💻CLI Parameters

Usage: t1c-api [OPTIONS]

Options:
      --log <LOG_FILTER>
          Log filter, following tokio tracing crate syntax. For example: "t1c_rust_api=info|warn|debug" [default: none,t1c_rust_api=info]
      --enable.curl
          Enables the use of CURL for DS communication (enabling NTLM or SSPI on Windows). Fallback on regular DS communication
      --disable.ds.logs
          Disable the possibility pushing logs to the configured Distribution Server
      --enable.jwt
          Enables the use of JWT validation middleware on the API server. No use cases can be performed without sending a valid JWT from the consumer request. The JWT must be issued by the configured DS
      --env <prod>
          The environment running under. Will be used upon triggering launcher use cases (restart). For example when updating SSL context [possible values: dev, acc, prod]
  -t, --reg.cycle <60>
          Amount of second to sync with the registry process [default: 60]
      --dialogs.timeout <60>
          Default timeout for dialogs (PIN, file chooser, dir chooser or other on Windows and OSX), override on API per use case possible [default: 60]
      --workers <2>
          Amount of HTTP API workers for multi-threading. Mostly the number of logical CPUs in a system, by default is set to 2 [default: 2]
      --workers.reg <2>
          Amount of HTTP REGISTRY workers for multi-threading. Mostly the number of logical CPUs in a system, by default is set to 2 [default: 2]
      --ds.cycle <28800>
          Amount of second to sync with the Distribution Service (8 hours). Upon install, restart and init DS sync will be triggered [default: 60]
      --ds.server_address <ds.t1t.io>
          Activated ONLINE mode using given Distribution Service Host. If not given, the T1C-API runs in OFFLINE mode
      --ds.api.key <api-key>
          Set the License key, by default using the packaged key. This is needed when operating with a DS for key exchange
      --ds.reg <DS_REG_FLAG>
          Enables the use of the Distribution service Registry (only in online mode) - ds.server_address MUST be provided - there is no default DS. Value of 'reg.server_address' is still needed and used to push agents for an implicit DS sync [possible values: true, false]
      --payload.size <2000>
          The amount in kilobyte of allowed body payload size. By default 2000 kilobyte: body payload of 2MB accepted. Maximum value: 50000 (50MB) [default: 2000]
  -U, --user.path <USER_PATH>
          Set the folder for user files for the {}. The device pem/cert, log files and file exchange mappings are directly available in this folder
  -r, --root.sandbox.path <ROOT_SANDBOX_PATH>
          Set the root folder for the sandbox
  -w, --root.reg.path <ROOT_REG_PATH>
          Set the root folder for the registry
  -m, --root.mock.file.path <ROOT_MOCK_FILE_PATH>
          Set the file path for the mock (hardware-less testing)
      --root.launcher.path <ROOT_LAUNCHER_PATH>
          Set the root folder for the launcher, by default uses user.path
      --launcher.bin_name <t1c-launch>
          Overwrite the default T1C Launcher binary file. By default for OSX: launchctl, WIN: t1c-launch.exe, LINUX: t1c-launch. This option only works for Windows and Linux OS as OSX is using by default launchctl
  -C, --reg.server_bin_name <t1c-reg>
          The name of the binary executable for the Registry
  -A, --grpc.server_bin_name <t1c-sandbox-service>
          The name of the binary executable for the Sandbox
  -c, --reg.server_address <localhost>
          Sets the Registry URI [default: localhost]
  -s, --api.server_address <localhost>
          Sets the API URI [default: localhost]
  -a, --grpc.server_address <localhost>
          Sets the GRPC URI [default: localhost]
      --ntlm.proxy_address <NTLM_PROXY_ADDRESS>
          Sets the IP Address of the NTLM proxy server. Disabled by default
  -x, --reg.port <51883>
          Sets the Registry port (fixed per customer) [default: 51883]
  -p, --api.port <rnd:{10000-65535}>
          Sets the API port
  -g, --grpc.port <rnd:{10000-65535}>
          Sets the GRPC port
      --dns <localhost>
          Sets DNS for the T1C (recommended that the other server addresses are set on [t1c.t1t.io]) [default: t1c.t1t.io]
      --cors <dDFjLnQxdC5pbyxsb2NhbGhvc3Q=>
          Provide a base64 encode, comma-separated list of cors origins to be provided on startup. When using a Distribution Service, the CORS is overwritten by the DS configuration
      --response.checksum
          Enabling this will add a `signature` field to the T1CResponse that should be validated by the Client using the Trust1Connector. This field is the `data` block that has been base64 encoded and then created a md5 hash of that so that it can be signed with the private key of the device. The client can then verify the signature by decrypting the md5 hash and validate if its correct
  -f
          Enables the use for the file logger
  -q
          Overrides file log and uses a console subscriber instead (tokio-console) to view the tracing logs in detail
  -y
          Enable the ability to run multiple {} instances. This is only to simulate multiple hosts in the same session. Must NOT be used in production packages
  -i, --optional.consent
          Defines if the consent can be optional or not
  -k, --insecure
          Disables security mechanisms, PIN encryption will not be done from a browser context
      --http
          Runs the API and Registry (if enabled) in HTTP mode (no mTLS)
  -z, --standalone
          Disables Registry, runs only in standalone mode without support for multi-host sessions
  -d, --debug
          Enables Debug mode (additional endpoints ex. '/decrypt' available)
      --external.storage <fs>
          Use the local filesystem or vault for storing information read from tokens, defaults using 'none' [possible values: fs, vault]
      --external.storage.path <ES_PATH>
          Absolute path as output folder for information writes, the folder path MUST be absolute and must have read/write rights. User folder by default. If not the functionality is disabled (can be requested on the info endpoint)
      --external.storage.overwrite
          Indicates to overwrite the output each time, when external storage is enabled. False when param not set (default)
      --external.storage.format <json>
          Output format to be used. User folder by default [possible values: xml, json]
      --external.storage.poll <5>
          Amount of second to poll for a new token [default: 5]
      --fix.dns.rebind
          DNS Rebind check and fix (default:false -> checks DNS resolution and asks for hosts file update - admin access)
      --fix.ssl.direct
          DNS Checks the SSL certificate on startup when enabled
  -h, --help
          Print help (see more with '--help')
  -V, --version
          Print version

Last updated