What is a good strategy to expose an endpoint as public. Our Taffy API have authentication in every endpoint but we also want to expose some endpoints without authentication. My Initial strategy is create another Folder in the resources called /public which can bypass the authentication.
We have 2 ways to authenticate. 1. authenticate using an api key in the request 2. Basic Authentication
Our onTaffyRequest
function onTaffyRequest(verb, cfc, requestArguments, mimeExt){
local.status = "forbidden";
local.invalidReturnData = representationOf( local.status ).withStatus(401);
if(structKeyExists(arguments.requestArguments, "apiKey")){
}
/* CATCH NO BASIC auth*/
//if username is blank return false
if (structAuth.username is ""){
return local.invalidReturnData;
}
//check invalid password
if(structAuth.password is ""){
return local.invalidReturnData;
}
return true;
}
Since Taffy version 2.1.0, onTaffyRequest can accept more arguments:
(Version 3.0.0 also appended
matchedURI
to this list)The methodMetadata argument was added for this purpose. Add something like
allow_public="true"
to it and inspect for this.someResource.cfc:
Application.cfc: