💻CLI Parameters

Trust1Team <development@trust1team.com>
An API for the Connector

USAGE:
    t1c-api [OPTIONS]

OPTIONS:
    -a, --grpc.server_address <localhost>
            Sets the GRPC URI.

    -A, --grpc.server_bin_name <t1c-sandbox-service>
            The name of the binary executable for the Sandbox

    -c, --reg.server_address <localhost>
            Sets the Registry URI.

    -C, --reg.server_bin_name <t1c-reg>
            The name of the binary executable for the Registry

        --cors <cors>
            Provide a base64 encode, comma-separated list of cors origins to be provided on startup.
            When using a Distribution Service, the CORS is overwritten by the DS configuration.

    -d, --debug
            Enables Debug mode (additional endpoints ex. '/decrypt' available)

        --dialogs.timeout <60>
            Default timeout for dialogs (PIN, file chooser, dir chooser or other on Windows and
            OSX), override on API per use case possible

        --disable.ds.logs
            Disable the possibility pushing logs to the configured Distribution Server.

        --dns <t1c.t1t.io>
            Sets DNS for the T1C (recommended that the other server addresses are set on
            [localhost]).

        --ds.api.key <ds.api.key>
            Set the License key, by default using the packaged key. This is needed when operating
            with a DS for key exchange

        --ds.cycle <28800>
            Amount of second to sync with the Distribution Service (8 hours). Upon install, restart
            and init DS sync will be triggered.

        --ds.reg
            Enables the use of the Distribution service Registry (only in online mode) -
            ds.server_address MUST be provided - there is no default DS. Value of
            'reg.server_address' is still needed and used to push agents for an implicit DS sync

        --ds.server_address <ds.t1t.io>
            Activated ONLINE mode using given Distribution Service Host. If not given, the T1C-API
            runs in OFFLINE mode

        --enable.curl
            Enables the use of CURL for DS communication (enabling NTLM or SSPI on Windows).
            Fallback on regular DS communication.

        --enable.jwt
            Enables the use of JWT validation middleware on the API server. No use cases can be
            performed without sending a valid JWT from the consumer request. The JWT must be issued
            by the configured DS.

        --env <prod>
            The environment running under. Will be used upon triggering launcher use cases
            (restart). For example when updating SSL context. [possible values: dev, acc, prod]

        --external.storage <external.storage>
            Use the local filesystem or vault for storing information read from tokens, defaults
            using 'none' [possible values: fs, vault, none]

        --external.storage.format <external.storage.format>
            Output format to be used. User folder by default [possible values: xml, json]

        --external.storage.overwrite
            Indicates to overwrite the output each time, when external storage is enabled. False
            when param not set (default)

        --external.storage.path <external.storage.path>
            Absolute path as output folder for information writes, the folder path MUST be absolute
            and must have read/write rights. User folder by default. If not the functionality is
            disabled (can be requested on the info endpoint).

    -f
            Enables the use for the file logger <logs/t1c-api.log>

    -g, --grpc.port <rnd:{10000-65535}>
            Sets the GRPC port.

    -h, --help
            Print help information

        --http
            Runs the API and Registry (if enabled) in HTTP mode (no mTLS)

    -i, --optional.consent
            Defines if the consent can be optional or not

    -k, --insecure
            Disables security mechanisms, PIN encryption will not be done from a browser context

        --launcher.bin_name <t1c-launch>
            Overwrite the default T1C Launcher binary file. By default for OSX: launchctl, WIN:
            t1c-launch.exe, LINUX: t1c-launch. This option only works for Windows and Linux OS as
            OSX is using by default launchctl.

    -m, --root.mock.file.path <mock_values.json>
            Set the file path for the mock (hardware-less testing).

        --ntlm.proxy_address <ntlm.proxy_address>
            Sets the IP Address of the NTLM proxy server. Disabled by default

    -p, --api.port <rnd:{10000-65535}>
            Sets the API port

        --payload.size <2000>
            The amount in kilobyte of allowed body payload size. By default 2000 kilobyte: body
            payload of 2MB accepted. Maximum value: 50000 (50MB)

    -r, --root.sandbox.path <root.sandbox.path>
            Set the root folder for the sandbox.

        --response.checksum
            Enabling this will add a `signature` field to the T1CResponse that should be validated
            by the Client using the Trust1Connector. This field is the `data` block that has been
            base64 encoded and then created a md5 hash of that so that it can be signed with the
            private key of the device. The client can then verify the signature by decrypting the
            md5 hash and validate if its correct.

        --root.launcher.path <root.launcher.path>
            Set the root folder for the launcher, by default uses user.path.

    -s, --api.server_address <localhost>
            Sets the API URI.

    -t, --reg.cycle <60>
            Amount of second to sync with the registry process

    -U, --user.path <user.path>
            Set the folder for user files for the t1c-api. The device pem/cert, log files and file
            exchange mappings are directly available in this folder.

    -V, --version
            Print version information

    -w, --root.reg.path <root.reg.path>
            Set the root folder for the registry.

        --workers <2>
            Amount of HTTP API workers for multi-threading. Mostly the number of logical CPUs in a
            system, by default is set to 2.

        --workers.reg <2>
            Amount of HTTP REGISTRY workers for multi-threading. Mostly the number of logical CPUs
            in a system, by default is set to 2.

    -x, --reg.port <51883>
            Sets the Registry port (fixed per customer).

    -y
            Enable the ability to run multiple {} instances. This is only to simulate multiple hosts
            in the same session. Must NOT be used in production packages.

    -z, --standalone
            Disables Registry, runs only in standalone mode without support for multi-host sessions

Last updated