Configure the IBM MQ Console and REST API

Configure the IBM MQ Console and REST API

The mqweb server that hosts the IBM MQ Console and REST API is provided with a default configuration. In order to use either of these components a number of configuration tasks need to be completed, such as configuring security to allow users to log in. This topic describes all the configuration options that are available.

Configure security
We can configure security for the IBM MQ Console and the REST API by editing the mqwebuser.xml file. We can configure and authenticate users by configuring either a basic user registry, or an LDAP registry, or any of the other registry types that are provided with WebSphere Application Server Liberty. We can then authorize those users by assigning users and groups a role. At Version 9.0.1, there is no security for the REST API. From Version 9.0.2, we can configure security for the REST API.
Configure CSRF protection
Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious website causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated. .
Configure the HTTP host name
By default, the mqweb server which hosts the IBM MQ Console and REST API is configured to allow only local connections. That is, the IBM MQ Console and REST API can be accessed only on the system on which the IBM MQ Console and REST API are installed. From Version 9.0.4, we can configure host name to allow remote connections by using the setmqweb command. In IBM MQ Version 9.0.3, and earlier, we can configure host name to allow remote connections by editing the mqwebuser.xml file.
Configure the HTTP and HTTPS ports
By default, the mqweb server that hosts the IBM MQ Console and REST API uses the HTTPS port 9443. The port that is associated with HTTP connections is disabled. We can enable the HTTP port, configure a different HTTPS port, or disable the HTTP or HTTPS port. From Version 9.0.4, we can configure the ports by using the setmqweb command. In IBM MQ Version 9.0.3, and earlier, we can configure the ports by editing the mqwebuser.xml file.
Configure the response timeout
By default, the IBM MQ Console and REST API times out if the time taken to send a response back to a client is longer than 30 seconds. From Version 9.0.4, we can configure the IBM MQ Console and REST API to use a different timeout value by using the setmqweb command. In IBM MQ Version 9.0.3, and earlier, we can configure the IBM MQ Console and REST API to use a different timeout value by editing the mqwebuser.xml file.
Configure autostart
By default, the IBM MQ Console is automatically started when the mqweb server starts. In Version 9.0.1, the REST API is not automatically started. From Version 9.0.2, the REST API is automatically started when the mqweb server starts. From Version 9.0.4, we can configure whether the IBM MQ Console and the REST API start automatically by using the setmqweb command. In IBM MQ Version 9.0.3, and earlier, we can configure whether the IBM MQ Console and the REST API start automatically by editing the mqwebuser.xml file.
Configure logging
We can configure the logging levels, maximum log file size, and the maximum number of log files that are used by the mqweb server which hosts the IBM MQ Console and REST API. From Version 9.0.4, we can configure logging by using the setmqweb command. In IBM MQ Version 9.0.3, and earlier, we can configure logging by editing the mqwebuser.xml file.
Configure the LTPA token expiry interval
LTPA tokens can be used to avoid needing a user to provide username and password credentials on each request to WebSphere Application Server Liberty. You can configure the expiry interval for LTPA authentication tokens.
Configure the administrative REST API gateway
By default, the administrative REST API gateway is enabled. When the administrative REST API gateway is enabled, we can perform remote administration with the REST API by using a gateway queue manager. We can configure the queue manager that is used as the default gateway queue manager, or we can prevent remote administration by disabling the administrative REST API gateway, by using the setmqweb properties command.
Configure the messaging REST API
By default, the mqweb server which hosts the IBM MQ Console and REST API has the messaging REST API enabled. We can configure whether messaging is enabled or disabled by using the setmqweb properties command.
Configure the REST API for MFT
By default, the mqweb server which hosts the IBM MQ Console and REST API has the MFT REST API disabled. We can enable or disable the REST API for MFT, set the coordination queue manager, and specify the MFT reconnect timeout by using the setmqweb properties command.
Tuning the mqweb server JVM
By default, the mqweb server Java virtual machine (JVM) uses platform-specific defaults for the minimum and maximum size of the heap. You might need to change the default values. For example, if a java.lang.OutOfMemoryError is thrown by the mqweb server, you must increase the maximum size of the heap. We can change the default values in the jvm.options file.
File structure of the IBM MQ Console and REST API installation component
There are two sets of directory structures that are associated with the IBM MQ Console and REST API installation component. One directory structure contains files that can be edited. The other directory structure contains files that cannot be edited.
Parent topic: Configure IBM MQ Parent topic: Configure the mqweb server