Skip to main content
Version: Next

HttpRouterService.addAuthPolicy()

Home > @backstage/backend-plugin-api > HttpRouterService > addAuthPolicy

Adds an auth policy to the router. This is used to allow unauthenticated or cookie based access to parts of a plugin's API.

Signature:

addAuthPolicy(policy: HttpRouterServiceAuthPolicy): void;

Parameters

Parameter

Type

Description

policy

HttpRouterServiceAuthPolicy

**Returns:**

void

Remarks

The paths given follow the same pattern as the routers given to the use method, that is, they are relative to the plugin's base URL, and can contain placeholders.

Example

http.addAuthPolicy({
path: '/static/:id',
allow: 'user-cookie',
});

This allows limited access tokens via cookies on the /api/<plugin-id>/static/* paths, but not unauthenticated access.