Available Parameter Values

32.1 Available Parameter Values

The following table lists all the available parameter values you can set within the APEX_INSTANCE_ADMIN package, including parameters for email, wallet, and reporting printing.

You can query the APEX_INSTANCE_PARAMETERS dictionary view to determine the current values of these parameters unless the parameter contains a password.

Instance Parameters

The following parameters can be configured only at the Instance level (using APEX_INSTANCE_ADMIN.SET_PARAMETER).

Parameter Name	Description
`ADMIN_DIGEST_DEFAULT_REPORTING_PERIOD`	Default reporting period in days for APEX Administrator Digest.
`ADMIN_DIGEST_MAX_REPORTING_PERIOD`	Maximum reporting period in days for APEX Administrator Digest. Older data is removed from the metrics tables.
`ALLOW_DB_MONITOR`	If set to `N` (default), database monitoring within SQL Workshop is disabled. If `Y`, it is enabled.
`ALLOW_HASH_FUNCTIONS`	Comma-separated list of supported hash algorithms (default is `SH256,SH384,SH512`). SH1 is also supported by default in Oracle Database 11g.
`ALLOW_PUBLIC_FILE_UPLOAD`	If set to `Y`, enables file uploads without user authentication. If set to `N`, the default, they are disabled.
`ALLOW_RAS`	This parameter is only supported if running Oracle Database 12c. If `Y`, enables Real Application Security support for applications. If set to `N` (default), Real Application Security cannot be used.
`APEX_BUILDER_AUTHENTICATION`	Controls the authentication scheme for Oracle APEX Administration Services and the development environment. Valid parameter values include: `APEX` - Oracle APEX workspace accounts authentication (default) `DB` - Database accounts authentication `HEADER` - HTTP header variable based authentication `SSO` - Oracle Application Server Single Sign-On authentication (OracleAS PL/SQL SSO SDK) `LDAP` - LDAP authentication `SAML` - SAML Sign-In authentication `SOCIAL` - Social Sign-In authentication
`APEX_REST_PATH_PREFIX`	Controls the URI path prefix used to access built-in RESTful Services exposed by APEX. For example, built-in RESTful Service for referencing static application files using `#APP_IMAGES#` token. If the default prefix (r) conflicts with RESTful Services defined by users, adjust this preference to avoid the conflict.
`APPLICATION_ACTIVITY_LOGGING`	Controls setting of application activity log for entire instance. Options are: `A` (Always) `N` (Never) `U` (Use application settings)
`APPLICATION_ID_MAX`	The largest possible ID for a websheet or database application.
`APPLICATION_ID_MIN`	The smallest possible ID for a websheet or database application.
`AUTHENTICATION_SUBSTITUTIONS`	Enables you to specify which substitutions are visible to all authentication schemes in the APEX instance. The parameter value is a JSON format with a flat structure. Substitutions can be used for all authentication scheme attributes with `#SUBSTITUTION_NAME#`. For example: `{ "SUBST_NAME": "SOME_VALUE", "SUBST_NAME_2": "VALUE_2" }`
`AUTOEXTEND_TABLESPACES`	If set to `Y` (default), provisioned tablespaces are autoextended up to a maximum size. If set to `N`, tablespaces are not autoextended.
`BIGFILE_TABLESPACES_ENABLED`	If set to `Y`, the tablespaces provisioned through APEX are created as bigfile tablespaces. If set to `N`, the tablespaces are created as smallfile tablespaces.
`CHECK_FOR_UPDATES`	If set to `N`, the check for APEX and Oracle REST Data Services product updates is disabled for the entire instance, regardless of preferences specified by individual developers. The default is `Y`.
`CHECKSUM_HASH_FUNCTION`	Defines the algorithm that is used to create one way hashes for URL checksums.Valid values are MD5 (deprecated), SH1 (SHA-1), SH256 (SHA-2, 256 bit), SH384 (SHA-2, 384 bit), SH512 (SHA-2, 512 bit) and n. The SHA-2 algorithms are only available on Oracle Database 12g and later. A null value evaluates to the most secure algorithm available and is the default.
`CLONE_SESSION_ENABLED`	If set to `Y`, the default, users can create multiple sessions in the browser.
`DB_SIGNATURE`	Set to the database host/service name on install. If it differs, for example, on cloned databases, sending emails will fail. A value of null (the default) disables any checks.
`DEBUG_MESSAGE_PAGE_VIEW_LIMIT`	Maximum number of debug messages for a single page view. Default is `50000`.
`DELETE_UPLOADED_FILES_AFTER_DAYS`	Uploaded files like application export files, websheet export files, spreadsheet data load files are automatically deleted after this number of days. Default is `14`.
`DISABLE_APPS_LOGIN`	If set to `N` (default), the login to customer-created apps is enabled. If set to `Y`, the login to all customer-created apps is disabled. If set to a comma-separated list of application IDs, only the login to those applications is disabled.
`DISABLE_ADMIN_LOGIN`	If set to `Y`, Oracle APEX administration services are disabled. If set to `N` (default), they are not disabled.
`DISABLE_WORKSPACE_LOGIN`	If set to `Y`, the workspace login is disabled. If set to `N`, the default, the login is not disabled.
`DISABLE_WS_PROV`	If set to `Y`, the workspace creation is disabled for requests sent out by using e-mail notification. If set to `N`, the default, they are not disabled.
`DOCGEN_CREDENTIAL`	The cloud credential name to use for Oracle Object Storage bucket management and use of the Oracle Document Generator Pre-built function.
`DOCGEN_FUNCTION_OCID`	Specifies the Oracle Cloud Identity (OCID) of the Oracle Document Generator Pre-Built function.
`DOCGEN_INVOKE_ENDPOINT`	Specifies the base URL endpoint of the Oracle Document Generator Pre-Built function.
`DOCGEN_OS_BUCKET_COMPARTMENT_OCID`	Specifies the Oracle Cloud Identifier (OCID) of the compartment where the Oracle Document Generator Pre-built Function is located.
`DOCGEN_OS_ENDPOINT`	Specifies the base URL endpoint for the Oracle Object Storage bucket.
`DOCGEN_OS_NAMESPACE`	The Object Storage namespace serves as the top-level container for all buckets and objects.
`EMAIL_ATTACHMENT_MAX_SIZE_MB`	Specifies the maximum size in megabytes of a single email attachment sent using `APEX_MAIL` or the Send E-Mail process.
`EMAIL_IMAGES_URL`	Specifies the full URL to the images directory of APEX instance, including the trailing slash after the images directory. For example: `http://your_server/i/` This setting is used for APEX system-generated emails.
`EMAIL_INSTANCE_URL`	Specifies the URL to APEX instance, including the trailing slash after the Database Access Descriptor. For example: `http://your_server/pls/apex/` This setting is used for APEX system-generated emails.
`ENABLE_LEGACY_WEB_ENTRY_POINTS`	If set to `Y` (default is `N`), procedures used in older APEX versions can be called in the URL (such as `HTMLDB_UTIL.%`).
`ENABLE_TRANSACTIONAL_SQL`	If set to `Y`, transactional SQL commands are enabled on this instance. If set to `N`, the default, they are not enabled.
`ENCRYPTED_TABLESPACES_ENABLED`	If set to `Y`, the tablespaces provisioned through APEX are created as encrypted tablespaces. If set to `N`, the tablespaces are not encyrpted.
`HEADER_AUTH_CALLBACK`	Callback procedure name for HTTP header based authentication, defaults to `apex_authentication.callback`.
`HTTP_ERROR_STATUS_ON_ERROR_PAGE_ENABLED`	Used in conjunction with the `APEX_INSTANCE_ADMIN.SET_PARAMETER` procedure. If set to `N`, the default, APEX presents an error page to the end user for all unhanded errors. If set to `Y`, returns an `HTTP 400` status to the end user's client browser when the APEX engine encounters an unhandled error.
`HTTP_RESPONSE_HEADERS`	List of http response headers, separated by newline (chr(10)). APEX writes these headers on each request, before rendering the page. The substitution string `#CDN#` within the headers is replaced with the content delivery networks that are known to APEX.
`HTTP_STS_MAX_AGE`	`REQUIRE_HTTPS` must be set to `A` for this parameter to be relevant. APEX emits a Strict-Transport-Security header, with max-age=<value>, on HTTPS requests if `HTTP_STS_MAX_AGE` has a value greater than 0. If the request protocol is HTTP, instead of processing the request, APEX redirects to a HTTPS URL.
`HTTP_TRUSTED_ORIGINS`	List of remote HTTP origins that can access resources, separated by newline. Set this parameter in combination with the ORDS parameter `security.externalSessionTrustedOrigins`.
`IGNORED_FRIENDLY_URL_PARAMETERS`	Comma-separated list of parameter names which are ignored when parsing friendly URLs. Default: `utm_campaign,utm_source,utm_medium,utm_term,utm_content`
`INBOUND_PROXIES`	Comma-separated list of IP addresses for proxy servers through which requests come in.
`INSTANCE_DBMS_CREDENTIAL_ENABLED`	If set to `Y`, database credentials that are accessible to the APEX engine (`APEX_NNNNNN` schema), can be used in all workspaces on this instance.
`INSTANCE_NO_PROXY_DOMAINS`	Comma-separated list of domain names for which the instance proxy is not to be used.
`INSTANCE_PROXY`	The proxy server for all outbound HTTP(s) traffic. If `INSTANCE_PROXY` is set, it overrides any application specific proxy server definition.
`INSTANCE_TABLESPACE`	If specified, the tablespace to use for the database user for all new workspaces.
`KEEP_SESSIONS_ON_UPGRADE`	This flag affects application upgrades. If set to `N`, the default, delete sessions associated with the application. If set to `Y`, leave sessions unaffected.
`LOGIN_MESSAGE`	The text to be displayed on the login page. This text can include HTML.
`LOGIN_THROTTLE_DELAY`	The flag which determines the time increase in seconds after failed logins.
`LOGIN_THROTTLE_METHODS`	The methods to count failed logins. Colon-separated list of `USERNAME_IP`, `USERNAME, IP`.
`MAX_APPLICATION_BACKUPS`	The maximum number of backups kept for each application. Default is 25. Maxium is 30. Zero (0) disables automated backups.
`MAX_DATA_EXPORT_IMAGES`	The maximum number of unique images to be included in a data export / report download.
`MAX_MAIL_QUEUE_ROWS`	Defines the number of email messages that are processed from the queue per workspace during each invocation of the ORACLE_APEX_MAIL_QUEUE scheduler job.
`PASSWORD_ALPHA_CHARACTERS`	The alphabetic characters used for password complexity rules. Default list of alphabetic characters include the following: `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`
`PASSWORD_HASH_FUNCTION`	Defines the algorithm that is used to create one way hashes for workspace user passwords. Valid values are MD5 (deprecated), SH1 (SHA-1), SH256 (SHA-2, 256 bit), SH384 (SHA-2, 384 bit), SH512 (SHA-2, 512 bit) and null. The SHA-2 algorithms are only available on Oracle Database Release 12g and later. A null value evaluates to the most secure algorithm available and is the default.
`PASSWORD_HASH_ITERATIONS`	Defines the number of iterations for the `PASSWORD_HASH_FUNCTION` (default 10000).
`PASSWORD_HISTORY_DAYS`	Defines the number of days a previously used password cannot be used again as a new password by the same user.
`PASSWORD_NOT_LIKE_USERNAME`	If `Y` (the default is `N`), prevent workspace administrator, developer, and end user account passwords from containing the username.
`PASSWORD_NOT_LIKE_WORDS`	Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain. These words may not appear in the password in any combination of upper- or lowercase.
`PASSWORD_NOT_LIKE_WS_NAME`	Set to `Y` to prevent workspace administrator, developer, and end user account passwords from ontaining the workspace name.
`PASSWORD_ONE_ALPHA`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in `PASSWORD_ALPHA_CHARACTERS`.
`PASSWORD_ONE_LOWER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character.
`PASSWORD_ONE_NUMERIC`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (0-9).
`PASSWORD_ONE_PUNCTUATION`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in `PASSWORD_PUNCTUATION_CHARACTERS`.
`PASSWORD_ONE_UPPER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character.
`PASSWORD_PUNCTUATION_CHARACTERS`	The punctuation characters used for password complexity rules. Default list of punctuation characters include the following: !"#$%&()``*+,-/:;<=>?_
`PLSQL_EDITING`	If set to `Y`, the default, the SQL Workshop Object Browser is enabled to permit users to edit and compile PL/SQL. If set to `N`, users are not permitted.
`PRINT_BIB_LICENSED`	Specify either standard support or advanced support. Advanced support requires an Oracle BI Publisher license. Valid values include: `STANDARD` - requires Apache FOP. `DOCUMENT_GENERATOR` - requires Oracle Document Generator Pre-built Function. `ADVANCED` - requires Oracle BI Publisher. `AOP` - requires APEX Office Print. `NONE` - native APEX printing.
`PRINT_SVR_HOST`	Specifies the host address of the print server converting engine, for example, `localhost`. Enter the appropriate host address if the print server is installed at another location.
`PRINT_SVR_PORT`	Defines the port of the print server engine, for example `8888`. Value must be a positive integer.
`PRINT_SVR_PROTOCOL`	Valid values include: `http` `https`
`PRINT_SVR_SCRIPT`	Defines the script that is the print server engine, for example: `/xmlpserver/convert`
`REJOIN_EXISTING_SESSIONS`	If `P` (default), session rejoining is supported for non-authenticated users and public pages. If `Y`, session rejoining is also supported for authenticated users and protected pages. If `N`, session rejoining is disabled for the whole instance. Session rejoining must be set to enabled at application or page level. A more restrictive setting at instance level with this instance parameter overrides application and page settings. Unconditionally enabling session rejoining has serious security implications. Attackers could take over sessions via XSS or if they have development access to a workspace.
`REQ_NEW_SCHEMA`	If set to `Y`, the option for new schema for new workspace requests is enabled. If set to `N`, the default, the option is disabled.
`REQUIRE_HTTPS`	If set to `A`, enforces HTTPS for the entire APEX instance. If `I`, enforces HTTPS within the APEX development and administration applications. If `N`, permits all applications to be used when the protocol is either HTTP or HTTPS. Note: Note developers can also enforce HTTPS at the application level, by setting the Secure attribute of an application scheme's cookie.
`RESTFUL_SERVICES_ENABLED`	If set to `Y`, the default, RESTful services development is enabled. If set to `N`, RESTful services are not enabled.
`RESTRICT_DEV_HEADER`	Controls access to the APEX development environment and Administration Services using an HTTP request header. Specify the name of the header, for example `Public-Access`. If this header exists in the request, access is blocked. Normally an external load balancer or a web server adds this header. The value of the header is ignored.
`RESTRICT_APPS_HEADER`	To restrict access to a specific list of applications, enter a HTTP request header name. If the header exists, logging into the application is only allowed if the application ID is contained in the comma-delimited list of applications in the header.
`RESTRICT_IP_RANGE`	To restrict access to the APEX development environment and Administration Services to a specific range of IP addresses, enter a comma-delimited list of IP addresses. If necessary, you can use an asterisk (``) as a wildcard, but do not include additional numeric values after wildcard characters. For example, `138..41.2` is not a valid value.
`RESTRICT_RESPONSE_HEADERS`	If `Y` or `null` (default), show `HTTP 500` when a page contains unsupported HTTP response headers. These include status codes 301, 308 and 410, and cache headers for POST requests.
`SAMESITE_COOKIE`	Default value of the cookie attribute "samesite."
`SAML_APEX_CALLBACK_URLS`	SAML authentication: Supported URLs for `apex_authentication.saml_callback`, separated by newlines. If set, APEX verifies that the domain in the browser is part of this list and sends its index (starting at 0) in authentication requests as `AssertionConsumerServiceIndex`.
`SAML_APEX_CERTIFICATE`	SAML authentication: The primary certificate of the APEX side.
`SAML_APEX_CERTIFICATE2`	(Optional) SAML authentication: The alternative certificate of the APEX side.
`SAML_APEX_PRIVATE_KEY`	SAML authentication: The private key of the APEX side.
`SAML_APEX_PRIVATE_KEY2`	(Optional) SAML authentication: The alternative private key of the APEX side.
`SAML_ENABLED`	SAML authentication: `Y` if workspace applications should be able to use SAML authentication.
`SAML_IP_ISSUER`	SAML authentication: Issuer attribute from the identity provider's metadata.
`SAML_IP_SIGNING_CERTIFICATE`	SAML authentication: The certificate from the identity provider's metadata.
`SAML_IP_SIGNING_CERTIFICATE2`	(Optional) SAML authentication: An alternative certificate from the identity provider's metadata.
`SAML_NAMEID_FORMAT`	SAML authentication: The NameID format that APEX expects. Defaults to `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` when null.
`SAML_SIGN_IN_URL`	SAML authentication: The identity provider's sign in URL.
`SAML_SIGN_OUT_URL`	(Optional) SAML authentication: The identity provider's sign out URL.
`SAML_SP_ISSUER`	SAML authentication: The "issuer" attribute that APEX sends (defaults to the callback URL).
`SAML_USERNAME_ATTRIBUTE`	SAML authentication: Responses can contain additional attributes about the user. If set, APEX uses that attribute's value as the username (defaults to the assertion subject's `NameID` attribute).
`SERVICE_ADMIN_PASSWORD_MIN_LENGTH`	A positive integer or `0` which specifies the minimum character length for passwords for instance administrators, workspace administrators, developers, and end user APEX accounts, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_NEW_DIFFERS_BY`	A positive integer or `0` which specifies the number of differences required between old and new passwords. The passwords are compared character by character, and each difference that occurs in any position counts toward the required minimum difference. This setting applies to accounts for instance administrators, workspace administrators, developers, and end user APEX accounts, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_ALPHA`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in `PASSWORD_ALPHA_CHARACTERS`, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_NUMERIC`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (`0-9`), when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_PUNCTUATION`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in `PASSWORD_PUNCTUATION_CHARACTERS`, the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_LOWER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_ONE_UPPER_CASE`	Set to `Y` to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_NOT_LIKE_USERNAME`	If `Y`, prevent workspace administrator, developer, and end user account passwords from containing the username, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_ADMIN_PASSWORD_NOT_LIKE_WORDS`	Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`). These words may not appear in the password in any combination of upper- or lowercase.
`SERVICE_ADMIN_PASSWORD_NOT_LIKE_WS_NAME`	Set to `Y` to prevent workspace administrator, developer, and end user account passwords from containing the workspace name, when the strong password rules are enabled (see `STRONG_SITE_ADMIN_PASSWORD`).
`SERVICE_REQUEST_FLOW`	Determines default provisioning mode. Options are: `MANUAL` - (Default) An administrator must manually create each workspace. `EMAIL` - Link displayed on login page. Requests require administrator approval. `AUTO` - Link displayed on login page. Requests are automatically approved.
`SERVICE_REQUESTS_ENABLED`	If set to `Y`, the default, workspace service requests for schemas, storage, and termination is enabled. If set to `N`, these requests are disabled.
`SMTP_FROM`	Defines the "From" address for administrative tasks that generate email, such as approving a provision request or resetting a password. Enter a valid email address, for example: `admin@example.com`
`SMTP_HOST_ADDRESS`	Defines the server address of the SMTP server. If you are using another server as an SMTP relay, change this parameter to that server's address. Default setting: `localhost`
`SMTP_HOST_PORT`	Defines the port the SMTP server listens to for mail requests. Default setting: `25`
`SMTP_PASSWORD`	Defines the password APEX takes to authenticate itself against the SMTP server, with the parameter `SMTP_USERNAME`.
`SMTP_TLS_MODE`	Defines whether APEX opens an encrypted connection to the SMTP server. Encryption is only supported on database versions 11.2.0.2 and later. On earlier database versions, the connection is not encrypted. If set to `N`, the connection is unencrypted (default). If set to `Y`, the connection is encrypted before data is sent. If `STARTTLS`, APEX sends the SMTP commands `EHLO <SMTP_HOST_ADDRESS>` and `STARTTLS` before encrypting the connection.
`SMTP_USERNAME`	Defines the username APEX takes to authenticate itself against the SMTP server (default is null). Starting with database version 11.2.0.2, APEX uses `UTL_MAIL`'s `AUTH` procedure for authentication. This procedure negotiates an authentication mode with the SMTP server. With earlier database versions, the authentication mode is always `AUTH` `LOGIN`. If `SMTP_USERNAME` is null, no authentication is used.
`SOCIAL_AUTH_CALLBACK`	Callback procedure name for Social Sign-In, defaults to `apex_authentication.callback`.
`SQL_SCRIPT_MAX_OUTPUT_SIZE`	Sets the maximum size for an individual script result. Default is `200000`.
`SSO_LOGOUT_URL`	Defines the URL APEX redirects to in order to trigger a logout from the Single Sign-On server. APEX automatically appends `?p_done_url=...login url...` Example: `https://login.example.com/pls/orasso/orasso.wwsso_app_admin.ls_logout`
`STRONG_SITE_ADMIN_PASSWORD`	If set to `Y`, the default, the `apex_admin` password must conform to the default set of strong complexity rules. If set to `N`, the password is not required to follow the strong complexity rules.
`SYSTEM_DEBUG_LEVEL`	Defines a default debug level for all incoming requests (null, 1-9) The SQLcl script `utilities/debug/d0.sql` can be used to switch between NULL (disabled) and level 9.
`SYSTEM_HELP_URL`	Location of the help and documentation accessed from the Help link within the development environment. Default is `http://apex.oracle.com/doc41`
`SYSTEM_MESSAGE`	The text to be displayed on the development environment home page. This text can include HTML.
`TRACE_HEADER_NAME`	This parameter contains a HTTP request header name and defaults to `ECID-CONTEXT`. The name must be in upper case. APEX writes the HTTP header value to the activity log's ECID column.
`TRACING_ENABLED`	If set to `Y` (the default), an application with Debug enabled can also generate server side db trace files using `&p_trace=YES` on the URL. If set to `N`, the request to create a trace file is ignored.
`UPGRADE_DATE`	This read-only parameter contains the date when the next scheduled APEX upgrade will automatically apply to your database or `NULL` when no upgrade is scheduled. The date follows the ISO 8601 format in the UTC time zone. This parameter only applies to APEX on Autonomous Database.
`UPGRADE_DEFERRED`	When `N` (default), future APEX upgrades are scheduled within the default upgrade window.When `Y`, future APEX upgrades are scheduled within the extended upgrade window. If the next APEX upgrade is already scheduled in this database, changing this parameter also reschedules this upgrade (for example, from the default upgrade window to the extended upgrade window). This parameter only applies to APEX on Oracle Autonomous Database.
`UPGRADE_STATUS`	This parameter contains the status of the next scheduled APEX upgrade if available. The possible values are: `UP-TO-DATE`, `SCHEDULED`, `RUNNING`. Set this parameter to `RUN` to initiate the upgrade. This parameter only applies to APEX on Autonomous Database.
`UPGRADE_VERSION`	This read-only parameter contains the APEX version to be installed with the next scheduled upgrade or `NULL` when no upgrade is scheduled. This parameter only applies to APEX on Autonomous Database.
`USERNAME_VALIDATION`	The case-sensitive regular expression used to validate a username when creating or modifying developer and workspace administrator accounts. Default is `*` (asterisk) (validation is disabled).
`WALLET_PATH`	The path to the wallet on the file system, for example: `file:/home/<username>/wallets`
`WALLET_PWD`	The password associated with the wallet. Use an empty/null value for auto-login wallets.
`WORKSPACE_FREE_SPACE_LIMIT`	Sets percentage limit for free space in a workspace. If available space is lower that the value set here, a report lists them for the APEX Administrator Digest.
`WORKSPACE_MAX_OUTPUT_SIZE`	The maximum space allocated for script results. Default is `2000000`
`WORKSPACE_NAME_USER_COOKIE`	If set to `Y` or null (the default), APEX sends persistent cookies for workspace name and username during login, as well as for language selection. If `N`, the cookies are not sent.
`WORKSPACE_PROVISION_DEMO_OBJECTS`	If set to `Y` (default), demonstration applications and database objects are created in new workspaces. If set to `N`, they are not created in new workspaces.
`WORKSPACE_TEAM_DEV_FILES_YN`	If set to `Y`, the default, new workspaces enable file uploads into Team Development. If set to `N`, new workspaces disable file uploads into Team Development, disabling the ability to upload `feature`, `bug`, and `feedback` attachments.
`WORKSPACE_TEAM_DEV_FS_LIMIT`	The maximum per upload file size of a Team Development file (feature, bug, and feedback attachments). Default value is `15728640` (15 MB). All possible options are listed below: `5 MB - 5242880 \| 10 MB - 10485760 \| 15 MB - 15728640 \| 20 MB - 20971520 \| 25 MB - 26214400`
`ZIP_FILE_MAX_EXPANSION_FACTOR`	The maximum factor by which a compressed file can expand after decompression. Default value is `200`.
`ZIP_FILE_MAX_UNCOMPRESSED_SIZE_MB`	The maximum size to unzip a file. Default value is `4096` MB.

Instance and Workspace Parameters

The following parameters can be configured at both the Instance level (using APEX_INSTANCE_ADMIN.SET_PARAMETER) and the Workspace level (using APEX_INSTANCE_ADMIN.SET_WORKSPACE_PARAMETER).

Parameter	Description
`ACCOUNT_LIFETIME_DAYS`	The maximum number of days an end-user account password may be used before the account is expired.
`AI_IS_ENABLED`	If set to `Y` (default), then AI Services can be enabled and configured for workspaces. If set to `N`, AI functionality is disabled for all workspaces.
`ALLOW_HOSTING_EXTENSIONS`	Default `N`. If `Y`, the workspace is enabled to publish Builder Extension apps through the Extension Menu.
`ALLOW_HOSTNAMES`	If set, users can only navigate to an application if the URL's hostname part contains this value. Instance administrators can configure more specific values at workspace level.
`CONTENT_CACHE_MAX_FILE_SIZE`	The individual file entry size limit for the content cache, per workspace.
`CONTENT_CACHE_SIZE_TARGET`	The target size for the content cache, per workspace.
`ENV_BANNER_COLOR`	Defines the color class name for the environment banner color. Use `accent-1`, `accent-2`, `accent-3` (and so on). Maximum of 16 color classes.
`ENV_BANNER_ENABLE`	If set to `Y` (default is `N`), the environment banner displays in the APEX development environment to visually flag the environment.
`ENV_BANNER_LABEL`	Defines the label for the environment banner.
`ENV_BANNER_POS`	Defines the display position for the environment banner. Options: `LEFT` or `TOP`.
`EXPIRE_FND_USER_ACCOUNTS`	If set to `Y`, expiration of APEX accounts is enabled. If set to `N`, they are not enabled.
`MAX_LOGIN_FAILURES`	The maximum number of consecutive unsuccessful authentication attempts allowed before a developer or administrator account is locked.
`MAX_SESSION_IDLE_SEC`	The number of seconds an internal application may be idle.
`MAX_SESSION_LENGTH_SEC`	The number of seconds an internal application session may exist.
`MAX_WEBSERVICE_REQUESTS`	The maximum number of outbound web service requests allowed for each workspace in a rolling 24-hour period. Default is 1000.
`QOS_MAX_SESSION_KILL_TIMEOUT`	Number of seconds that an active old session can live, when `QOS_MAX_SESSION_REQUESTS` has been reached. The oldest DB session with `LAST_CALL_ET` greater than `QOS_MAX_SESSION_KILL_TIMEOUT` will be killed.
`QOS_MAX_WORKSPACE_REQUESTS`	Number of allowed concurrent requests to sessions in this workspace.
`QOS_MAX_SESSION_REQUESTS`	Number of allowed concurrent requests to one session associated with this workspace.
`RM_CONSUMER_GROUP`	If set, this is the resource manager consumer group to be used for all page events. A more specific group can be configured at workspace level.
`SESSION_TIMEOUT_WARNING_SEC`	The number of seconds before session timeout that a warning is displayed, for internal applications.
`WEBSERVICE_LOGGING`	Controls instance wide setting of web service activity log: [`A`]lways, [`N`]ever, [`U`]se workspace settings.
`WORKSPACE_EMAIL_MAXIMUM`	Maximum number of emails allowed to be sent via `APEX_MAIL` per workspace in a 24 hour period. Default is 1000.
`WORKSPACE_MAX_FILE_BYTES`	The maximum number of bytes for uploaded files for a workspace. A setting at workspace level overrides the instance level setting.

Workspace Parameters

The following parameters can be configured only at the Workspace level (using APEX_INSTANCE_ADMIN.SET_WORKSPACE_PARAMETER).

Parameter	Description
`OPENTELEMETRY_CLS_URL`	The external Client Logging Service (CLS) URL that is obtained during telemetry provisioning.
`OPENTELEMETRY_TOKEN_RELAY_URL`	The REST service that obtains an access token for the currently logged in user. The token is used for authentication when calling the CLS.
`PATH_PREFIX`	The unique URI path prefix used to access RESTful Services in a workspace. The default path prefix value is the name of the workspace. Note that this is a workspace parameter, it can not be set at instance level.