Http Router Service
One of the most common services is the HTTP router service which is used to expose HTTP endpoints for other plugins to consume.
Using the service
The following example shows how to register a HTTP router for the example
plugin.
This single route will be available at the /api/example/hello
path.
import {
coreServices,
createBackendPlugin,
} from '@backstage/backend-plugin-api';
import { Router } from 'express';
createBackendPlugin({
pluginId: 'example',
register(env) {
env.registerInit({
deps: { http: coreServices.httpRouter },
async init({ http }) {
const router = Router();
router.get('/hello', (_req, res) => {
res.status(200).json({ hello: 'world' });
});
// Registers the router at the /api/example path
http.use(router);
},
});
},
});
This service is also responsible for keeping track of the auth policies that apply to your routes. The default policy is to require that auth is present with every incoming request, and to accept both service and user credentials (excluding limited access tokens). You can override this while registering your routes. This dangerously allows unauthenticated access on a specific route:
http.addAuthPolicy({
path: '/static/:id',
allow: 'unauthenticated',
});
Note that the path is exactly the same format as what you used in your routes, including placeholders.
If your plugin uses cookie based access (which is rare), you need to allow that as follows:
http.addAuthPolicy({
path: '/static/:id',
allow: 'user-cookie',
});
For those routes you will also have to specify allowLimitedAccess: true
when
using the auth
and httpAuth
services to
access the incoming credentials.
Configuring the service
This service does not have any configuration options.