Create protected Glue API endpoints
Edit on GitHubThis document describes how to create a protected endpoint for a resource, or a custom-route in storefront and backend API applications.
Prerequisites
Integrate authorization into your project. For details, see Authorization protected endpoints integration.
Create protected endpoints
Let’s say you have a module named ModuleRestApi, where you want to have a new protected endpoint /module with GET and POST methods. To create the protected endpoint, follow these steps:
- To
src/Pyz/Shared/GlueStorefrontApiApplicationAuthorizationConnector/GlueStorefrontApiApplicationAuthorizationConnectorConfig.php, add a route or regular expression for the endpoint:
<?php
namespace Pyz\Shared\GlueStorefrontApiApplicationAuthorizationConnector;
use Spryker\Shared\GlueStorefrontApiApplicationAuthorizationConnector\GlueStorefrontApiApplicationAuthorizationConnectorConfig as SprykerGlueStorefrontApiApplicationAuthorizationConnectorConfig;
class GlueStorefrontApiApplicationAuthorizationConnectorConfig extends SprykerGlueStorefrontApiApplicationAuthorizationConnectorConfig
{
public function getProtectedPaths(): array
{
return [
// Route added by a full name and provide access for all
// methods if the token is passed and valid
'/module' => [
'isRegularExpression' => false,
],
// Route added by regular expression and provide access for
// methods patch, get if the token is passed and valid
'/\/module\/.+/' => [
'isRegularExpression' => true,
'methods' => [
'patch',
'get',
],
],
];
}
}
For backend API, use the appropriate backend-specific class src/Pyz/Shared/GlueBackendApiApplicationAuthorizationConnector/GlueBackendApiApplicationAuthorizationConnectorConfig.php.
- Try to access
https://glue-storefront.mysprykershop.com/modulewithout an access token. - Check that the output contains the 403 response with the
Unauthorized request.message. - Access
https://glue-storefront.mysprykershop.com/module, with a valid access token.
Thank you!
For submitting the form