Set ACL rule for custom endpoint


#1

Hey there! I love cockpit so far, it was super fast for me to set up a simple API.
I’d like to extend that API a bit and issue more complex queries (such as getting collection items in a bounding box). I understand that I can place something into config/api/test.php and call it via /api/test?token=.... That’s super neat!

Can I somehow make this endpoint public? If not, how would I configure an access token to be able to access this endpoint? I didn’t find any very good information on the ACL syntax unfortunately. Thanks for any help!


#2

Just create a custom key with all the rules you want public in there - you can add the endpoint to those rules. For example:

/api/collections/get
/api/singletons/*
/api/cockpit/image/*

#3

Thanks, that worked perfectly fine!


#4

config/api/public/test.php doesn’t require an api token.

the request would then look like this:

/api/public/test


#5

Nice, also very helpful! So I guess everything in /api/public/* is public by default (well, duh)? I might add this to the cockpit-snippets repository which already contains a lot of helpful information.