Instance configuration
The following configuration settings can be administered for each instance of the Verified Orchestration platform.
These settings are controlled via the Configuration page in Composer.
To change settings, you will need to be a member of the Instance admin user role.
CORS origins
CORS origins control which web applications can access the Verified Orchestration API or OIDC endpoint. You can configure allowed origins for each instance (sandbox and production).
- Subdomains can be matched using a regular expression, e.g.
^https://([a-z0-9]+[.])*yourcompany\.com$ - For sandbox environments, you may want to allow local development origins, e.g.
^http(s?)://localhost(:\d+)?$
You can manage CORS origins in two ways:
In Composer: Go to the Configuration page, find the CORS origins section, and add or edit allowed origins as needed.
Via the API:
You can view all configured origins using the corsOriginConfigs query:
Example GraphQL query:
query CorsOriginConfigs {
corsOriginConfigs {
id
origin
}
}
To set or update CORS origins, use the setCorsOriginConfigs mutation.
This mutation replaces all existing origins for the instance with the new list you provide.
Example GraphQL mutation:
mutation SetCorsOriginConfigs($input: [CorsOriginConfigInput!]!) {
setCorsOriginConfigs(input: $input) {
id
origin
}
}
Example variables:
{
"input": [
{
"origin": "^https://([a-z0-9]+[.])*yourcompany\\.com$"
},
{
"origin": "^http(s?)://localhost(:\\d+)?$"
}
]
}
Note: The API uses a "set all" strategy—when you update CORS origins, you provide the full list for the instance, and it replaces any previous origins.
GraphQL security settings
The Verified Orchestration API uses GraphQL for querying and mutating data. To ensure the API is not misused, the following security settings are configured out of the box with sensible defaults. However, these settings can be adjusted to suit your requirements.
| Rule | Default | Description |
|---|---|---|
| Max Aliases | 30 | Limit the number of aliases in a GraphQL document. |
| Max Depth | 12 | Limit the depth of a GraphQL document. |
| Max Directives | 50 | Limit the number of directives in a GraphQL document. |
| Max Tokens | 2500 | Limit the number of tokens in a GraphQL document. |
If you need to adjust GraphQL security settings, please contact the Verified Orchestration team to make changes on your behalf.