Set ACL rule for custom endpoint

Hey there! I love cockpit so far, it was super fast for me to set up a simple API.
I’d like to extend that API a bit and issue more complex queries (such as getting collection items in a bounding box). I understand that I can place something into config/api/test.php and call it via /api/test?token=.... That’s super neat!

Can I somehow make this endpoint public? If not, how would I configure an access token to be able to access this endpoint? I didn’t find any very good information on the ACL syntax unfortunately. Thanks for any help!

Just create a custom key with all the rules you want public in there - you can add the endpoint to those rules. For example:


Thanks, that worked perfectly fine!

config/api/public/test.php doesn’t require an api token.

the request would then look like this:


1 Like

Nice, also very helpful! So I guess everything in /api/public/* is public by default (well, duh)? I might add this to the cockpit-snippets repository which already contains a lot of helpful information.