Custom API Endpoint Authed Access

commentsBot · May 15, 2024, 10:18pm

I’ve created an custom api endpoint and everything appears to be up and working as expected atm when I set the route config: {auth: false}. However, when attempting to secure the route I’m getting a 401.

routes: test-auth-api.js

module.exports = {
  routes: [
    {
     method: 'GET',
     path: '/test-auth-api',
     handler: 'test-auth-api.exampleAction',
     config: {
       // auth: false,
       auth: {
         strategies: ["jwt"],
       },
       policies: [],
       middlewares: [],
     },
    },
  ],
};

controllers: test-auth-api.js

module.exports = {
  exampleAction: async (ctx, next) => {
    try {
      ctx.body = 'ok';
    } catch (err) {
      ctx.body = err;
    }
  }
};

I’ve made sure to also allow the role access to this endpoint as well (as seen in the uploaded screenshot).

What might I be doing wrong or not have set in order for me to secure this down to the role that the user is logged in as?

Thanks in advance. Been banging my head on this for a bit.

This topic has been created from a Discord post (1240428081651515483) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

commentsBot · May 16, 2024, 2:17am

For authenticated end-points, you will need to include the JWT token in the request header(Authorization header aka bearer token).

commentsBot · May 16, 2024, 11:32am

I am including it when making the requets as Authorization Bearer TOKEN

commentsBot · May 16, 2024, 11:33am

And meant to include this is on Strapi 4.22.1

commentsBot · May 16, 2024, 11:50am

and to be clear the request being made is

curl --location 'http://localhost:1337/api/test-auth-api' --header 'Authorization: Bearer [JWT_TOKEN]'