Extensibility: APIs

Meshery’s APIs

Each of Meshery’s APIs are subject to the following authentication and authorization system. The REST and GraphQL APIs are available on the same network port you use to connect to Meshery UI, which is 9081/tcp by default. Each of the API endpoints are exposed through server.go. Endpoints are grouped by function (e.g. /api/system/version). Additionally, Remote Providers can extend Meshery’s endpoints behind the /api/extensions/ endpoint.

API Reference

Meshery Server's REST API is available at [hostname]:[port]/api/.

Meshery's REST API Reference

See REST API Reference Self-generated API documentation for Meshery’s REST API. Documentation is generated from Meshery’s Open API schema.

Meshery Server's GraphQl API is available at {hostname]:[port]/api/graphql/query. A GraphQL request can be made as a POST request to the endpoint with the query as the payload. Meshery Server's GraphQL API can be used to perform three operations:

  • Queries for data retrieval.
  • Mutations for creating, updating, and deleting data.
  • Subscriptions for watching for any data changes.

Explore the Meshery GraphQL API using the interactive Playground provided with Meshery instance at http://localhost:9081/api/system/graphql/playground.

Meshery's GraphQL API Reference

See GraphQL API Reference Self-generated API documentation for Meshery’s GraphQL API. The API can be explored interactively using the GraphQL Playground. Documentation is generated from Meshery’s GraphQL schema. Each table below documents a GraphQL type.

Authentication

Requests to any of the API endpoints must be authenticated and include a valid JWT access token in the HTTP headers. Type of authentication is determined by the selected Provider. Use of the Local Provider, “None”, puts Meshery into single-user mode and does not require authentication.

What are authentication tokens?

Meshery authentication tokens allow users or systems to authenticate with Meshery Server via either its two clients, Meshery >CLI and UI, or its two APIs: REST or GraphQL.

Meshery's authentication token system provide secure access to Meshery's powerful management features.

How to get your token

There are two ways to get your authentication token:

  1. Meshery UI
  2. Meshery CLI

Using Meshery UI, you can get a copy of your authentication token by following these steps:

  1. Log into Meshery by selecting your identity provider of choice (typically found at http:<meshery-server>:9081/provider)
  2. Navigate to your user’s avatar in the upper lefthand corner and select “Get Token” from the dropdown of profile section.

Using Meshery CLI, you can get a copy of your authentication token by executing this command:


mesheryctl system login

In order to use this command, you must have a web browser available on your system (this command cannot be executed on a headless system).

How to use the token for requests to Meshery Rest API using API clients

Download your token from Meshery UI and copy the token value from the downloaded file, this will be used for authentication. 

meshery-provider: Meshery
token: your token

Navigate to the cookies section your API testing platform, to set the appropriate name and value for the cookie, then make sure to save the configured cookies to initiate the request.

The request will be sent to the Meshery API using the configured cookies for authentication

Endpoints

Each of the API endpoints are exposed through server.go. Endpoints are grouped by function (e.g. /api/mesh or /api/perf).

Alternatively, Remote Providers can extend Meshery’s endpoints behind the /api/extensions/ endpoint.

Authorization

While Meshery only requires a valid token in order to allow clients to invoke its APIs, Remote Providers can optionally enforce key-based permissions.