Skip to main content
Version: Next

Http Router Service

One of the most common services is the HTTP router service which is used to expose HTTP endpoints for other plugins to consume.

Using the service

The following example shows how to register a HTTP router for the example plugin. This single route will be available at the /api/example/hello path.

import {
coreServices,
createBackendPlugin,
} from '@backstage/backend-plugin-api';
import { Router } from 'express';

createBackendPlugin({
pluginId: 'example',
register(env) {
env.registerInit({
deps: { http: coreServices.httpRouter },
async init({ http }) {
const router = Router();
router.get('/hello', (_req, res) => {
res.status(200).json({ hello: 'world' });
});
// Registers the router at the /api/example path
http.use(router);
},
});
},
});

This service is also responsible for keeping track of the auth policies that apply to your routes. The default policy is to require that auth is present with every incoming request, and to accept both service and user credentials (excluding limited access tokens). You can override this while registering your routes. This dangerously allows unauthenticated access on a specific route:

http.addAuthPolicy({
path: '/static/:id',
allow: 'unauthenticated',
});

Note that the path is exactly the same format as what you used in your routes, including placeholders.

If your plugin uses cookie based access (which is rare), you need to allow that as follows:

http.addAuthPolicy({
path: '/static/:id',
allow: 'user-cookie',
});

For those routes you will also have to specify allowLimitedAccess: true when using the auth and httpAuth services to access the incoming credentials.

Configuring the service

This service does not have any configuration options.