Extensibility: APIs
Meshery’s APIs
Each of Meshery’s APIs are subject to the following authentication and authorization system. The REST and GraphQL APIs are available on the same network port you use to connect to Meshery UI, which is 9081/tcp
by default. Each of the API endpoints are exposed through server.go. Endpoints are grouped by function (e.g. /api/system/version
). Additionally, Remote Providers can extend Meshery’s endpoints behind the /api/extensions/
endpoint.
API Reference
Meshery Server's REST API is available at [hostname]:[port]/api/
.
Meshery's REST API Reference
See REST API Reference Self-generated API documentation for Meshery’s REST API. Documentation is generated from Meshery’s Open API schema.Meshery Server's GraphQl API is available at {hostname]:[port]/api/graphql/query
. A GraphQL request can be made as a POST request to the endpoint with the query as the payload. Meshery Server's GraphQL API can be used to perform three operations:
- Queries for data retrieval.
- Mutations for creating, updating, and deleting data.
- Subscriptions for watching for any data changes.
Explore the Meshery GraphQL API using the interactive Playground provided with Meshery instance at http://localhost:9081/api/system/graphql/playground.
Meshery's GraphQL API Reference
See GraphQL API Reference Self-generated API documentation for Meshery’s GraphQL API. The API can be explored interactively using the GraphQL Playground. Documentation is generated from Meshery’s GraphQL schema. Each table below documents a GraphQL type.Authentication
Requests to any of the API endpoints must be authenticated and include a valid JWT access token in the HTTP headers. Type of authentication is determined by the selected Provider. Use of the Local Provider, “None”, puts Meshery into single-user mode and does not require authentication.
What are authentication tokens?
Meshery authentication tokens allow users or systems to authenticate with Meshery Server via either its two clients, Meshery >CLI and UI, or its two APIs: REST or GraphQL.Meshery's authentication token system provide secure access to Meshery's powerful management features.
How to get your token
There are two ways to get your authentication token:
- Meshery UI
- Meshery CLI
Using Meshery UI, you can get a copy of your authentication token by following these steps:
- Log into Meshery by selecting your identity provider of choice (typically found at
http:<meshery-server>:9081/provider
) - Navigate to your user’s avatar in the upper lefthand corner and select “Get Token” from the dropdown of profile section.
Using Meshery CLI, you can get a copy of your authentication token by executing this command:
mesheryctl system login
In order to use this command, you must have a web browser available on your system (this command cannot be executed on a headless system).
How to use the token for requests to Meshery Rest API using API clients
Download your token from Meshery UI and copy the token value from the downloaded file, this will be used for authentication.meshery-provider: Meshery token: your token
The request will be sent to the Meshery API using the configured cookies for authentication
Endpoints
Each of the API endpoints are exposed through server.go. Endpoints are grouped by function (e.g. /api/mesh
or /api/perf
).
Alternatively, Remote Providers can extend Meshery’s endpoints behind the /api/extensions/
endpoint.
Authorization
While Meshery only requires a valid token in order to allow clients to invoke its APIs, Remote Providers can optionally enforce key-based permissions.