Extensibility: APIs

Meshery’s APIs

Each of Meshery’s APIs are subject to the following authentication and authorization system.

Authentication

There are multiple kinds of authentication mechanisms like NoAuth for few open endpoints and ProviderAuth for much secure endpoints.The ENFORCED_PROVIDER flag can be passed at build time to not only enforce the provider authentication but also a specific type of provider authentication like remote or local. Requests to any of the API endpoints covered under ProviderAuth must be authenticated and include a valid JWT access token in the HTTP headers. Type of authentication is determined by the selected Provider. Use of the Local Provider, “None”, puts Meshery into single-user mode and does not require authentication.

Authorization

Currently, Meshery only requires a valid token in order to allow clients to invoke its APIs.

Endpoints

Each of the API endpoints are exposed through server.go. Endpoints are grouped by function (e.g. /api/mesh or /api/perf).

Alternatively, Remote Providers can extend Meshery’s endpoints behind the /api/extensions/ endpoint.

GraphQL

Meshery provides a GraphQl API available through the default port of /tcp.

REST

Meshery provides a REST API available through the default port of 9081/tcp.