Skip to content

Latest commit

 

History

History
161 lines (125 loc) · 4.67 KB

public-api.md

File metadata and controls

161 lines (125 loc) · 4.67 KB
Raw
title keywords description
public-api
Apache APISIX
API Gateway
Public API
The public-api is used for exposing an API endpoint through a general HTTP API router.

Description

The public-api is used for exposing an API endpoint through a general HTTP API router.

When you are using custom Plugins, you can use the public-api Plugin to define a fixed, public API for a particular functionality. For example, you can create a public API endpoint /apisix/plugin/jwt/sign for JWT authentication using the jwt-auth Plugin.

:::note

The public API added in a custom Plugin is not exposed by default and the user should manually configure a Route and enable the public-api Plugin on it.

:::

Attributes

Name Type Required Default Description
uri string False "" URI of the public API. When setting up a Route, use this attribute to configure the original public API URI.

Example usage

The example below uses the jwt-auth Plugin and the key-auth Plugin along with the public-api Plugin. Refer to their documentation for it configuration. This step is omitted below and only explains the configuration of the public-api Plugin.

Basic usage

You can enable the Plugin on a specific Route as shown below:

curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r1' \
    -H 'X-API-KEY: <api-key>' \
    -H 'Content-Type: application/json' \
    -d '{
    "uri": "/apisix/plugin/jwt/sign",
    "plugins": {
        "public-api": {}
    }
}'

Now, if you make a request to the configured URI, you will receive a JWT response:

curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'

Using custom URI

You can also use a custom URI for exposing the API as shown below:

curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r2' \
    -H 'X-API-KEY: <api-key>' \
    -H 'Content-Type: application/json' \
    -d '{
    "uri": "/gen_token",
    "plugins": {
        "public-api": {
            "uri": "/apisix/plugin/jwt/sign"
        }
    }
}'

Now you can make requests to this new endpoint:

curl 'http://127.0.0.1:9080/gen_token?key=user-key'

Securing the Route

You can use the key-auth Plugin to add authentication and secure the Route:

curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r2' \
    -H 'X-API-KEY: <api-key>' \
    -H 'Content-Type: application/json' \
    -d '{
    "uri": "/gen_token",
    "plugins": {
        "public-api": {
            "uri": "/apisix/plugin/jwt/sign"
        },
        "key-auth": {}
    }
}'

Now, only authenticated requests are allowed:

curl -i 'http://127.0.0.1:9080/gen_token?key=user-key' \
    -H "apikey: test-apikey"
HTTP/1.1 200 OK

The below request will fail:

curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
HTTP/1.1 401 Unauthorized

Delete Plugin

To remove the public-api Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.

:::note You can fetch the admin_key from config.yaml and save to an environment variable with the following command:

admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')

:::

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
  "uri": "/hello",
  "upstream": {
    "type": "roundrobin",
    "nodes": {
      "127.0.0.1:1980": 1
    }
  }
}'