Set ACL rule for custom endpoint


Hey there! I love cockpit so far, it was super fast for me to set up a simple API.
I’d like to extend that API a bit and issue more complex queries (such as getting collection items in a bounding box). I understand that I can place something into config/api/test.php and call it via /api/test?token=.... That’s super neat!

Can I somehow make this endpoint public? If not, how would I configure an access token to be able to access this endpoint? I didn’t find any very good information on the ACL syntax unfortunately. Thanks for any help!


Just create a custom key with all the rules you want public in there - you can add the endpoint to those rules. For example:



Thanks, that worked perfectly fine!


config/api/public/test.php doesn’t require an api token.

the request would then look like this:



Nice, also very helpful! So I guess everything in /api/public/* is public by default (well, duh)? I might add this to the cockpit-snippets repository which already contains a lot of helpful information.