W
Wasp-lang•4mo ago
Anima

Create API endpoint for external service

I want to create an endpoint for an external service to trigger an update to a DB entry. I only want to allow this particular service to use the endpoint, but If the incoming request has an "authorization" header, it's rejected by some middleware with the message '{"message":"Invalid credentials","data":{}}% '. How can I bypass this middleware?
6 Replies
kapa.ai
kapa.ai•4mo ago
Hi @Anima. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- To create an API endpoint in Wasp, you can use the api declaration in your main.wasp file. Here is an example:
api fooBar {
fn: import { fooBar } from "@src/apis",
httpRoute: (GET, "/foo/bar"),
entities: [Task],
auth: true,
middlewareConfigFn: import { apiMiddleware } from "@src/apis"
}
api fooBar {
fn: import { fooBar } from "@src/apis",
httpRoute: (GET, "/foo/bar"),
entities: [Task],
auth: true,
middlewareConfigFn: import { apiMiddleware } from "@src/apis"
}
This declaration includes several fields: - fn: ExtImport: The import statement of the APIs NodeJs implementation. - httpRoute: (HttpMethod, string): The HTTP (method, path) pair, where the method can be one of: ALL, GET, POST, PUT or DELETE and path is an Express path string. - entities: [Entity]: A list of entities you wish to use inside your API. - auth: bool: If auth is enabled, this will default to true and provide a context.user object. If you do not wish to attempt to parse the JWT in the Authorization Header, you should set this to false. - middlewareConfigFn: ExtImport: The import statement to an Express middleware config function for this API. In your case, if you want to bypass the middleware that is rejecting requests with an "authorization" header, you can set the auth field to false. This will prevent Wasp from attempting to parse the JWT in the Authorization Header. However, please note that this will also disable the context.user object, which might be necessary for other parts of your API. If you need to keep the context.user object, you might need to modify your middleware to allow requests with an "authorization" header. You can also configure the global middleware via the middlewareConfigFn. This will modify the middleware stack for all operations and APIs. You can read more about it here (https://wasp-lang.dev/docs/project/server-config#middlewareconfigfn-extimport). Finally, to implement the API, you need to define a NodeJS function that takes three arguments: req (Express Request object), res (Express Response object), and context (an additional context object injected into the API by Wasp). Here is an example:
export const fooBar = (req, res, context) => {
res.set("Access-Control-Allow-Origin", "*"); // Example of modifying headers to override Wasp default CORS middleware.
res.json({ msg: `Hello, ${context.user ? "registered user" : "stranger"}!` });
};
export const fooBar = (req, res, context) => {
res.set("Access-Control-Allow-Origin", "*"); // Example of modifying headers to override Wasp default CORS middleware.
res.json({ msg: `Hello, ${context.user ? "registered user" : "stranger"}!` });
};
Please note that this is a simple example and you might need to modify it to fit your needs. Sources: - API Reference (https://wasp-lang.dev/docs/advanced/apis#api-reference) - Middleware Config Function (https://wasp-lang.dev/docs/project/server-config#middleware-configfn-extimport) - Defining the API's NodeJS Implementation (https://wasp-lang.dev/docs/advanced/apis#defining-the-apis-nodejs-implementation) ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @Anima, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho•4mo ago
Please share your code with us, so we can help you better. Parts of the Wasp file and parts of your JS/TS code.
Anima
AnimaOP•4mo ago
Wow, that was super fast. kapa's suggestion to add "auth: false" has done it, thanks! 🙂
devrim
devrim•4mo ago
i'm doing exactly as above, not getting any errors, when i hit the url, i get an vanilla html page instead of api response.. any pointers for me?
No description
No description
miho
miho•4mo ago
Which URL are you using to talk to the API?
Want results from more Discord servers?
Add your server