API
The api block bundles endpoints under a certain base_path.
If an error occurred for api endpoints the response gets processed as JSON error with an error body payload. This can be customized via
error_file.
| Block name | Context | Label |
|---|---|---|
api | Server Block | Optional |
Attribute allowed_methods
The default value * can be combined with additional methods. Methods are matched case-insensitively. Access-Control-Allow-Methods is only sent in response to a CORS preflight request, if the method requested by Access-Control-Request-Method is an allowed method.
Example: allowed_methods = ["GET", "POST"] or allowed_methods = ["*", "BREW"]
Attribute required_permission
If the value is a string, the same permission applies to all request methods. If there are different permissions for different request methods, use an object with the request methods as keys and string values. Methods not specified in this object are not permitted. "*" is the key for "all other standard methods". Methods other than GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS must be specified explicitly. A value "" means "no permission required".
Example:
required_permission = "read"
# or
required_permission = { post = "write", "*" = "" }
# or
required_permission = default(request.path_params.p, "not_set")
Attributes
| Name | Type | Default | Description |
|---|---|---|---|
access_control | tuple (string) | [] | Sets predefined access control for this block. |
add_response_headers | object | - | Key/value pairs to add as response headers in the client response. |
allowed_methods | tuple (string) | * | Sets allowed methods as default for all contained endpoints. Requests with a method that is not allowed result in an error response with a |
base_path | string | - | Configures the path prefix for all requests. |
custom_log_fields | object | - | Log fields for custom logging. Inherited by nested blocks. |
disable_access_control | tuple (string) | [] | Disables access controls by name. |
error_file | string | - | Location of the error file template. |
remove_response_headers | tuple (string) | [] | List of names to remove headers from the client response. |
required_permission | string or object (string) | - | Permission required to use this API (see error type |
set_response_headers | object | - | Key/value pairs to set as response headers in the client response. |
Nested Blocks
| Name | Description |
|---|---|
cors | Configures CORS settings (zero or one). |
endpoint | Configures an endpoint (zero or more). |
error_handler | Configures an error handler (zero or more). |