Summary
The PageScannerResource currently reads its two required configuration values — the upstream API URL and auth token — directly from environment variables / dotmarketing-config.properties via Config.getStringProperty(). This approach:
- Requires server-level configuration changes to enable the feature
- Exposes the auth token as a plain environment variable or config file entry
- Provides no UI for admins to enable/disable or reconfigure the integration
These values should instead be managed through a dotCMS App (Apps portlet), which is the standard dotCMS pattern for third-party integrations requiring secrets.
Current Behavior
File: dotCMS/src/main/java/com/dotcms/rest/api/v1/pagescanner/PageScannerResource.java
// Lines 42–43
public static final String API_URL_PROPERTY = "DOT_PAGE_SCANNER_API_URL";
public static final String API_AUTH_TOKEN_PROPERTY = "DOT_PAGE_SCANNER_API_AUTH_TOKEN";
// Lines 117–118
final String apiUrl = Config.getStringProperty(API_URL_PROPERTY, DEFAULT_API_URL);
final String apiAuthToken = Config.getStringProperty(API_AUTH_TOKEN_PROPERTY, null);
If either value is missing, the endpoint returns 503 SERVICE_UNAVAILABLE.
Proposed Solution
-
Create a dotCMS App descriptor (YAML) for the Page Scanner integration with:
apiUrl — text field, default https://a11y.api.dotcms.siteapiAuthToken — secret field (masked in UI)
-
Update PageScannerResource to look up both values from the App's secrets store (via AppsAPI) instead of Config.getStringProperty()
-
Remove the DOT_PAGE_SCANNER_API_URL and DOT_PAGE_SCANNER_API_AUTH_TOKEN constants and all references to them
-
Update error messages that reference the old env var names
Acceptance Criteria
References
dotCMS/src/main/java/com/dotcms/rest/api/v1/pagescanner/PageScannerResource.java (lines 42–43, 117–126)
Summary
The
PageScannerResourcecurrently reads its two required configuration values — the upstream API URL and auth token — directly from environment variables /dotmarketing-config.propertiesviaConfig.getStringProperty(). This approach:These values should instead be managed through a dotCMS App (Apps portlet), which is the standard dotCMS pattern for third-party integrations requiring secrets.
Current Behavior
File:
dotCMS/src/main/java/com/dotcms/rest/api/v1/pagescanner/PageScannerResource.javaIf either value is missing, the endpoint returns
503 SERVICE_UNAVAILABLE.Proposed Solution
Create a dotCMS App descriptor (YAML) for the Page Scanner integration with:
apiUrl— text field, defaulthttps://a11y.api.dotcms.siteapiAuthToken— secret field (masked in UI)Update
PageScannerResourceto look up both values from the App's secrets store (viaAppsAPI) instead ofConfig.getStringProperty()Remove the
DOT_PAGE_SCANNER_API_URLandDOT_PAGE_SCANNER_API_AUTH_TOKENconstants and all references to themUpdate error messages that reference the old env var names
Acceptance Criteria
apiUrl(text) andapiAuthToken(secret)PageScannerResourcereads both values from the App secrets storeConfig.getStringProperty()calls and env-var constants are removed503responseReferences
dotCMS/src/main/java/com/dotcms/rest/api/v1/pagescanner/PageScannerResource.java(lines 42–43, 117–126)