💻CLI Parameters
Trust1Team <development@trust1team.com>
An API for the Connector
USAGE:
t1c-api [OPTIONS]
OPTIONS:
-a, --grpc.server_address <localhost>
Sets the GRPC URI.
-A, --grpc.server_bin_name <t1c-sandbox-service>
The name of the binary executable for the Sandbox
-c, --reg.server_address <localhost>
Sets the Registry URI.
-C, --reg.server_bin_name <t1c-reg>
The name of the binary executable for the Registry
--cors <cors>
Provide a base64 encode, comma-separated list of cors origins to be provided on startup.
When using a Distribution Service, the CORS is overwritten by the DS configuration.
-d, --debug
Enables Debug mode (additional endpoints ex. '/decrypt' available)
--dialogs.timeout <60>
Default timeout for dialogs (PIN, file chooser, dir chooser or other on Windows and
OSX), override on API per use case possible
--disable.ds.logs
Disable the possibility pushing logs to the configured Distribution Server.
--dns <t1c.t1t.io>
Sets DNS for the T1C (recommended that the other server addresses are set on
[localhost]).
--ds.api.key <ds.api.key>
Set the License key, by default using the packaged key. This is needed when operating
with a DS for key exchange
--ds.cycle <28800>
Amount of second to sync with the Distribution Service (8 hours). Upon install, restart
and init DS sync will be triggered.
--ds.reg
Enables the use of the Distribution service Registry (only in online mode) -
ds.server_address MUST be provided - there is no default DS. Value of
'reg.server_address' is still needed and used to push agents for an implicit DS sync
--ds.server_address <ds.t1t.io>
Activated ONLINE mode using given Distribution Service Host. If not given, the T1C-API
runs in OFFLINE mode
--enable.curl
Enables the use of CURL for DS communication (enabling NTLM or SSPI on Windows).
Fallback on regular DS communication.
--enable.jwt
Enables the use of JWT validation middleware on the API server. No use cases can be
performed without sending a valid JWT from the consumer request. The JWT must be issued
by the configured DS.
--env <prod>
The environment running under. Will be used upon triggering launcher use cases
(restart). For example when updating SSL context. [possible values: dev, acc, prod]
--external.storage <external.storage>
Use the local filesystem or vault for storing information read from tokens, defaults
using 'none' [possible values: fs, vault, none]
--external.storage.format <external.storage.format>
Output format to be used. User folder by default [possible values: xml, json]
--external.storage.overwrite
Indicates to overwrite the output each time, when external storage is enabled. False
when param not set (default)
--external.storage.path <external.storage.path>
Absolute path as output folder for information writes, the folder path MUST be absolute
and must have read/write rights. User folder by default. If not the functionality is
disabled (can be requested on the info endpoint).
-f
Enables the use for the file logger <logs/t1c-api.log>
-g, --grpc.port <rnd:{10000-65535}>
Sets the GRPC port.
-h, --help
Print help information
--http
Runs the API and Registry (if enabled) in HTTP mode (no mTLS)
-i, --optional.consent
Defines if the consent can be optional or not
-k, --insecure
Disables security mechanisms, PIN encryption will not be done from a browser context
--launcher.bin_name <t1c-launch>
Overwrite the default T1C Launcher binary file. By default for OSX: launchctl, WIN:
t1c-launch.exe, LINUX: t1c-launch. This option only works for Windows and Linux OS as
OSX is using by default launchctl.
-m, --root.mock.file.path <mock_values.json>
Set the file path for the mock (hardware-less testing).
--ntlm.proxy_address <ntlm.proxy_address>
Sets the IP Address of the NTLM proxy server. Disabled by default
-p, --api.port <rnd:{10000-65535}>
Sets the API port
--payload.size <2000>
The amount in kilobyte of allowed body payload size. By default 2000 kilobyte: body
payload of 2MB accepted. Maximum value: 50000 (50MB)
-r, --root.sandbox.path <root.sandbox.path>
Set the root folder for the sandbox.
--response.checksum
Enabling this will add a `signature` field to the T1CResponse that should be validated
by the Client using the Trust1Connector. This field is the `data` block that has been
base64 encoded and then created a md5 hash of that so that it can be signed with the
private key of the device. The client can then verify the signature by decrypting the
md5 hash and validate if its correct.
--root.launcher.path <root.launcher.path>
Set the root folder for the launcher, by default uses user.path.
-s, --api.server_address <localhost>
Sets the API URI.
-t, --reg.cycle <60>
Amount of second to sync with the registry process
-U, --user.path <user.path>
Set the folder for user files for the t1c-api. The device pem/cert, log files and file
exchange mappings are directly available in this folder.
-V, --version
Print version information
-w, --root.reg.path <root.reg.path>
Set the root folder for the registry.
--workers <2>
Amount of HTTP API workers for multi-threading. Mostly the number of logical CPUs in a
system, by default is set to 2.
--workers.reg <2>
Amount of HTTP REGISTRY workers for multi-threading. Mostly the number of logical CPUs
in a system, by default is set to 2.
-x, --reg.port <51883>
Sets the Registry port (fixed per customer).
-y
Enable the ability to run multiple {} instances. This is only to simulate multiple hosts
in the same session. Must NOT be used in production packages.
-z, --standalone
Disables Registry, runs only in standalone mode without support for multi-host sessions
Last updated