The configuration of the OData service is in the file <DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/classes/

In this file you can modify the following properties:

  • odataserver.address: service name. For example, if you change this to /odata-interface.svc, the URL to access the service will be https://<denodo-server>:9443/denodo-odata4-service/odata-interface.svc/<database name>/.

  • odataserver.serviceRoot (optional): root URI of the service. Set the value of this property if the service is going to be accessed through a gateway, so links within the OData response use this URI as root. For example, if the value of this property is, a request to http://server001:9090/denodo-odata4-service/denodo-odata.svc/movies will return this URL in the response:

  • server.pageSize: number of records returned per request. See more about this in the section Pagination section.

  • enable.adminUser: if false the user account admin (not other administrator accounts) will not be allowed to access this service. This functionality can be used only with Basic authentication, not with Kerberos authentication, nor OAuth.

  • debug.enabled: if true, the responses to requests with the query parameter ?odata-debug=json will include debugging information, in addition to the data itself.

  • disable.basicAuthentication: set to true to disable HTTP Basic authentication in this service; false to enable it.

  • disable.kerberosAuthentication: set to true to disable Kerberos authentication in this service; false to enable it.

  • enable.streaming: set to true to support entity collection streaming; false to disable it. Default value: true.

  • timestampTimezone: time zone to format the datetime values. E.g. America/New_York (see in this list the possible values for this parameter). If there is no value, the service uses UTC.

To enable Kerberos authentication in this service, first you need to enable Kerberos authentication for the Denodo server. The section Kerberos Authentication explains how to do it.

  • disable.oauth2Authentication: set to true to disable OAuth 2.0 authentication in this service.

    To enable OAuth authentication in this service, first you need to enable OAuth authentication for the Denodo server. The section OAuth Authentication explains how to do it.

  • forceSpecNullOrdering: in some RDMBS (such as Oracle), the ordering of null values is performed just in the opposite way as defined in the OData specification, that says that null values must be placed first in an ASC ordination, as well as placed last in a DESC ordination. Setting this property to true forces the ordination to conform the OData specification.

When you enable/disable the authentication mechanisms of this service, you need to leave at least one authentication mechanism enabled.

Restart the Virtual DataPort server for the changes on this file to take effect.

Enabling Kerberos Authentication in the OData Service

The OData Service supports Single Sign-On (using the Kerberos protocol). Follow these steps to enable this:

  1. Perform the post-installation tasks described in the section Setting-up Kerberos Authentication of the Installation Guide.

  2. Enable Kerberos in the Virtual DataPort Server, as described in the section Setting-Up the Kerberos Authentication in the Virtual DataPort Server of the Administration Guide.

  3. In the file <DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/classes/, set the property disable.kerberosAuthentication to false.

  4. Configure Kerberos in your browser.


To access the Denodo OData 4.0 Service, use the Fully Qualified Domain Name of the Server Principal Name you configured in the Virtual DataPort Server. For example, if your Server Principal Name is HTTP/, access the Denodo OData 4.0 Service with the URL or

Enabling Cross-Origin Resource Sharing (CORS)

This service supports Cross-origin resource sharing (CORS). The section Cross-origin Resource Sharing (CORS) (settings of published REST web services) explains what CORS is.

To enable the CORS support on the OData Service, follow these steps:

  1. Do the steps of the section Initial Set-Up of CORS (you have done this already if you published a Denodo REST web service with CORS enabled).

  2. Before starting any server of this Denodo installation, edit the file <DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/web.xml and add the following at the top of this file.

    <!DOCTYPE doc [
    <!ENTITY cors_settings SYSTEM "cors_settings.xml">

    The file has to end up looking like:

    <!DOCTYPE doc [
    <!ENTITY cors_settings SYSTEM "cors_settings.xml">
    <web-app ...

    And add the reference in the filters section:

    <!-- ******************* -->
    <!-- Filters             -->
    <!-- ******************* -->
  3. Edit the file cors_settings.xml of the folder <DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/.

  4. Uncomment the contents of the file.

  5. By default, the value of the property is *. With this, the service will allow CORS requests received from any domain.

    To limit the domains from which CORS requests are allowed, change the value of this property: replace * with the list of allowed URLs (separate each URL by a comma).

    For example,,,

    CORS requests from any other origin will be denied with the HTTP code 403 (Forbidden)


    For each URL, enter its protocol as well. URLs that not contain the protocol are invalid. E.g. is invalid.

  6. Restart the Virtual DataPort server to apply the changes.

Supported HTTP Header Methods

The supported HTTP header methods in the Denodo OData4 Service are GET and OPTIONS. However, OPTIONS is disabled by default in the Tomcat web server included in Denodo. Follow these steps to enable it:

  1. Edit the file <DENODO_HOME>/resources/apache-tomcat/conf/web.xml and comment or remove the following block:

          <web-resource-name>restricted methods</web-resource-name>
          <web-resource-name>restricted methods</web-resource-name>
  2. Edit the file <DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/cors_settings.xml. Change the value of the cors.allowed.methods property to GET, OPTIONS instead of the original GET, POST, PUT, DELETE, HEAD, OPTIONS. Like this:

    <param-value>GET, OPTIONS</param-value>
Add feedback