# Admin panel configuration

The ./config/admin.js is used to define admin panel configuration for the Strapi application.

# Available options

The ./config/admin.js file can include the following parameters:

Parameter Description Type Default
apiToken.salt Salt used to generate API tokens string Random string
auth Authentication configuration object -
auth.secret Secret used to encode JWT tokens string undefined
auth.options Options object passed to jsonwebtoken (opens new window) object -
auth.options.expiresIn JWT expire time used in jsonwebtoken (opens new window) object 30d
auth.events Record of all the events subscribers registered for the authentication object {}
auth.events.onConnectionSuccess Function called when an admin user log in successfully to the administration panel function undefined
auth.events.onConnectionError Function called when an admin user fails to log in to the administration panel function undefined
url Url of your admin panel. Default value: /admin. Note: If the url is relative, it will be concatenated with url. string /admin
autoOpen Enable or disabled administration opening on start. boolean true
watchIgnoreFiles Add custom files that should not be watched during development. See more here (opens new window) (property ignored). array(string) []
host Use a different host for the admin panel. Only used along with strapi develop --watch-admin string localhost
port Use a different port for the admin panel. Only used along with strapi develop --watch-admin string 8000
serveAdminPanel If false, the admin panel won't be served. Note: the index.html will still be served, see defaultIndex option boolean true
forgotPassword Settings to customize the forgot password email (see Forgot Password Email) object {}
forgotPassword.emailTemplate Email template as defined in email plugin object Default template (opens new window)
forgotPassword.from Sender mail address string Default value defined in your provider configuration
forgotPassword.replyTo Default address or addresses the receiver is asked to reply to string Default value defined in your provider configuration
rateLimit Settings to customize the rate limiting of the admin panel's authentication endpoints, additional configuration options come from koa2-ratelimit (opens new window) object {}
rateLimit.enabled Enable or disable the rate limiter boolean true
rateLimit.interval Time window for requests to be considered as part of the same rate limiting bucket object { min: 5 }
rateLimit.max Maximum number of requests allowed in the time window integer 5
rateLimit.delayAfter Number of requests allowed before delaying responses integer 1
rateLimit.timeWait Time to wait before responding to a request (in milliseconds) integer 3000
rateLimit.prefixKey Prefix for the rate limiting key string ${userEmail}:${ctx.request.path}:${ctx.request.ip}
rateLimit.whitelist Array of IP addresses to whitelist from rate limiting array(string) []
rateLimit.store Rate limiting storage location (Memory, Sequelize, or Redis) and for more information please see the koa2-ratelimit documentation (opens new window) object MemoryStore

# Configurations

The ./config/admin.js file should at least include a minimal configuration with required parameters for authentication and API tokens. Additional parameters can be included for a full configuration.


Environmental configurations (i.e. using the env() helper) do not need to contain all the values so long as they exist in the default ./config/server.js.