Configuration

Use this page for static configuration in client appsettings.json files:

• AdminPanel/appsettings.json
• Api/appsettings.json
• WebApp/appsettings.json

For dynamic runtime settings (editable from admin panel), see the Settings module introduction.

Tip: This article is the template-wide view of which appsettings.json sections exist on which clients and what each block is for at a glance. For full key lists, defaults, and how settings bind to types in code, open the Configuration page for the module that owns that section under Modules—for example Logging configuration documents Monitoring:Logging (filters, export, log levels) the same way other modules document their own configuration surface.

Which client has which section

Section	AdminPanel	Api	WebApp
AllowedHosts	Yes	Yes	Yes
ApiKey	No	Yes	No
Application	Yes	Yes	Yes
MongoDB	Yes	Yes	Yes
Administration	Yes	Yes	Yes
Identity	Yes	Yes	Yes
CookieAuthentication	Yes	Yes	Yes
Localization	Yes	Yes	Yes
Caching	Yes	Yes	Yes
Optimization	Yes	No	Yes
Hangfire	Yes	Yes	Yes
Monitoring	Yes	Yes	Yes
Security	Yes	Yes	Yes
AIChatBot	Yes	Yes	Yes
Swagger	No	Yes	No
JwtAuthentication	No	Yes	No

Setting reference

AllowedHosts

• ASP.NET host filtering value (usually "*" in template defaults).
• Code access: no DevKit settings class for this section (host-level ASP.NET setting).

ApiKey (Api only)

• Read by API key middleware in DevKit Web API.
• If set, non-swagger/non-health API calls must send header api-key with this value.
• If empty, API key check is skipped.
• Code access: read from configuration key ApiKey (no dedicated DevKit settings class).

Application

• Bound to ApplicationSettings.
• Default.Name: app display name.
• Default.Url: base URL for the current client.
• Default.SupportEmail: support contact used by features that expose app contact info.
• Inject in code: ApplicationSettings from CodeBlock.DevKit.Contracts.Models.

MongoDB

• Shared DB connection for modules.
• Connection: MongoDB connection string.
• DatabaseName: primary database name.
• Inject in code: MongoDbSettings from CodeBlock.DevKit.Infrastructure.Database.

Administration

• Bound to administration module settings.
• AdminRole: initial admin role name.
• Permissions[]: seed custom permissions (DisplayName, SystemName, GroupName).
• Inject in code: AdministrationSettings from CodeBlock.DevKit.Administration.Infrastructure.

Identity

• Bound to identity module settings.
• AdminUser.Mobile|Email|Password: seed/default admin account values.
• ExternalLogins.*.Enabled: enable/disable provider.
• Provider credentials and CallbackPath are used for OAuth login flows (Google, Twitter, Microsoft, Facebook).
• Inject in code: IdentitySettings from CodeBlock.DevKit.Identity.Infrastructure.

CookieAuthentication

• Cookie auth options used by clients.
• Enabled: enables cookie auth registration.
• CookieName, CookieHttpOnly: cookie identity and security flags.
• LoginPath, LogoutPath: auth redirect paths.
• ExpireFromMinute, SlidingExpiration, AllowRefresh: session lifetime behavior.
• Code access: mapped to CookieAuthenticationSettings in namespace CodeBlock.DevKit.Web.Blazor.Server.CookieAuthentication (framework-internal type).

Localization

• Bound to localization settings used by request localization and UI culture behavior.
• CookieName: culture cookie key.
• Languages[]:
  • Name, ShortName, Code: language identity.
  • Direction: ltr/rtl.
  • Font: preferred font for that language.
  • IsDefault: default culture.
• Inject in code: LocalizationSettings from CodeBlock.DevKit.Web.Localization.

Caching

• Query-level MediatR caching behavior.
• Enabled: toggles cache behavior globally.
• CacheTimeInSeconds: default TTL used when a query does not override cache duration.
• Code access: consumed by infrastructure caching behavior via configuration keys (no dedicated public settings class).

Optimization (AdminPanel/WebApp)

• Blazor asset optimization (WebOptimizer).
• Enabled: turns optimization middleware on/off.
• EnableCaching, EnableMemoryCache, EnableDiskCache: caching strategy for bundles.
• AllowEmptyBundle: controls empty bundle creation behavior.
• Code access: mapped to WebOptimizationSettings in namespace CodeBlock.DevKit.Web.Blazor.Server.Optimization (framework-internal type).

Hangfire

• Scheduled jobs and dashboard settings.
• SchedulePollingIntervalSeconds: polling interval for scheduled jobs.
• MongoStorage.DatabaseName: Hangfire storage DB (connection falls back to MongoDB.Connection if not set here).
• Dashboard.Enabled: dashboard availability.
• Dashboard.Path (if present): dashboard route (default /hangfire).
• Inject in code: HangfireSettings from CodeBlock.DevKit.Web.ScheduledJobs.

Monitoring

• OpenTelemetry + monitoring module configuration.
• Service.Name: service identity used in telemetry resource metadata.
• Service.HealthCheckPath: path mapped for health check endpoint.
• Logging.MinimumLogLevel: baseline log level.
• Logging.Filters: per-category log level overrides.
• IncludeFormattedMessage, IncludeScopes, ParseStateValues: log payload detail flags.
• Inject in code: MonitoringSettings from CodeBlock.DevKit.Monitoring.Infrastructure.

Security

• Core security settings.
• ApplicationName: data-protection application scope.
• EncryptionSymmetricKey: symmetric key used by DevKit encryption service (must be exactly 24 chars).
• SigningPrivateKeyPath: private key path for signing scenarios.
• RateLimiter.Enabled: global fixed-window rate limiter toggle.
• RateLimiter.PermitLimit|WindowSeconds|QueueLimit|QueueProcessingOrder: throttling policy.
• Inject in code: SecuritySettings from CodeBlock.DevKit.Contracts.Models.

AIChatBot

• AI ChatBot module static infra settings.
• QdrantDB.Host|Port|Https|ApiKey: Qdrant vector database connection settings.
• Inject in code: AIChatBotSettings from CodeBlock.DevKit.AIChatBot.Infrastructure.

Swagger (Api only)

• DevKit API Swagger/OpenAPI behavior.
• Enabled: enables Swagger generator/UI.
• Title, Version: OpenAPI metadata.
• RedirectRootAddress: used by API swagger root redirect behavior.
• Code access: mapped to SwaggerSettings in namespace CodeBlock.DevKit.Web.Api.Swagger (framework-internal type).

JwtAuthentication (Api only)

• JWT bearer authentication options.
• Key: signing key.
• Issuer: token issuer/audience.
• ExpireDays: token lifetime in days.
• Code access: mapped to JwtAuthenticationOptions in namespace CodeBlock.DevKit.Web.Api.JwtAuthentication (framework-internal type).

Inject and use settings in code

You can consume mapped settings directly through dependency injection.

Example: Blazor/Razor page

@using CodeBlock.DevKit.Contracts.Models
@using CodeBlock.DevKit.Web.Localization
@inject ApplicationSettings ApplicationSettings
@inject LocalizationSettings LocalizationSettings
@inject SecuritySettings SecuritySettings

<h3>@ApplicationSettings.Localized.Name</h3>
<p>@ApplicationSettings.Localized.SupportEmail</p>
<p>Language: @LocalizationSettings.GetCurrentLanguageCode()</p>
<p>Direction: @LocalizationSettings.GetCurrentLanguageDirection()</p>
<p>Rate limiter enabled: @SecuritySettings.RateLimiter.Enabled</p>

Example: service/use case class

using CodeBlock.DevKit.Contracts.Models;
using CodeBlock.DevKit.Web.Localization;

internal class MyFeatureService
{
    private readonly ApplicationSettings _applicationSettings;
    private readonly LocalizationSettings _localizationSettings;

    public MyFeatureService(
        ApplicationSettings applicationSettings,
        LocalizationSettings localizationSettings)
    {
        _applicationSettings = applicationSettings;
        _localizationSettings = localizationSettings;
    }

    public string GetTenantDisplayName()
    {
        var language = _localizationSettings.GetCurrentLanguageCode();
        return $"{_applicationSettings.Localized.Name} ({language})";
    }
}

Production notes

• Keep secrets (ApiKey, JWT key, OAuth secrets, encryption keys, Qdrant API key) in secure environment-specific configuration.
• Keep client base URLs (Application.Default.Url) correct per deployed host.