Securing the router

The router API is exposed by default. In production deployments you'll likely what to either disable or restrict access to the router API. You can do this by defining two keys in the config.json file:

"disableRouterEndpoint": false,
"routerToken": "",

IfdisableRouterEndpointis set totruethen access to the router API will be disabled and callers will receive an HTTP 404 response. If enabled, then access to the router API depends on the value ofrouterToken. If the token is blank then access is allowed - if a value is present it must be a UUIDv4 token.

"disableRouterEndpoint": false,
"routerToken": "098ebe18-7e1b-4ddd-ae2a-cc6521e5b641",

The dashes and segments sizes are significant and validated using a regular expression.

The Hydra-Router will search for the presence of the token as query string parameters.


results matching ""

    No results matching ""