public-api
#
DescriptionThe public-api
is used for exposing an API endpoint through a general HTTP API router.
When you are using custom Plugins, you can use the public-api
Plugin to define a fixed, public API for a particular functionality. For example, you can create a public API endpoint /apisix/plugin/jwt/sign
for JWT authentication using the jwt-auth Plugin.
note
The public API added in a custom Plugin is not exposed by default and the user should manually configure a Route and enable the public-api
Plugin on it.
#
AttributesName | Type | Required | Default | Description |
---|---|---|---|---|
uri | string | False | "" | URI of the public API. When setting up a Route, use this attribute to configure the original public API URI. |
#
Example usageThe example below uses the jwt-auth Plugin and the key-auth Plugin along with the public-api
Plugin. Refer to their documentation for it configuration. This step is omitted below and only explains the configuration of the public-api
Plugin.
#
Basic usageYou can enable the Plugin on a specific Route as shown below:
curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r1' \
-H 'X-API-KEY: <api-key>' \
-H 'Content-Type: application/json' \
-d '{
"uri": "/apisix/plugin/jwt/sign",
"plugins": {
"public-api": {}
}
}'
Now, if you make a request to the configured URI, you will receive a JWT response:
curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
#
Using custom URIYou can also use a custom URI for exposing the API as shown below:
curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r2' \
-H 'X-API-KEY: <api-key>' \
-H 'Content-Type: application/json' \
-d '{
"uri": "/gen_token",
"plugins": {
"public-api": {
"uri": "/apisix/plugin/jwt/sign"
}
}
}'
Now you can make requests to this new endpoint:
curl 'http://127.0.0.1:9080/gen_token?key=user-key'
#
Securing the RouteYou can use the key-auth
Plugin to add authentication and secure the Route:
curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r2' \
-H 'X-API-KEY: <api-key>' \
-H 'Content-Type: application/json' \
-d '{
"uri": "/gen_token",
"plugins": {
"public-api": {
"uri": "/apisix/plugin/jwt/sign"
},
"key-auth": {}
}
}'
Now, only authenticated requests are allowed:
curl -i 'http://127.0.0.1:9080/gen_token?key=user-key' \
-H "apikey: test-apikey"
HTTP/1.1 200 OK
The below request will fail:
curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
HTTP/1.1 401 Unauthorized
#
Delete PluginTo remove the public-api
Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
note
You can fetch the admin_key
from config.yaml
and save to an environment variable with the following command:
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"uri": "/hello",
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'