public-api

When you are using custom Plugins, you can use the public-api Plugin to define a fixed, public API for a particular functionality. For example, you can create a public API endpoint /apisix/plugin/jwt/sign for JWT authentication using the Plugin.

The public API added in a custom Plugin is not exposed by default and the user should manually configure a Route and enable the public-api Plugin on it.

The example below uses the jwt-auth Plugin and the Plugin along with the public-api Plugin. Refer to their documentation for it configuration. This step is omitted below and only explains the configuration of the public-api Plugin.

Now, if you make a request to the configured URI, you will receive a JWT response:

curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'

You can also use a custom URI for exposing the API as shown below:

curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
    -H 'X-API-KEY: <api-key>' \
    -H 'Content-Type: application/json' \
    "uri": "/gen_token",
        "public-api": {
            "uri": "/apisix/plugin/jwt/sign"
        }
    }
}'

Now you can make requests to this new endpoint:

curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
    -H 'X-API-KEY: <api-key>' \
    -H 'Content-Type: application/json' \
    -d '{
        "public-api": {
            "uri": "/apisix/plugin/jwt/sign"
        },
        "key-auth": {}
    }
}'

Now, only authenticated requests are allowed:

curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
    -H "apikey: test-apikey"

The below request will fail:

curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'

HTTP/1.1 401 UNAUTHORIZED

To disable the public-api Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.