{
  "$schema" : "https://json-schema.org/draft/2019-09/schema",
  "$defs" : {
    "Csrf" : {
      "type" : "object",
      "properties" : {
        "Protection" : {
          "type" : "boolean",
          "description" : "Provides the general CSRF protection via 'X-Requested-By' header for REST services.",
          "default" : "true"
        }
      },
      "additionalProperties" : false
    },
    "Servlet" : {
      "type" : "object",
      "properties" : {
        "API" : {
          "type" : "boolean",
          "description" : "Controls whether the REST resources provided by the Axon Ivy Engine should be available or not",
          "default" : "true"
        },
        "CSRF" : {
          "$ref" : "#/$defs/Csrf",
          "description" : "Cross Site Request Forgery (CRSF) settings"
        },
        "Deployment" : {
          "type" : "boolean",
          "description" : "Controls whether the REST resource for remote deployment under '/system/api/apps/{application} is available or not",
          "default" : "true"
        },
        "Enabled" : {
          "type" : "boolean",
          "description" : "Controls the REST servlet interface. If disabled no REST resources will be accessible.\nCalls to remote REST services are still possible.",
          "default" : "true"
        },
        "Tracing" : {
          "$ref" : "#/$defs/TracingHeaders",
          "description" : "Allows the service developer to get diagnostic information about request processing by Jersey.\nThose diagnostic/tracing information are returned in response headers (X-Jersey-Tracing-nnn).\nOn productive environments this feature should not be turned on.",
          "default" : "OFF"
        }
      },
      "additionalProperties" : false
    },
    "TracingHeaders" : {
      "type" : "string",
      "enum" : [ "OFF", "ON_DEMAND", "ALL" ]
    }
  },
  "type" : "object",
  "properties" : {
    "Servlet" : {
      "$ref" : "#/$defs/Servlet"
    }
  },
  "additionalProperties" : false
}