dotAI
dotAI integrates powerful AI tools into your dotCMS instance, allowing new horizons of automation — content and image generation, semantic searches, and more. Through workflows, dotAI is capable of performing batch operations — such as adding images to any content that's missing an image, or automatically generating SEO metadata to large swaths of content, adding content tags, and numerous other tasks.
dotAI supports multiple AI service providers — OpenAI, Azure OpenAI, Google Vertex AI (Gemini), and Amazon Bedrock — configured via the providerConfig JSON in the App settings. Additionally, the dotAI features will soon be available by default; at this moment, it requires one of two activation methods:
- Enable the dotAI tool through the admin panel, or
- Deploy the dotAI plugin (versions prior to dotCMS 24.04.05 that meet the requirements)
Requirements#
This feature requires the following:
- Credentials for your chosen AI provider (see App Configuration for provider-specific requirements);
- Postgres 18 with the pgvector extension installed.
- If you're on dotCMS Cloud, we'll handle it!
- For self-hosted customers, see below.
Self-Hosted#
For embeddings to function, a vector extension must be added to the Postgres database. The dotAI plugin will add this extension automatically, but this process requires dotCMS's database user has superuser privileges, ensuring extensions can be installed.
If the database user does not have sufficient rights, it may be necessary for IT or administrators to manually add the extension. The simplest implementation is via the pgvector/pgvector Docker tag, easily accessible via the command docker pull pgvector/pgvector. The image can be applied to a docker-compose.yml by adding it to the database section:
db: image: pgvector/pgvector
Note also that these privileges are only required for the extension's installation, and not for its subsequent use.
App Configuration#
dotAI is configured via a single Provider Config (JSON) field in Settings > Apps > dotAI. All configuration — provider credentials, model selection, prompts, and behavioral settings — is expressed as a JSON object in this field.
The Provider Config JSON approach is relatively new; for the prior config, see Legacy Configuration. For transitioning, see our migration guide.
The JSON has up to four top-level properties: chat, embeddings, image, and settings. Each section declares its own provider independently, so you can mix providers freely — for example, Vertex AI for chat and OpenAI for embeddings and images.
Common Fields#
The following fields are available in the chat, embeddings, and image sections across all providers. Provider-specific fields are documented in the sections below.
| Field | Description |
|---|---|
provider | The AI provider to use. Accepted values: "openai", "azure_openai", "vertex_ai". |
apiKey | API key for this provider. Masked as ***** in the UI after saving. Not used for Vertex AI when authenticating via Application Default Credentials. |
model | Model name(s) to use. Supply a comma-separated list to enable fallback behavior — when the first model is unavailable, the next is tried. Example: "gpt-4o,gpt-4o-mini" |
endpoint | Custom API endpoint URL. Required for Azure OpenAI; omit for standard OpenAI endpoints. |
maxTokens | Maximum tokens per response. |
maxRetries | Number of retry attempts on failure. Not supported for Vertex AI streaming chat. |
temperature | (chat section only) Controls response randomness (0–2). |
Provider-Specific Fields#
Azure OpenAI (azure_openai)#
Prerequisites: An active Azure subscription with Azure OpenAI access enabled; an Azure OpenAI resource created in Azure AI Studio with one or more model deployments; the resource's API key and endpoint URL (found in Azure AI Studio → Your Resource → Keys and Endpoint).
| Field | Required | Description |
|---|---|---|
endpoint | Yes | Azure OpenAI resource base URL, e.g. https://my-resource.openai.azure.com/ |
deploymentName | Yes* | Name of the deployment in Azure AI Studio. |
apiVersion | Recommended | Azure API version string. Recommended: 2024-02-01. |
dimensions | Conditional | Embedding vector dimensions. Required when using text-embedding-3-small or text-embedding-3-large. |
size | No | Image dimensions for image generation, e.g. 1024x1024. |
timeout | No | Request timeout in seconds. |
*deploymentName or model is required. If your deployment name matches the model name exactly, model alone is sufficient; otherwise use deploymentName.
Note on reasoning models. Models in the o1, o3, and o4-mini families use max_completion_tokens instead of max_tokens at the API level. dotAI detects this automatically — set maxTokens as usual.
Note on API keys and multi-resource deployments. Azure scopes API keys to the resource, not to individual deployments. If your chat and embeddings deployments live in the same resource, both sections share the same apiKey and endpoint. If deployments span multiple resources, use the appropriate key and endpoint per section.
Google Vertex AI (vertex_ai)#
Prerequisites: A Google Cloud project with the Vertex AI API enabled; a service account with the Vertex AI User role or equivalent; either a downloaded service account key file (JSON) or workload identity configured (for GKE / Cloud Run).
Supported sections: chat only. Vertex AI Gemini does not support embeddings or image generation through this integration — those sections must use a different provider.
| Field | Required | Description |
|---|---|---|
projectId | Yes | GCP project ID, e.g. my-gcp-project. |
location | Yes | GCP region where the model is available, e.g. us-central1. |
credentialsJson | No | Full content of a GCP service account JSON key file, serialized as a single escaped JSON string. If omitted, Application Default Credentials (ADC) are used. |
timeout | No | Request timeout in seconds. Ignored for streaming chat. |
model defaults to gemini-1.5-flash if omitted; recommended values include gemini-2.0-flash and gemini-1.5-pro. See the Vertex AI model garden for availability by region. us-central1 has the broadest coverage.
Authentication. Two options are supported:
- Service account key file (recommended for on-premise / non-GCP deployments): paste the full content of your key file into
credentialsJson. The value must be a single escaped JSON string — not an inline JSON object. To produce the correct format:cat my-key.json | python3 -c "import json,sys; print(json.dumps(sys.stdin.read()))" - Application Default Credentials (recommended for GKE / Cloud Run): omit
credentialsJson. dotAI uses ADC automatically, respecting workload identity and environment-level credentials.
Amazon Bedrock (bedrock)#
Prerequisites: An active AWS account with Amazon Bedrock access; model access explicitly enabled for each model you intend to use (AWS Console → Amazon Bedrock → Model access — IAM permissions alone are not sufficient); an IAM identity with bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream permissions on the target models.
Supported sections: chat and embeddings. Image generation is not supported — configuring provider: "bedrock" for the image section throws an UnsupportedOperationException. Use a different provider for images.
| Field | Required | Description |
|---|---|---|
region | Yes | AWS region where the model is available, e.g. us-east-1. |
model | Yes | Bedrock model ID or inference-profile ID. See Model ID forms below. |
accessKeyId | No | AWS access key ID for static credentials. Must be set together with secretAccessKey, or both must be omitted. |
secretAccessKey | No | AWS secret access key. Must be set together with accessKeyId, or both must be omitted. |
dimensions | No | Embedding vector dimensions. Applies to Titan embedding models only (256, 512, or 1024 for Titan V2). |
embeddingInputType | No | Input type hint for Cohere embedding models: search_document, search_query, classification, or clustering. |
timeout | No | Per-attempt request timeout in seconds. Chat only — silently ignored for embedding models. |
maxRetries | No | Retry attempts on transient failures. Chat only — silently ignored for embedding models. |
Authentication. Two options are supported:
- Static credentials (IAM user): provide
accessKeyIdandsecretAccessKeytogether. Both must be present — supplying only one throws anIllegalArgumentExceptionat startup. - Default credential chain (recommended for EC2, EKS, ECS): omit both fields. dotAI uses the AWS SDK's
DefaultCredentialsProvider, which resolves credentials in order: environment variables (AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY) → system properties → AWS profile files (~/.aws/credentials) → EKS IRSA web identity / container role metadata.
Model ID forms. Bedrock uses two distinct ID formats depending on the model's throughput type:
- Inference-profile-prefixed IDs — required for models that only support cross-region inference profiles (no on-demand throughput). Must include a region prefix:
us.,eu., orapac.. Using the bare ID for these models returns aValidationException. - Bare on-demand IDs — for models with on-demand throughput. No prefix needed.
| Model | Correct ID | Form |
|---|---|---|
| DeepSeek R1 | us.deepseek.r1-v1:0 | Inference-profile-prefixed |
| Amazon Titan Embed Text V1 | amazon.titan-embed-text-v1 | Bare on-demand |
| Amazon Titan Embed Text V2 | amazon.titan-embed-text-v2:0 | Bare on-demand |
| OpenAI gpt-oss 120B ("Codex") | openai.gpt-oss-120b-1:0 | Bare on-demand |
| OpenAI gpt-oss 20B | openai.gpt-oss-20b-1:0 | Bare on-demand |
Model availability varies by region — check the Bedrock model catalog for your account. The IDs above have been live-tested against the dotCMS R&D Bedrock account.
Embedding model families. Two families are supported, with different routing and constraints:
- Amazon Titan (
amazon.titan-*): routed toBedrockTitanEmbeddingModel. Titan V1 always outputs 1536 dimensions, matching the defaultdot_embeddingspgvector schema (vector(1536)) with no schema changes required. Titan V2 supports configurable dimensions (256, 512, or 1024) via thedimensionsfield but requires a schema migration unless the instance was configured for a lower dimension from the start. - Cohere (
cohere.*): routed toBedrockCohereEmbeddingModel. UseembeddingInputTypeto specify the input hint appropriate for your use case.
timeout and maxRetries are not applied to either embedding family — the underlying Bedrock client for embeddings does not expose SDK override configuration.
Additional considerations:
timeoutis a per-attempt timeout mapping to the AWS SDK'sapiCallAttemptTimeout. Each retry gets the full budget — withmaxRetries: 2andtimeout: 30, worst-case total wait is 90 seconds.- DeepSeek R1 requires the
us.inference-profile prefix. The bare IDdeepseek.r1-v1:0is rejected with aValidationException. gpt-ossmodels require langchain4j-bedrock 1.16.0 or later. Earlier versions unconditionally includestopSequencesin Converse requests, which thegpt-ossfamily rejects with aValidationException. This affects both chat and streaming; DeepSeek R1 and Titan embeddings work correctly on earlier versions.
Provider Capability Summary#
| Provider | chat | embeddings | image |
|---|---|---|---|
openai | Yes | Yes | Yes |
azure_openai | Yes | Yes | Yes |
vertex_ai | Yes | No | No |
bedrock | Yes | Yes | No |
Settings#
The settings property carries behavioral and prompt configuration:
| Setting | Default | Description |
|---|---|---|
rolePrompt | "You are dotCMSbot..." | Prompt describing the role the AI plays. |
textPrompt | "Use Descriptive writing style." | Prompt describing the overall writing style of generated text. |
imagePrompt | "Use 16:9 aspect ratio." | Aspect ratio or visual style guidance for image generation. |
imageSize | "1024x1024" | Default dimensions of generated images. |
listenerIndexer | {} | JSON object mapping index names to Content Types for auto-indexing. Most useful on the System Host to propagate indexes across sites. Example: { "default": "blog,news,webPageContent" } |
temperature | 1 | Default temperature for chat completions. |
embeddingsSplitAtTokens | 512 | Token chunk size for splitting content during embedding. |
embeddingsMinimumTextLength | 64 | Minimum character length for a text chunk to be embedded. |
embeddingsMinimumFileSize | 1024 | Minimum file size (bytes) for binary files to be embedded. |
embeddingsFileExtensions | pdf,doc,docx,txt,html | File extensions eligible for embedding. |
embeddingsSearchThreshold | .25 | Default similarity threshold for embedding searches. |
embeddingsThreads | 3 | Number of concurrent embedding threads. |
embeddingsThreadsMax | 6 | Maximum concurrent embedding threads. |
embeddingsThreadsQueue | 10000 | Embedding thread queue depth. |
embeddingsCacheTtlSeconds | 600 | Embeddings cache TTL in seconds. |
embeddingsCacheSize | 1000 | Embeddings cache maximum size. |
embeddingsDeleteOldOnUpdate | true | Whether to delete old embeddings when content is updated. |
debugLogging | false | Enable verbose debug logging. |
Only include settings that differ from the defaults shown above — omitted keys fall back to their default values.
Each site can have its own providerConfig, or inherit the configuration from SYSTEM_HOST. To configure a specific site, select it from the site picker in Settings > Apps > dotAI before saving.
Once installed and configured, the dotCMS surfaces a variety of utilities. The section below provides a brief overview of each, and a link to further documentation.
Configuration Examples#
Minimal — OpenAI (standard)#
Sufficient for most OpenAI deployments. Omit any section you don't use.
{ "chat": { "provider": "openai", "apiKey": "sk-...", "model": "gpt-4o", "maxTokens": 16384, "maxRetries": 3 }, "embeddings": { "provider": "openai", "apiKey": "sk-...", "model": "text-embedding-ada-002" }, "image": { "provider": "openai", "apiKey": "sk-...", "model": "dall-e-3" } }
OpenAI with custom settings#
Use the settings block only for values that differ from the defaults.
{ "chat": { "provider": "openai", "apiKey": "sk-...", "model": "gpt-4o,gpt-4o-mini", "maxTokens": 16384, "temperature": 0.7, "maxRetries": 3, "endpoint": "https://your-proxy.example.com/v1/chat/completions" }, "embeddings": { "provider": "openai", "apiKey": "sk-...", "model": "text-embedding-ada-002" }, "image": { "provider": "openai", "apiKey": "sk-...", "model": "dall-e-3" }, "settings": { "rolePrompt": "You are a helpful assistant for Acme Corp.", "textPrompt": "Be concise and professional.", "imagePrompt": "Use a clean, corporate visual style.", "imageSize": "1792x1024", "listenerIndexer": { "default": "blog,news,webPageContent" }, "embeddingsSplitAtTokens": 256, "embeddingsSearchThreshold": 0.3, "debugLogging": false } }
Azure OpenAI — chat and embeddings#
A minimal Azure configuration. Image generation here falls back to OpenAI; for a full Azure image setup see the example below.
{ "chat": { "provider": "azure_openai", "apiKey": "YOUR_AZURE_API_KEY", "endpoint": "https://my-resource.openai.azure.com/", "deploymentName": "my-gpt4o-deployment", "apiVersion": "2024-02-01", "maxTokens": 16384 }, "embeddings": { "provider": "azure_openai", "apiKey": "YOUR_AZURE_API_KEY", "endpoint": "https://my-resource.openai.azure.com/", "deploymentName": "my-embeddings-deployment", "apiVersion": "2024-02-01" }, "image": { "provider": "openai", "apiKey": "sk-...", "model": "gpt-image-1" } }
If your deployment name matches the model name exactly, you can omit deploymentName and use model alone:
{ "chat": { "provider": "azure_openai", "apiKey": "YOUR_AZURE_API_KEY", "endpoint": "https://my-resource.openai.azure.com/", "model": "gpt-5.4", "apiVersion": "2024-02-01", "maxTokens": 16384 } }
Azure OpenAI — full configuration with image generation#
Azure supports two endpoint types for image generation, selected automatically based on the endpoint URL. In early 2026, Microsoft retired DALL-E 3 image deployments on Azure OpenAI in favour of the gpt-image series.
*.openai.azure.com(Classic Azure OpenAI): requiresdeploymentNameandapiVersion; supportsgpt-image-1.*.services.ai.azure.com(Azure AI Foundry): uses a plain OpenAI-style client; do not setapiVersion(it produces a warning if present); supportsgpt-image-2.
Full configuration using the Foundry endpoint for images:
{ "chat": { "provider": "azure_openai", "apiKey": "YOUR_AZURE_API_KEY", "endpoint": "https://my-resource.openai.azure.com/", "deploymentName": "my-gpt4o-deployment", "apiVersion": "2024-02-01", "maxTokens": 16384 }, "embeddings": { "provider": "azure_openai", "apiKey": "YOUR_AZURE_API_KEY", "endpoint": "https://my-resource.openai.azure.com/", "deploymentName": "my-embeddings-deployment", "apiVersion": "2024-02-01" }, "image": { "provider": "azure_openai", "apiKey": "YOUR_FOUNDRY_API_KEY", "endpoint": "https://my-resource.services.ai.azure.com/openai/v1/", "model": "gpt-image-2", "size": "1024x1024" } }
Google Vertex AI (Gemini) — chat only#
Vertex AI supports chat only; embeddings and images must use a separate provider.
{ "chat": { "provider": "vertex_ai", "projectId": "my-gcp-project", "location": "us-central1", "model": "gemini-2.0-flash", "credentialsJson": "{ ... service account JSON ... }" }, "embeddings": { "provider": "openai", "apiKey": "sk-...", "model": "text-embedding-ada-002" }, "image": { "provider": "openai", "apiKey": "sk-...", "model": "gpt-image-1" } }
To use Application Default Credentials instead of a key file, omit credentialsJson:
{ "chat": { "provider": "vertex_ai", "projectId": "my-gcp-project", "location": "us-central1", "model": "gemini-2.0-flash", "maxTokens": 8192 } }
Amazon Bedrock — chat and embeddings (Titan V1, static credentials)#
Titan V1 is recommended when no pgvector schema migration is possible, as its 1536-dimension output matches the default dot_embeddings schema directly.
{ "chat": { "provider": "bedrock", "region": "us-east-1", "model": "us.deepseek.r1-v1:0", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "maxTokens": 8192 }, "embeddings": { "provider": "bedrock", "region": "us-east-1", "model": "amazon.titan-embed-text-v1", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" } }
Amazon Bedrock — chat and embeddings (Titan V2)#
Requires a dot_embeddings schema configured for 1024 dimensions or fewer.
{ "chat": { "provider": "bedrock", "region": "us-east-1", "model": "us.deepseek.r1-v1:0", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "maxTokens": 8192 }, "embeddings": { "provider": "bedrock", "region": "us-east-1", "model": "amazon.titan-embed-text-v2:0", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "dimensions": 1024 } }
Amazon Bedrock — default credential chain (EC2 / EKS / ECS)#
Omit both credential fields when the instance or pod has an attached IAM role.
{ "chat": { "provider": "bedrock", "region": "us-east-1", "model": "us.deepseek.r1-v1:0", "maxTokens": 8192 }, "embeddings": { "provider": "bedrock", "region": "us-east-1", "model": "amazon.titan-embed-text-v1" } }
Amazon Bedrock chat with OpenAI embeddings and images#
{ "chat": { "provider": "bedrock", "region": "us-east-1", "model": "us.deepseek.r1-v1:0", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "maxTokens": 8192 }, "embeddings": { "provider": "openai", "apiKey": "sk-...", "model": "text-embedding-ada-002" }, "image": { "provider": "openai", "apiKey": "sk-...", "model": "dall-e-3" } }
Per-Site Config#
To configure a specific site, go to Settings > Apps > dotAI, select the target site from the site picker, and save a separate providerConfig JSON.
To verify which host's config is being applied, check the configHost field in the GET response:
GET /api/v1/ai/completions/config?siteId=your-site-id
{ "providerConfig": "{ ... }", "configHost": "SYSTEM_HOST" }
If configHost returns the target site's hostname, the per-site config is active. Credentials are masked as ***** in the response.
Legacy Configuration#
To transition from the legacy fields to the new JSON providerConfig approach, see our migration guide.
Before the implementation of the provider configuration specified above, the dotAI App Configuration followed a different, multiple-field pattern. A full list of the legacy fields follows:
| Field | Description |
|---|---|
| API Key | Your account's API key; must be present to utilize OpenAI services. |
| Model Names | A comma-separated list of the models used to generate OpenAPI responses. Including multiple models also enables fallback behavior; when a specified model is not found, the next one is used. Example: gpt-4o-mini,gpt-3.5-turbo-16k,gpt-4o |
| Role Prompt | A prompt describing the role (if any) the text generator will play for the dotCMS user. |
| Text Prompt | A prompt describing the overall writing style of generated text. |
| Tokens per Minute | Permits configurable rate limiting for text responses based on token use. |
| API per Minute | Permits configurable rate limiting for text responses based on API call volume. |
| Max Tokens | Permits configurable rate limiting for token consumption per API response. |
| Completion model enabled | If checked, causes text responses to incorporate completions. Completions are useful for interactive chat modes and other dynamic uses, capable of incorporating response histories into future responses. |
| Image Model Names | A comma-separated list of the image models used to generate graphical responses. Including multiple models also enables fallback behavior; when a specified model is not found, the next one is used. |
| Image Prompt | A specification of output aspect ratio. If the ratio specified differs significantly from the Image Size (below), the image will "letterbox" accordingly. |
| Image Size | Selects the default dimensions of generated images. |
| Image Tokens per Minute | Permits configurable rate limiting for image responses based on token use. |
| Image API per Minute | Permits configurable rate limiting for image responses based on API call volume. |
| Image Max Tokens | Permits configurable rate limiting for token consumption per image generation API response. |
| Image Completion model enabled | If checked, causes image responses to incorporate completions. Completions are useful for interactive chat modes and other dynamic uses, capable of incorporating response histories into future responses. |
| Embeddings Model Names | A comma-separated list of the image models used to generate graphical responses. Including multiple models also enables fallback behavior; when a specified model is not found, the next one is used. |
| Embeddings Tokens per Minute | Permits configurable rate limiting for embeddings responses based on token use. |
| Embeddings API per Minute | Permits configurable rate limiting for embeddings responses based on API call volume. |
| Embeddings Max Tokens | Permits configurable rate limiting for token consumption per embeddings API response. |
| Embeddings Completion model enabled | If checked, causes embedding responses to incorporate completions. Completions are useful for interactive chat modes and other dynamic uses, capable of incorporating response histories into future responses. |
| Auto Index Content Config | Allows App-level configuration of content indexes used as the basis for text generation. Takes a JSON mapping; each property name becomes an index, and each value is the Content Type it will take as its target content. Optional; indexes are also fully configurable under the dotAI Tool. Most useful when configured in the System Host, as this will instantiate the indexes across multiple sites. |
| Custom Properties | Additional key-value pairs for dotAI configuration. |
Using dotAI#
The dotAI feature includes several components, detailed separately:
| Component | Description |
|---|---|
| dotAI Tool | The dotAI admin-panel interface can be found via Tools -> dotAI, allowing direct usage, index definition, and general configuration of the feature. |
| AI Blocks | dotAI's integration with the Block Editor field provides the most straightforward way to get started generating content. |
| AI Workflows | AI Workflow Sub-Actions permit a range of asynchronous automations utilizing AI — such as generating entire contentlets on demand. |
| AI Viewtool | The AI Viewtool, accessible through $ai, allows AI operations via Velocity script. |
| API Resources | REST API endpoints allow AI operations to be performed headlessly. |