This is the plugin configuration page where you can choose to enable or disable plugin features or you can also set default values for some general plugin settings.

Once you click on the Configure menu item, It will display the configuration page as shown in the image below.


public api configuration page


Once you click on Enable API checkbox, It will display you the options as shown in the image below.


public api configuration page detailed


The above settings are explained below:


  • Multi-store configuration for: Admin can configure the settings per store or common for all stores so the plugin features can work accordingly per store as per configuration on this page.
  • *Enable API: You can enable the public API plugin using this setting.
  • *Enable Swagger: You can enable the swagger document by enabling this setting. If you enable swagger, the swagger document can be found at a similar URL like your_domain_name/api. If this setting is disabled and someone tries to access the URL then it will display a “Page not found” error.
  • **Is Development: Enabling this setting disables login authorization which means that the API key is not required to consume any API method and no access token will be generated. Also, all methods that doesn't require a signed in user (users with access token) will work without the API key and no guest users are created. By default [email protected]_engine_record.com user is used.
  • ***Secret Key: This is the JWT secret key for the signature validation as token parameter and to encrypt payload information for JWT. This can be changed if required.
  • Security Algorithm: This setting provides options to select a security algorithm to encrypt tokens. By default Hmac SHA256 is selected.
  • Access Token Expiration: This setting allows you to set an expiration time limit for the access tokens after which an access token is expired automatically. A refresh token is required to renew an access token once it is expired.
  • Refresh Token Expiration: This setting allows you to set an expiration time limit for the refresh tokens after which a refresh token is expired automatically. This is automatically created when a new access token is generated.
  • Enable Debugging: Enabling this setting allows you to log all requests and their response automatically but enabling this will disable the response compression of nopCommerce which could result in lower performance.


* Please note that you need to manually restart the application if this setting is modified.

** It is not recommended to enable this setting in a production environment.

*** It is not recommended to modify this unless a security threat is emerged.