Admin panel configuration

The ./config/admin.js is used to define admin panel configuration for the Strapi application. This file should at least include configurations for authentication and API tokens.

Minimal configuration

The default configuration created with any new project should at least include the following:

// path: ./config/admin.js

module.exports = ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
  auth: {
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
})

Full configuration

// path: ./config/admin.js

module.exports = ({ env }) => ({
  apiToken: {
    salt: env('API_TOKEN_SALT', 'someRandomLongString'),
  },
  auth: {
    events: {
      onConnectionSuccess(e) {
        console.log(e.user, e.provider);
      },
      onConnectionError(e) {
        console.error(e.error, e.provider);
      },
    },
    secret: env('ADMIN_JWT_SECRET', 'someSecretKey'),
  },
  url: env('PUBLIC_ADMIN_URL', '/dashboard'),
  autoOpen: false,
  watchIgnoreFiles: [
    './my-custom-folder', // Folder
    './scripts/someScript.sh', // File
  ],
  host: 'localhost', // Only used for --watch-admin
  port: 8003, // Only used for --watch-admin
  serveAdminPanel: env.bool('SERVE_ADMIN', true),
  forgotPassword: {
    from: 'no-reply@example.com',
    replyTo: 'no-reply@example.com',
  },
})

Available options

The ./config/admin.js file can include the following parameters:

Parameter	Description	Type	Default
apiToken.salt	Salt used to generate API tokens	String	(A random string generated by Strapi)
auth	Authentication configuration	Object	-
auth.secret	Secret used to encode JWT tokens	string	undefined
auth.events	Record of all the events subscribers registered for the authentication	object	{}
auth.events.onConnectionSuccess	Function called when an admin user log in successfully to the administration panel	function	undefined
auth.events.onConnectionError	Function called when an admin user fails to log in to the administration panel	function	undefined
url	Url of your admin panel. Default value: /admin. Note: If the url is relative, it will be concatenated with url.	string	/admin
autoOpen	Enable or disabled administration opening on start.	boolean	true
watchIgnoreFiles	Add custom files that should not be watched during development. See more here (opens new window) (property ignored).	Array(string)	[]
host	Use a different host for the admin panel. Only used along with strapi develop --watch-admin	string	localhost
port	Use a different port for the admin panel. Only used along with strapi develop --watch-admin	string	8000
serveAdminPanel	If false, the admin panel won't be served. Note: the index.html will still be served, see defaultIndex option	boolean	true
forgotPassword	Settings to customize the forgot password email (see more here: Forgot Password Email)	Object	{}
forgotPassword.emailTemplate	Email template as defined in email plugin	Object	Default template (opens new window)
forgotPassword.from	Sender mail address	string	Default value defined in your provider configuration
forgotPassword.replyTo	Default address or addresses the receiver is asked to reply to	string	Default value defined in your provider configuration

API tokens

Authentication strategies in Strapi can either be based on the use of the Users & Permissions plugin or on the built-in API token feature.

Using API tokens allows executing a request on REST API endpoints as an authenticated user. The API token should be added to the request's Authorization header with the following syntax: bearer your-api-token.

New API tokens are generated from the admin panel using a salt. This salt is automatically generated by Strapi and stored in ./config/admin.js as apiToken.salt.

The salt can be customized:

• either by updating the string value for apiToken.salt in ./config/admin.js
• or by creating an API_TOKEN_SALT environment variable in the .env file of the project

✋ CAUTION

Changing the salt invalidates all the existing API tokens.