Examples cookbook: Custom routes
Page summary:Custom routes let you explicitly configure routes for content-types to control authentication and apply policies, such as bypassing default Strapi authentication or restricting access based on custom conditions.
These examples are built around FoodAdvisor, which is no longer Strapi's featured demo application (it has been superseded by LaunchPad). What matters here is understanding the backend mechanisms being demonstrated, not FoodAdvisor itself. These pages will be revisited to use LaunchPad.
This page is part of the back end customization examples cookbook. Please ensure you've read its introduction.
💭 Context:
Out of the box, FoodAdvisor does not control access to its content-type endpoints.
Let's say we previously created a policy to restrict access to the "Reviews" content-type to some conditions, for instance to prevent a restaurant's owner to create a review for their restaurants. We must now enable the policy on the route we use to create reviews.
🎯 Goals:
- Explicitly define a routes configuration for the "Reviews" content-type.
- Configure the route used when creating a review to:
- bypass the default Strapi authentication system
- and restrict access depending on the previously defined custom policy.
🧑💻 Code example:
In the /api folder of the FoodAdvisor project, replace the content of the api/src/api/review/routes/review.js file with the following code:
'use strict';
const { createCoreRouter } = require('@strapi/strapi').factories;
module.exports = createCoreRouter('api::review.review', {
config: {
create: {
auth: false, // set the route to bypass the normal Strapi authentication system
policies: ['is-owner-review'], // set the route to use a custom policy
middlewares: [],
},
},
});
Learn more about how to configure custom middlewares to perform additional actions that extend your Strapi-based application.