rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-29 09:07:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
hyperswitch/config/deployments/env_specific.toml

354 lines
18 KiB
TOML
Raw Blame History

# For explanantion of each config, please refer to the `config/config.example.toml` file
[analytics.clickhouse]
username = "clickhouse_username" # Clickhouse username
password = "clickhouse_password" # Clickhouse password (optional)
host = "http://localhost:8123" # Clickhouse host in http(s)://<URL>:<PORT> format
database_name = "clickhouse_db_name" # Clickhouse database name
# Analytics configuration.
[analytics]
source = "sqlx" # The Analytics source/strategy to be used
forex_enabled = false # Boolean to enable or disable forex conversion
[analytics.sqlx]
username = "db_user" # Analytics DB Username
password = "db_pass" # Analytics DB Password
host = "localhost" # Analytics DB Host
port = 5432 # Analytics DB Port
dbname = "hyperswitch_db" # Name of Database
pool_size = 5 # Number of connections to keep open
connection_timeout = 10 # Timeout for database connection in seconds
queue_strategy = "Fifo" # Add the queue strategy used by the database bb8 client
[api_keys]
hash_key = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" # API key hashing key.
[applepay_decrypt_keys]
apple_pay_ppc = "APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE" # Payment Processing Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Payment Processing Certificate
apple_pay_ppc_key = "APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_KEY" # Private key generated by Elliptic-curve prime256v1 curve. You can use `openssl ecparam -out private.key -name prime256v1 -genkey` to generate the private key
apple_pay_merchant_cert = "APPLE_PAY_MERCHNAT_CERTIFICATE" # Merchant Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Merchant Identity Certificate
apple_pay_merchant_cert_key = "APPLE_PAY_MERCHNAT_CERTIFICATE_KEY" # Private key generated by RSA:2048 algorithm. Refer Hyperswitch Docs (https://docs.hyperswitch.io/hyperswitch-cloud/payment-methods-setup/wallets/apple-pay/ios-application/) to generate the private key
[paze_decrypt_keys]
paze_private_key = "PAZE_PRIVATE_KEY" # Base 64 Encoded Private Key File cakey.pem generated for Paze -> Command to create private key: openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 365
paze_private_key_passphrase = "PAZE_PRIVATE_KEY_PASSPHRASE" # PEM Passphrase used for generating Private Key File cakey.pem
[applepay_merchant_configs]
common_merchant_identifier = "APPLE_PAY_COMMON_MERCHANT_IDENTIFIER" # Refer to config.example.toml to learn how you can generate this value
merchant_cert = "APPLE_PAY_MERCHANT_CERTIFICATE" # Merchant Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Merchant Identity Certificate
merchant_cert_key = "APPLE_PAY_MERCHANT_CERTIFICATE_KEY" # Private key generate by RSA:2048 algorithm. Refer Hyperswitch Docs (https://docs.hyperswitch.io/hyperswitch-cloud/payment-methods-setup/wallets/apple-pay/ios-application/) to generate the private key
applepay_endpoint = "https://apple-pay-gateway.apple.com/paymentservices/registerMerchant" # Apple pay gateway merchant endpoint
[connector_onboarding.paypal]
enabled = true # boolean
client_id = "paypal_client_id"
client_secret = "paypal_client_secret"
partner_id = "paypal_partner_id"
[connector_request_reference_id_config]
merchant_ids_send_payment_id_as_connector_request_id = [
"merchant_id_1",
"merchant_id_2",
"etc.,",
]
[cors]
max_age = 30 # Maximum time (in seconds) for which this CORS request may be cached.
origins = "http://localhost:8080" # List of origins that are allowed to make requests.
allowed_methods = "GET,POST,PUT,DELETE" # List of methods that are allowed
wildcard_origin = false # If true, allows any origin to make requests
# EmailClient configuration. Only applicable when the `email` feature flag is enabled.
[email]
sender_email = "example@example.com" # Sender email
aws_region = "" # AWS region used by AWS SES
allowed_unverified_days = 1 # Number of days the api calls ( with jwt token ) can be made without verifying the email
active_email_client = "SES" # The currently active email client
recon_recipient_email = "recon@example.com" # Recipient email for recon request email
prod_intent_recipient_email = "business@example.com" # Recipient email for prod intent email
# Configuration for aws ses, applicable when the active email client is SES
[email.aws_ses]
email_role_arn = "" # The amazon resource name ( arn ) of the role which has permission to send emails
sts_role_session_name = "" # An identifier for the assumed role session, used to uniquely identify a session.
[events]
source = "logs" # The event sink to push events supports kafka or logs (stdout)
[events.kafka]
brokers = [] # Kafka broker urls for bootstrapping the client
intent_analytics_topic = "topic" # Kafka topic to be used for PaymentIntent events
attempt_analytics_topic = "topic" # Kafka topic to be used for PaymentAttempt events
refund_analytics_topic = "topic" # Kafka topic to be used for Refund events
api_logs_topic = "topic" # Kafka topic to be used for incoming api events
connector_logs_topic = "topic" # Kafka topic to be used for connector api events
outgoing_webhook_logs_topic = "topic" # Kafka topic to be used for outgoing webhook events
dispute_analytics_topic = "topic" # Kafka topic to be used for Dispute events
audit_events_topic = "topic" # Kafka topic to be used for Payment Audit events
payout_analytics_topic = "topic" # Kafka topic to be used for Payouts and PayoutAttempt events
consolidated_events_topic = "topic" # Kafka topic to be used for Consolidated events
authentication_analytics_topic = "topic" # Kafka topic to be used for Authentication events
fraud_check_analytics_topic = "topic" # Kafka topic to be used for Fraud Check events
# File storage configuration
[file_storage]
file_storage_backend = "aws_s3" # File storage backend to be used
[file_storage.aws_s3]
region = "bucket_region" # The AWS region used by AWS S3 for file storage
bucket_name = "bucket" # The AWS S3 bucket name for file storage
# This section provides configs for currency conversion api
[forex_api]
call_delay = 21600 # Api calls are made after every 6 hrs
local_fetch_retry_count = 5 # Fetch from Local cache has retry count as 5
local_fetch_retry_delay = 1000 # Retry delay for checking write condition
api_timeout = 20000 # Api timeouts once it crosses 20000 ms
api_key = "YOUR API KEY HERE" # Api key for making request to foreign exchange Api
fallback_api_key = "YOUR API KEY" # Api key for the fallback service
redis_lock_timeout = 26000 # Redis remains write locked for 26000 ms once the acquire_redis_lock is called
[jwekey] # 3 priv/pub key pair
vault_encryption_key = "" # public key in pem format, corresponding private key in rust locker
rust_locker_encryption_key = "" # public key in pem format, corresponding private key in rust locker
vault_private_key = "" # private key in pem format, corresponding public key in rust locker
# Locker settings contain details for accessing a card locker, a
# PCI Compliant storage entity which stores payment method information
# like card details
[locker]
host = "" # Locker host
host_rs = "" # Rust Locker host
mock_locker = true # Emulate a locker locally using Postgres
locker_signing_key_id = "1" # Key_id to sign basilisk hs locker
locker_enabled = true # Boolean to enable or disable saving cards in locker
redis_temp_locker_encryption_key = "redis_temp_locker_encryption_key" # Encryption key for redis temp locker
ttl_for_storage_in_secs = 220752000 # Time to live for storage entries in locker
[log.console]
enabled = true
level = "DEBUG"
log_format = "json"
[log.file]
enabled = false
level = "DEBUG"
log_format = "json"
# Telemetry configuration for metrics and traces
[log.telemetry]
traces_enabled = false # boolean [true or false], whether traces are enabled
metrics_enabled = false # boolean [true or false], whether metrics are enabled
ignore_errors = false # boolean [true or false], whether to ignore errors during traces or metrics pipeline setup
sampling_rate = 0.1 # decimal rate between 0.0 - 1.0
otel_exporter_otlp_endpoint = "http://localhost:4317" # endpoint to send metrics and traces to, can include port number
otel_exporter_otlp_timeout = 5000 # timeout (in milliseconds) for sending metrics and traces
use_xray_generator = false # Set this to true for AWS X-ray compatible traces
route_to_trace = ["*/confirm"]
bg_metrics_collection_interval_in_secs = 15 # Interval for collecting the metrics in background thread
[lock_settings]
delay_between_retries_in_milliseconds = 500 # Delay between retries in milliseconds
redis_lock_expiry_seconds = 180 # Seconds before the redis lock expires
# Main SQL data store credentials
[master_database]
username = "db_user" # DB Username
password = "db_pass" # DB Password. Use base-64 encoded kms encrypted value here when kms is enabled
host = "localhost" # DB Host
port = 5432 # DB Port
dbname = "hyperswitch_db" # Name of Database
pool_size = 5 # Number of connections to keep open
connection_timeout = 10 # Timeout for database connection in seconds
queue_strategy = "Fifo" # Add the queue strategy used by the database bb8 client
[generic_link]
[generic_link.payment_method_collect]
sdk_url = "http://localhost:9090/0.16.7/v0/HyperLoader.js"
expiry = 900
[generic_link.payment_method_collect.ui_config]
theme = "#4285F4"
logo = "https://app.hyperswitch.io/HyperswitchFavicon.png"
merchant_name = "HyperSwitch"
[generic_link.payment_method_collect.enabled_payment_methods]
card = "credit,debit"
bank_transfer = "ach,bacs,sepa"
wallet = "paypal,pix,venmo"
[generic_link.payout_link]
sdk_url = "http://localhost:9090/0.16.7/v0/HyperLoader.js"
expiry = 900
[generic_link.payout_link.ui_config]
theme = "#4285F4"
logo = "https://app.hyperswitch.io/HyperswitchFavicon.png"
merchant_name = "HyperSwitch"
[generic_link.payout_link.enabled_payment_methods]
card = "credit,debit"
[payment_link]
sdk_url = "http://localhost:9090/0.16.7/v0/HyperLoader.js"
[payment_method_auth]
pm_auth_key = "pm_auth_key" # Payment method auth key used for authorization
redis_expiry = 900 # Redis expiry time in milliseconds
[proxy]
http_url = "http://proxy_http_url" # Outgoing proxy http URL to proxy the HTTP traffic
https_url = "https://proxy_https_url" # Outgoing proxy https URL to proxy the HTTPS traffic
bypass_proxy_urls = [] # A list of URLs that should bypass the proxy
# Redis credentials
[redis]
host = "127.0.0.1"
port = 6379
pool_size = 5 # Number of connections to keep open
reconnect_max_attempts = 5 # Maximum number of reconnection attempts to make before failing. Set to 0 to retry forever.
reconnect_delay = 5 # Delay between reconnection attempts, in milliseconds
default_ttl = 300 # Default TTL for entries, in seconds
default_hash_ttl = 900 # Default TTL for hashes entries, in seconds
use_legacy_version = false # RESP protocol for fred crate (set this to true if using RESPv2 or redis version < 6)
stream_read_count = 1 # Default number of entries to read from stream if not provided in stream read options
auto_pipeline = true # Whether or not the client should automatically pipeline commands across tasks when possible.
disable_auto_backpressure = false # Whether or not to disable the automatic backpressure features when pipelining is enabled.
max_in_flight_commands = 5000 # The maximum number of in-flight commands (per connection) before backpressure will be applied.
default_command_timeout = 30 # An optional timeout to apply to all commands. In seconds
unresponsive_timeout = 10 # An optional timeout for Unresponsive commands in seconds. This should be less than default_command_timeout.
max_feed_count = 200 # The maximum number of frames that will be fed to a socket before flushing.
cluster_enabled = true # boolean
cluster_urls = [
"redis.cluster.uri-1:8080",
"redis.cluster.uri-2:4115",
] # List of redis cluster urls
# Replica SQL data store credentials
[replica_database]
username = "replica_user" # DB Username
password = "db_pass" # DB Password. Use base-64 encoded kms encrypted value here when kms is enabled
host = "localhost" # DB Host
port = 5432 # DB Port
dbname = "hyperswitch_db" # Name of Database
pool_size = 5 # Number of connections to keep open
connection_timeout = 10 # Timeout for database connection in seconds
queue_strategy = "Fifo" # Add the queue strategy used by the database bb8 client
[report_download_config]
dispute_function = "report_download_config_dispute_function" # Config to download dispute report
payment_function = "report_download_config_payment_function" # Config to download payment report
refund_function = "report_download_config_refund_function" # Config to download refund report
region = "report_download_config_region" # Region of the bucket
[opensearch]
host = "https://localhost:9200"
[opensearch.auth]
auth = "basic"
username = "admin"
password = "admin"
region = "eu-central-1"
[opensearch.indexes]
payment_attempts = "hyperswitch-payment-attempt-events"
payment_intents = "hyperswitch-payment-intent-events"
refunds = "hyperswitch-refund-events"
disputes = "hyperswitch-dispute-events"
sessionizer_payment_attempts = "sessionizer-payment-attempt-events"
sessionizer_payment_intents = "sessionizer-payment-intent-events"
sessionizer_refunds = "sessionizer-refund-events"
sessionizer_disputes = "sessionizer-dispute-events"
# Configuration for the Key Manager Service
[key_manager]
url = "http://localhost:5000" # URL of the encryption service
# This section provides some secret values.
[secrets]
master_enc_key = "sample_key" # Master Encryption key used to encrypt merchant wise encryption key. Should be 32-byte long.
admin_api_key = "test_admin" # admin API key for admin authentication.
jwt_secret = "secret" # JWT secret used for user authentication.
# Server configuration
[server]
workers = 8
port = 8080
host = "127.0.0.1"
# This is the grace time (in seconds) given to the actix-server to stop the execution
# For more details: https://actix.rs/docs/server/#graceful-shutdown
shutdown_timeout = 30
# HTTP Request body limit. Defaults to 32kB
request_body_limit = 32_768
# HTTPS Server Configuration
# Self-signed Private Key and Certificate can be generated with mkcert for local development
[server.tls]
port = 8081
host = "127.0.0.1"
private_key = "/path/to/private_key.pem"
certificate = "/path/to/certificate.pem"
[secrets_management]
secrets_manager = "aws_kms" # Secrets manager client to be used
[secrets_management.aws_kms]
key_id = "kms_key_id" # The AWS key ID used by the KMS SDK for decrypting data.
region = "kms_region" # The AWS region used by the KMS SDK for decrypting data.
[encryption_management]
encryption_manager = "aws_kms" # Encryption manager client to be used
[encryption_management.aws_kms]
key_id = "kms_key_id" # The AWS key ID used by the KMS SDK for decrypting data.
region = "kms_region" # The AWS region used by the KMS SDK for decrypting data.
[multitenancy]
enabled = false
global_tenant = { schema = "public", redis_key_prefix = "", clickhouse_database = "default"}
[multitenancy.tenants.public]
base_url = "http://localhost:8080"
schema = "public"
redis_key_prefix = ""
clickhouse_database = "default"
[multitenancy.tenants.public.user]
control_center_url = "http://localhost:9000"
[user_auth_methods]
encryption_key = "user_auth_table_encryption_key" # Encryption key used for encrypting data in user_authentication_methods table
[cell_information]
id = "12345" # Default CellID for Global Cell Information
[network_tokenization_service] # Network Tokenization Service Configuration
generate_token_url= "" # base url to generate token
fetch_token_url= "" # base url to fetch token
token_service_api_key= "" # api key for token service
public_key= "" # public key to encrypt data for token service
private_key= "" # private key to decrypt response payload from token service
key_id= "" # key id to encrypt data for token service
delete_token_url= "" # base url to delete token from token service
check_token_status_url= "" # base url to check token status from token service
[grpc_client.dynamic_routing_client] # Dynamic Routing Client Configuration
host = "localhost" # Client Host
port = 7000 # Client Port
service = "dynamo" # Service name
[theme.storage]
file_storage_backend = "aws_s3" # Theme storage backend to be used
[theme.storage.aws_s3]
region = "bucket_region" # AWS region where the S3 bucket for theme storage is located
bucket_name = "bucket" # AWS S3 bucket name for theme storage
[theme.email_config]
entity_name = "Hyperswitch" # Name of the entity to be showed in emails
entity_logo_url = "https://example.com/logo.svg" # Logo URL of the entity to be used in emails
foreground_color = "#000000" # Foreground color of email text
primary_color = "#006DF9" # Primary color of email body
background_color = "#FFFFFF" # Background color of email body
[connectors.unified_authentication_service] #Unified Authentication Service Configuration
base_url = "http://localhost:8000" #base url to call unified authentication service
Reference in New Issue View Git Blame Copy Permalink