# Notification Gateway Service

ESS provides a Notification Gateway Service for discovering the protocol-specific endpoints.

{% hint style="info" %}
The Notification Gateway Service is based on an early draft version of Solid Notifications Protocol. Features based on the draft specifications are subject to change.
{% endhint %}

### Notification Gateway Service Endpoint

ESS Notification Gateway Service has the following endpoint:

```none
https://notification.<ESS Domain>/
```

To determine the [WebSocket Notification Service](https://docs.inrupt.com/ess/2.4/services/service-notification/service-websocket) endpoint, clients can **`POST`** to the ESS Notification Gateway; no authentication is required:

<table data-header-hidden><thead><tr><th width="183.30401611328125"></th><th></th></tr></thead><tbody><tr><td>Method:</td><td><strong><code>POST</code></strong></td></tr><tr><td>Endpoint:</td><td><strong><code>https://notification.&#x3C;ESS Domain>/</code></strong></td></tr><tr><td>Content-Type:</td><td><strong><code>application/json</code></strong></td></tr><tr><td>Body:</td><td><strong><code>{ "protocols": ["ws"] }</code></strong></td></tr></tbody></table>

The response JSON contains the WebSocket endpoint that clients can access for login; for example:

```json
{ "endpoint": "https://websocket.<ESS Domain>/", "features": [], "protocol": "ws" }
```

See [WebSocket Notification Service](https://docs.inrupt.com/ess/2.4/services/service-notification/service-websocket) for details on using the endpoint.

### Configuration

As part of the [installation process](https://docs.inrupt.com/ess/2.4/installation), Inrupt provides base Kustomize overlays and associated files that require deployment-specific configuration inputs.

The following configuration options are available for the service and may be set as part of updating the inputs for your deployment. The Inrupt-provided base Kustomize overlays may be using updated configuration values that differ from the default values.

#### Required

**INRUPT\_NOTIFICATION\_PROTOCOLS\_WS\_ENDPOINT**

The URL of the WebSocket endpoint (e.g., **`https://websocket.{ESS Domain}/`**) returned by the Gateway.

**INRUPT\_NOTIFICATION\_WS\_ENDPOINT**

The URL of the WebSocket endpoint (e.g., **`https://websocket.{ESS Domain}/`** ) returned by the Gateway.

#### Optional

**Configuration Logging**

ESS services log their startup configuration.

**INRUPT\_LOGGING\_CONFIGURATION\_PREFIX\_ALLOW**

*Default*: inrupt,smallrye.jwt.sign.key.location

A comma-separated list of configuration property prefixes (**case-sensitive**) that determine which configurations are logged:

* If the list is empty, **NO** configuration property is logged.
* If a configuration property starts with a listed prefix (**case-sensitive**), the configuration property and its value are logged **unless** the configuration also matches a prefix in [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) (which acts as a filter on [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) list). As such, if the configuration matches prefix in both [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) and [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny), the [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) takes precedence and the configuration is not logged. For example, if **`inrupt.`** is an allow prefix, but is a deny prefix, all configurations that start with **`inrupt.kafka.`** are excluded from the logs.

When specifying the prefixes, you can specify the prefixes using one of two formats:

* using dot notation (e.g., **`inrupt.foobar.`** ), or
* using the [MicroProfile Config environmental variables conversion value](https://quarkus.io/guides/config-reference#environment-variables) (e.g., **`INRUPT_FOOBAR_`** ).

{% hint style="danger" %}
**Warning**\
Use the same format for **both** [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) and [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny).

For example, if you change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow), change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) as well.
{% endhint %}

{% hint style="info" %}
**Tip**\
To avoid allowing more than desired configurations, specify as much of the prefix as possible. If the prefix specifies the complete prefix term, include the term delineator. For example:

* If using dot-notation, if you want to match configuration properties of the form **`foobar.<xxxx>...`** , specify **`foobar.`** (including the dot **`.`** ) instead of, for example, **`foo`** or **`foobar`** .
* If using converted form, if you want to match configuration properties of the form **`FOOBAR_<XXXX>...`** , specify **`FOOBAR_`** (including the underscore **`_`** ) instead of, for example, **`FOO`** or **`FOOBAR`** .
  {% endhint %}

**INRUPT\_LOGGING\_CONFIGURATION\_PREFIX\_DENY**

*Default*:

A comma-separated list of configuration name prefixes (**case-sensitive**) that determines which configurations (that would otherwise match the [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow)) are not logged. That is, [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) acts as a filter on [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow). For example:

* If **`foobar.`** is an allowed prefix, to suppress **`foobar.private.`**, you can specify **`foobar.private.`** to the deny list.
* If **`foobar.`** is **not** an allowed prefix, no property starting with **`foobar.`** is logged. As such, you do not need to specify **`foobar.private`** to the deny list.

When specifying the prefixes, you can specify the prefixes using one of two formats:

* using dot notation (e.g., **`inrupt.foobar.`** ), or
* using the [MicroProfile Config environmental variables conversion value](https://quarkus.io/guides/config-reference#environment-variables) (e.g., **`INRUPT_FOOBAR_`** ).

{% hint style="danger" %}
**Warning**\
Use the same format for **both** [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) and [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny).

For example, if you change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow), change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) as well.
{% endhint %}

#### Log Redaction

**INRUPT\_LOGGING\_REDACTION\_NAME\_ACTION**

*Default*: **`REPLACE`**

Type of the redaction to perform. Supported values are:

<table><thead><tr><th width="163.2471923828125">Action</th><th>Description</th></tr></thead><tbody><tr><td><strong><code>REPLACE</code></strong></td><td>Default. Replaces the matching text with a specified replacement.</td></tr><tr><td><strong><code>PLAIN</code></strong></td><td>Leaves the matching field unprocessed. Only available if the redaction target is a field (i.e., <strong><code>INRUPT_LOGGING_REDACTION_{NAME}_FIELD</code></strong>).</td></tr><tr><td><strong><code>DROP</code></strong></td><td>Suppresses the matching field. Only available if the redaction target is a field (i.e., <strong><code>INRUPT_LOGGING_REDACTION_{NAME}_FIELD</code></strong>).</td></tr><tr><td><strong><code>PRIORITIZE</code></strong></td><td>Changes the log level of the matching message.</td></tr><tr><td><strong><code>SHA256</code></strong></td><td>Replaces the matching text with its hash.</td></tr></tbody></table>

* If the action is **`REPLACE`** (*default*), see also **`INRUPT_LOGGING_REDACTION_{NAME}_REPLACEMENT`**.
* If the action is to **`PRIORITIZE`**, see also **`INRUPT_LOGGING_REDACTION_{NAME}_LEVEL`**.

For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.4/administration/logging/logging-redaction).

**INRUPT\_LOGGING\_REDACTION\_NAME\_ENABLED**

*Default*: **true**

A boolean that determines whether the redaction configurations with the specified **`INRUPT_LOGGING_REDACTION_{NAME}_`** prefix is enabled.

For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.4/administration/logging/logging-redaction).

**INRUPT\_LOGGING\_REDACTION\_NAME\_EXCEPTION**

Fully qualified name of the exception class to match in the log messages (includes inner exception). Configure to target an exception message class.

For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.4/administration/logging/logging-redaction).

**INRUPT\_LOGGING\_REDACTION\_NAME\_FIELD**

Exact name of the field to match in the log messages. Configure to target a specific log message field for redaction.

For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.4/administration/logging/logging-redaction).

**INRUPT\_LOGGING\_REDACTION\_NAME\_LEVEL**

A new log level to use for the log message if the **`INRUPT_LOGGING_REDACTION_{NAME}_ACTION`** is **`PRIORITIZE`**.

**INRUPT\_LOGGING\_REDACTION\_NAME\_PATTERN**

A regex (see Java regex pattern) to match in the log messages. Configure to target log message text that matches a specified pattern.

For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.4/administration/logging/logging-redaction).

**INRUPT\_LOGGING\_REDACTION\_NAME\_REPLACEMENT**

Replacement text to use if the **`INRUPT_LOGGING_REDACTION_{NAME}_ACTION`** is **`REPLACE`**.

If unspecified, defaults to **`[REDACTED]`**.

For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.4/administration/logging/logging-redaction).

#### Application-Defined Metadata Propagation

**INRUPT\_AUDIT\_PRODUCER\_REQUEST\_METADATA\_ALLOW**

A comma-separated list of application-defined properties that can be included in the associated audit events (unless specified in the corresponding [**`INRUPT_AUDIT_PRODUCER_REQUEST_METADATA_DENY`**](#inrupt_audit_producer_request_metadata_deny)).

This configuration is **case-sensitive** to the propagated properties in the baggage.

{% hint style="info" %}
Tip\
To include a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match.
{% endhint %}

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_AUDIT\_PRODUCER\_REQUEST\_METADATA\_DENY**

A comma-separated list of application-defined properties to exclude from the associated audit messages. This setting takes precedence over [**`INRUPT_AUDIT_PRODUCER_REQUEST_METADATA_ALLOW`**](#inrupt_audit_producer_request_metadata_allow).

This configuration is **case-sensitive** to the propagated properties in the baggage.

{% hint style="info" %}
Tip\
To exclude a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match.
{% endhint %}

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_LOGGING\_REQUEST\_METADATA\_ALLOW**

A comma-separated list of application-defined properties that can be included in the associated log messages (unless specified in the corresponding [**`INRUPT_LOGGING_REQUEST_METADATA_DENY`**](#inrupt_logging_request_metadata_deny)).

This configuration is **case-sensitive** to the propagated properties in the baggage.

{% hint style="info" %}
Tip\
To include a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match.
{% endhint %}

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_LOGGING\_REQUEST\_METADATA\_DENY**

A comma-separated list of application-defined properties to exclude from the associated log messages. This setting takes precedence over [**`INRUPT_LOGGING_REQUEST_METADATA_ALLOW`**](#inrupt_logging_request_metadata_allow).

This configuration is **case-sensitive** to the propagated properties in the baggage.

{% hint style="info" %}
Tip\
To exclude a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match.
{% endhint %}

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_REQUEST\_METADATA\_PROPAGATOR\_HEADER\_ALLOW**

A comma-separated list of non-baggage request headers to add to the baggage (unless specified in the corresponding [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_DENY`**](#inrupt_request_metadata_propagator_header_deny)); i.e., include these non-baggage request headers as application-defined properties.

The configuration is case-insensitive; i.e., the listed headers do **not** need to match the case of the client request headers. For example, a list that includes **`x-correlation-id`** can match **`x-correlation-id`** header, **`X-CoRrElAtIoN-Id`** header, etc.

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_REQUEST\_METADATA\_PROPAGATOR\_HEADER\_DENY**

A comma-separated list of non-baggage request headers to exclude from being added to the baggage; i.e., excludes these headers as application-defined properties. This setting takes precedence over [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow).

The configuration is case-insensitive; i.e., the listed headers do **not** need to match the case of the client request headers. For example, a list that includes **`x-correlation-id`** can match (and exclude) **`x-correlation-id`** header, **`X-CoRrElAtIoN-Id`** header, etc.

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_REQUEST\_METADATA\_PROPAGATOR\_HEADER\_OVERRIDES**

A flag that determines ESS behavior when metadata property is defined both as a header and as a baggage entry:

* If **true**, ESS updates/overrides the baggage entry with the header value.
* If **false** (the default), ESS keeps the baggage entry.

For details, [Duplicate Property Definition](https://docs.inrupt.com/ess/administration/application-defined-metadata#duplicate-property-definition).

**INRUPT\_REQUEST\_METADATA\_REFLECTOR\_HEADER\_ALLOW**

A comma-separated list of application-defined properties that can return as response headers (unless specified in the corresponding [**`INRUPT_REQUEST_METADATA_REFLECTOR_HEADER_DENY`**](#inrupt_request_metadata_reflector_header_deny)).

This configuration is **case-sensitive** to the propagated properties in the baggage.

{% hint style="info" %}
Tip

* To return a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match.
* You may need to update **`QUARKUS_HTTP_CORS_EXPOSED_HEADERS`** to extend the list of [CORS-safelisted response headers](https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header) .
  {% endhint %}

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

**INRUPT\_REQUEST\_METADATA\_REFLECTOR\_HEADER\_DENY**

A comma-separated list of application-defined properties to exclude from returning as response headers. This setting takes precedence over [**`INRUPT_REQUEST_METADATA_REFLECTOR_HEADER_ALLOW`**](#inrupt_request_metadata_reflector_header_allow).

This configuration is **case-sensitive** to the propagated properties in the baggage.

{% hint style="info" %}
Tip\
To exclude a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match.
{% endhint %}

See:

* [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.4/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure.
* [Application-Defined Metadata](https://docs.inrupt.com/ess/2.4/administration/application-defined-metadata) for more information.

#### Additional Information

See also [Quarkus Configuration Options](https://quarkus.io/guides/all-config).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inrupt.com/ess/2.4/services/service-notification/service-notification-gateway.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.

Method:	`POST`
Endpoint:	`https://notification.<ESS Domain>/`
Content-Type:	`application/json`
Body:	`{ "protocols": ["ws"] }`
Action	Description
`REPLACE`	Default. Replaces the matching text with a specified replacement.
`PLAIN`	Leaves the matching field unprocessed. Only available if the redaction target is a field (i.e., `INRUPT_LOGGING_REDACTION_{NAME}_FIELD`).
`DROP`	Suppresses the matching field. Only available if the redaction target is a field (i.e., `INRUPT_LOGGING_REDACTION_{NAME}_FIELD`).
`PRIORITIZE`	Changes the log level of the matching message.
`SHA256`	Replaces the matching text with its hash.