Each of Meshery’s APIs are subject to the following authentication and authorization system.
Requests to any of the API endpoints must be authenticated and include a valid JWT access token in the HTTP headers. Type of authentication is determined by the selected Provider. Use of the Local Provider, “None”, puts Meshery into single-user mode and does not require authentication.
Currently, Meshery only requires a valid token in order to allow clients to invoke its APIs.
Each of the API endpoints are exposed through server.go. Endpoints are grouped by function (e.g. /api/mesh or /api/perf).
Alternatively, Remote Providers can extend Meshery’s endpoints behind the
Meshery provides a GraphQl API available through the default port of
Meshery provides a REST API available through the default port of