Skip to main content

Admin panel configuration

The /config/admin file is used to define the admin panel configuration for the Strapi application.

The present page acts as a reference for all the configuration parameters and values that you can find in the /config/admin file, grouped by topic. For additional information on how each feature works, please refer to links given in the introduction of each sub-section.

Admin panel behavior

The admin panel behavior can be configured with the following parameters:

ParameterDescriptionTypeDefault
autoOpenEnable or disable administration opening on start.booleantrue
watchIgnoreFilesAdd custom files that should not be watched during development.

See more here (property ignored).
array(string)[]
serveAdminPanelIf false, the admin panel won't be served.

Note: the index.html will still be served
booleantrue
config/admin vs. src/admin/app configurations

Some UI elements of the admin panel must be configured in the src/admin/app file:

Tutorial videos
To disable the information box containing the tutorial videos, set the config.tutorials key to false.

Releases notifications
To disable notifications about new Strapi releases, set the config.notifications.releases key to false.

/src/admin/app.js
const config = {
// … other customization options go here
tutorials: false,
notifications: { releases: false },
};

export default {
config,
};

Admin panel server

By default, Strapi's admin panel is exposed via http://localhost:1337/admin. For security reasons, the host, port, and path can be updated.

The server configuration for the admin panel can be configured with the following parameters:

ParameterDescriptionTypeDefault
urlPath to access the admin panel. If the URL is relative, it will be concatenated with the server URL.

Example: /dashboard makes the admin panel accessible at http://localhost:1337/dashboard.
string/admin
hostHost for the admin panel server.stringlocalhost
portPort for the admin panel server.string8000
Note

If you add a path to the url option, it won't prefix your application. To do so, use a proxy server like Nginx (see optional software deployment guides).

Update the admin panel's path only

To make the admin panel accessible at another path, for instance at http://localhost:1337/dashboard, define or update the url property:

/config/admin.js
module.exports = ({ env }) => ({
// … other configuration properties
url: "/dashboard",
});

Since by default the back-end server and the admin panel server run on the same host and port, only updating the config/admin file should work if you left the host and port property values untouched in the back-end server configuration file.

Update the admin panel's host and port

If the admin panel server and the back-end server are not hosted on the same server, you will need to update the host and port of the admin panel. For example, to host the admin panel on my-host.com:3000:

/config/admin.js
module.exports = ({ env }) => ({
host: "my-host.com",
port: 3000,
// Additionally you can define another path instead of the default /admin one 👇
// url: '/dashboard'
});

Deploy on different servers

Unless you chose to deploy Strapi's back-end server and admin panel server on different servers, by default:

  • The back-end server and the admin panel server both run on the same host and port (http://localhost:1337/)
  • The admin panel is accessible at the /admin path while the back-end server is accessible at the /api path

To deploy the admin panel and the back-end on completely different servers, you need to configure both the server (/config/server) and admin panel (/config/admin-panel) configurations.

The following example setup allows you to serve the admin panel from one domain while the API runs on another:

/config/server.js
module.exports = ({ env }) => ({
host: env("HOST", "0.0.0.0"),
port: env.int("PORT", 1337),
url: "http://yourbackend.com",
});
/config/admin.js
module.exports = ({ env }) => ({
/**
* Note: The administration will be accessible from the root of the domain
* (ex: http://yourfrontend.com/)
*/
url: "/",
serveAdminPanel: false, // http://yourbackend.com will not serve any static admin files
});

With this configuration:

  • The admin panel will be accessible at http://yourfrontend.com
  • All API requests from the panel will be sent to http://yourbackend.com
  • The backend server will not serve any static admin files due to serveAdminPanel: false

API tokens

The API tokens feature can be configured with the following parameters:

ParameterDescriptionTypeDefault
apiToken.saltSalt used to generate API tokensstringRandom string
apiToken.secrets.encryptionKeyEncryption key used to set API tokens visibility in the admin panelstringRandom string

Audit logs

The Audit Logs feature can be configured with the following parameters:

ParameterDescriptionTypeDefault
auditLogs.enabledEnable or disable the Audit Logs featurebooleantrue
auditLogs.retentionDaysHow long Audit Logs are kept, in days.

The behavior differs for self-hosted vs. Strapi Cloud customers, see the note under the table.
integer90
Retention days for self-hosted vs. Strapi Cloud users

For Strapi Cloud customers, the auditLogs.retentionDays value stored in the license information is used, unless a smaller retentionDays value is defined in the config/admin.js|ts configuration file.

Authentication

The authentication system, including SSO configuration, can be configured with the following parameters:

ParameterDescriptionTypeDefault
authAuthentication configurationobject-
auth.secretSecret used to encode JWT tokensstringundefined
auth.domainDomain used within the cookie for SSO authentication EnterpriseThis feature is available with an Enterprise plan. SSOThis feature is available with the SSO add-on.)stringundefined
auth.providersList of authentication providers used for SSOarray(object)-
auth.optionsOptions object passed to jsonwebtokenobject-
auth.options.expiresInJWT expire time used in jsonwebtokenobject30d
auth.eventsRecord of all the events subscribers registered for the authenticationobject{}
auth.events.onConnectionSuccessFunction called when an admin user log in successfully to the administration panelfunctionundefined
auth.events.onConnectionErrorFunction called when an admin user fails to log in to the administration panelfunctionundefined

Feature flags

The feature flags can be configured with the following parameters:

ParameterDescriptionTypeDefault
flagsSettings to turn certain features or elements of the admin on or offobject
flags.npsEnable/Disable the Net Promoter Score popupbooleantrue
flags.promoteEEEnable/Disable the promotion of Strapi Enterprise featuresbooleantrue

Forgot password

The forgot password functionality, including email templating, can be configured with the following parameters:

ParameterDescriptionTypeDefault
forgotPasswordSettings to customize the forgot password emailobject
forgotPassword.emailTemplateEmail template as defined in email pluginobjectDefault template
forgotPassword.fromSender mail addressstringDefault value defined in
your provider configuration
forgotPassword.replyToDefault address or addresses the receiver is asked to reply tostringDefault value defined in
your provider configuration

Rate limiting

The rate limiting for the admin panel's authentication endpoints can be configured with the following parameters. Additional configuration options come from the koa2-ratelimit package:

ParameterDescriptionTypeDefault
rateLimitSettings to customize the rate limiting of the admin panel's authentication endpointsobject
rateLimit.enabledEnable or disable the rate limiterbooleantrue
rateLimit.intervalTime window for requests to be considered as part of the same rate limiting bucketobject{ min: 5 }
rateLimit.maxMaximum number of requests allowed in the time windowinteger5
rateLimit.delayAfterNumber of requests allowed before delaying responsesinteger1
rateLimit.timeWaitTime to wait before responding to a request (in milliseconds)integer3000
rateLimit.prefixKeyPrefix for the rate limiting keystring${userEmail}:${ctx.request.path}:${ctx.request.ip}
rateLimit.whitelistArray of IP addresses to whitelist from rate limitingarray(string)[]
rateLimit.storeRate limiting storage location (Memory, Sequelize, or Redis). For more information see the koa2-ratelimit documentationobjectMemoryStore

Transfer tokens

Transfer tokens for the Data transfer feature can be configured with the following parameters:

ParameterDescriptionTypeDefault
transfer.token.saltSalt used to generate Transfer tokens.

If no transfer token salt is defined, transfer features will be disabled.
stringa random string
Retention days for self-hosted vs. Strapi Cloud users

For Strapi Cloud customers, the auditLogs.retentionDays value stored in the license information is used, unless a smaller retentionDays value is defined in the config/admin.js|ts configuration file.

Configuration examples

The /config/admin file should at least include a minimal configuration with required parameters for authentication and API tokens. Additional parameters can be included for a full configuration.

Note

Environmental configurations (i.e. using the env() helper) do not need to contain all the values so long as they exist in the default /config/server.

The default configuration created with any new project should at least include the following:

/config/admin.js
module.exports = ({ env }) => ({
apiToken: {
salt: env('API_TOKEN_SALT', 'someRandomLongString'),
},
auditLogs: { // only accessible with an Enterprise plan
enabled: env.bool('AUDIT_LOGS_ENABLED', true),
},
auth: {
secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
},
transfer: {
token: {
salt: env('TRANSFER_TOKEN_SALT', 'anotherRandomLongString'),
}
},
});