Skip to content

Configure system settings

Settings allows you to configure system settings for your ActiveServer instance. Settings has 3 tabs:


The System tab has 2 sections:

Server URLs

  • External URL - externally accessible URL, used for authentication callbacks and product activation. The URL can be populated with the form of https://"your ActiveServer domain name":"server port number", e.g. The server port number in the URL pattern is the as.server.http.port or as.server.https.port value (depending on the protocol being used) set in the ActiveServer configuration file.


    Updating the External URL will also initiate an update of the 3DS Server URL in the Directory Server settings for each card scheme. If the 3DS Server URL value is empty for any card scheme, it will be updated to use the new External URL value, with the HTTPS listening port value also being appended. If the 3DS Server URL value is already set, no changes will be made.

    This is to assist with the setup process as these URLs are generally the same. If your architecture setup has a separate URL assigned for the 3DS Server URL, this setting should be updated before performing a transaction.


    For a load-balanced setup, this URL may be different to the URL pattern described above and there may be a separate admin UI interface URL that has been configured. Please make sure that the load-balancer for the External URL forwards the requests to the server ports mentioned above.

    E.g. If the URL has been configured for server callbacks and has been configured for admin UI interface requests, then should be used for the External URL.

  • API URL - URL used to receive authentication and administration API calls. The domain name of this URL will also be used to generate client certificates for the authentication of APIs (x.509). If it is not provided by default ActiveServer will use the domain name in the External URL for client certificate generation. Note this URL does not have to be publicly accessible. The form of the URL is the same as the External URL, with the port number being the API port.

  • Admin URL - URL that is used for user email activation and reset password procedures. This value can only be entered if the Admin port in the configuration is enabled, otherwise the domain name in the External URL will be used. Please note this URL does not have to be publicly accessible.


  • Log level - verbosity of the console output and system logs. Possible values in least verbose to most verbose order: ERROR > INFO > DEBUG.


  • Session timeout (read only) - interval a login session is valid for before expiring and requiring the user to enter their login credentials again. By default, the session timeout value is 900 sec (15 min) and is loaded from an internal setting. To change this setting, add the following line into the file and restart the instance:

    as.settings.session-timeout={time in seconds}

    For example, to set the session timeout to 1800 seconds (30 minutes), add as.settings.session-timeout=1800.


    The value must be a positive integer in the range of 300 ~ 3600 seconds (5 ~ 60 minutes).

  • Session failed attempts - number of failed login attempts permitted before login is temporarily disabled for the time specified by the session lock time. After the time has elapsed, the session can be re-established by providing the correct credentials (unit: attempts)

  • Session lock time - interval a user will be locked out for if they exceed the failed login attempts amount (unit: minutes)
  • Password expiry period - number of days a password is valid for before requiring a new password to be created (unit: days)
  • Password history check - number of unique passwords required to be used before a specific password can be used again (unit: unique passwords)
  • Force two factor login - enable or disable two factor authentication for login for all users on the server. ActiveServer uses Google Authenticator to provide two factor authentication for users. If this setting is enabled, any user who does not have two factor authentication already set up for their account will be forced to set it up on their next login before being able to use any system functionality. Steps to set up the Google Authenticator are provided on screen.

Rotate key

Shows the current encryption key's creation date and allows the user to rotate the key used by selecting Rotate key.


This feature allows the user to update the HSM PIN if it has been changed:

  • Full file name and path of PKCS#11 library - this value is read from the and can only be changed by updating the file and restarting the server.
  • Slot number of HSM - this value is read from the and can only be changed by updating the file and restarting the server.
  • HSM PIN - allows the new HSM PIN to be entered.

Selecting the Test HSM connection button will attempt to connect to the HSM using the inputted HSM PIN. If the test is successful, the system will show "HSM connection successful", otherwise "Invalid HSM Pin" will be shown.

Selecting the Update button will update the database with the HSM PIN value. Restarting the server is required after updating.


The system will update the HSM PIN regardless of the test result. This is to allow the PIN to be updated in the ActiveServer database before the HSM PIN is changed if required. Make sure the right PIN is entered before updating the system, as having the wrong HSM PIN will cause transactions to fail.


The HSM PIN management will only be shown if a HSM is in use.

Version 1.0.4

This feature was added in the version 1.0.4 release.

ActiveMerchant migration

The ActiveMerchant Migration tab allows a Business Admin user to import merchants and acquirers from GPayments ActiveMerchant (3DS1 MPI) to assist with the transition from 3DS1 to 3DS2.

For information on how to use the migration feature, refer to the ActiveMerchant migration guide.