How to create protected custom API end points?

Dear cockpit users,

I created a custom api end point at /api/test by creating a file /config/api/test.php

<?php
return ['say'=>'hello'];

How can I protect the route from unauthenticated use? Also, how to write POST calls?

<?php

if (!$this->helper('auth')->getUser('role')) {
    $this->stop(403); // 'Permission denied'
}

return ['say'=>'hello'];

Thanks Artur!

  • How can I access the http cookies or JWT sent with header from a POST call?

  • Also, how to send a response with a http cookie in the response header?