of the JSON configuration file, the file with the alternate name will take
precedence, which causes major errors during login.
Note the following considerations:
• If a value already exists for the specified property, the write command overwrites the existing
value. This is true regardless of whether the original value is plain text or encrypted.
• If you are encrypting a value, the configuration file must remain in the location specified in the
parameters for the write command. If the file is moved after the value is encrypted, the value
cannot be decrypted by the utility or the supported application.
The write command is executed by appending parameters to the
Hyland.Application.Settings.Utility.exe write command. The following parameters are available:
--applicationRoot -a The path to the directory that contains the application Yes
using the configuration file.
For example:
-a C:\repo\application
--file The file name of the JSON configuration file. If the file is Yes
located in a subdirectory of the location specified in the --
applicationRoot parameter, also include the relative path
to the file.
For example:
--file config\appsettings.json
--property -p The name of the property to write. For nested properties, Yes
use a colon (:) delimiter.
For example, where a property called masterDB contains
a sub-property called ConnectionString, to which you
want to write a value:
-p masterDB:ConnectionString
Required and optional parameters are added to the write command line, as shown in this example:
Note: If a parameter value includes spaces, you must enclose the entire value in quotation marks.
For example, if using the -a parameter to point to the path C:\Program Files\App, the full parameter
and value would be: -a "C:\Program Files\App"
If the --force parameter is not used, the property passed in must already exist in the file. If the --
force parameter is used, then the property passed in does not need to already exist.
If the property exists, --force will write the property value to the configuration file. If the property
does not exist, --force will create the configuration sections for the property value and write the
value to the configuration file.
If you are using the write command to write a property value in an array, you must use the proper
index to refer to an element in the array. See Writing and Reading Array Elements on page 29 for
more information.
--applicationRoot -a The path to the directory that contains the application Yes
using the configuration file.
For example:
-a C:\repo\application
--file The file name of the JSON configuration file. If the file is Yes
located in a subdirectory of the location specified in the --
applicationRoot parameter, also include the relative path
to the file.
For example:
--file config\appsettings.json
--property -p The name of the property to return. For nested properties, Yes
use a colon (:) delimiter.
For example, where a property called masterDB contains
a sub-property called ConnectionString, from which you
want to read a value:
-p masterDB:ConnectionString
Required and optional parameters are added to the read command line, as shown in this example:
Note: If a parameter value includes spaces, you must enclose the entire value in quotation marks.
For example, if using the -a parameter to point to the path C:\Program Files\App, the full parameter
and value would be: -a "C:\Program Files\App"
If you are using the read command to return a property value in an array, you must use the proper
index to refer to an element in the array. See Writing and Reading Array Elements on page 29 for
more information.
Scenario Index
Creating a new array When creating a new array, the element is added to the first position of
the array.
The first element is in the n=1 position, and it has an index of 0.
Adding to an array When adding an element to an array, the new element is added to the
last position in the array.
For example, if an array has five elements and a new element is added,
it is added to the sixth position (n=6), and it has an index of 5.
In the following example JSON configuration, the Certs array contains two elements, representing
multiple Thumbprint properties. The first element in the array has an index of 0, and the second
element has an index of 1.
In this example, the following write command can be used to encrypt and write the value
myCertThumbprint to the first Thumbprint element:
Similarly, the following read command can be used to decrypt and return the value in the first
Thumbprint element:
In either command, you could use either Certs[0] or Certs:0 in the -p parameter to reference the
first element in the Certs array and the Thumbprint property in that element. To write or read the
values of any other array elements, update the array index number to point to the element you want
to reference.
To create a new element in an array, you must use the --force parameter. In the previous JSON
example, only indexes 0 and 1 exist, so the new element will be created with an index of 2. The
following command demonstrates how to force-create and encrypt the value of myCertThumbprint
in a new element in the array:
In all of the example commands above, Thumbprint is appended after the index reference to
designate which parameter in the element is being set or retrieved, as an element can be a single
field or a collection of fields. If a specific parameter within the referenced element is not designated
while using the --force parameter, the entire element will be overwritten.