Examples cookbook: Custom routes

☑️ Prerequisites

This page is part of the back end customization examples cookbook. Please ensure you've read its introduction.

💭 Context:

Out of the box, FoodAdvisor does not control access to its content-type endpoints.

Let's say we previously created a policy to restrict access to the "Reviews" content-type to some conditions, for instance to prevent a restaurant's owner to create a review for their restaurants. We must now enable the policy on the route we use to create reviews.

🎯 Goals:

• Explicitly define a routes configuration for the "Reviews" content-type.
• Configure the route used when creating a review to:
  • bypass the default Strapi authentication system
  • and restrict access depending on the previously defined custom policy.

🤓 Related concept

Additional information can be found in the Policies and Routes documentation.

🧑‍💻 Code example:

In the /api folder of the FoodAdvisor project, replace the content of the api/src/api/review/routes/review.js file with the following code:

src/api/review/routes/review.js

'use strict';

const { createCoreRouter } = require('@strapi/strapi').factories;

module.exports = createCoreRouter('api::review.review', {
  config: {
    create: {
      auth: false, // set the route to bypass the normal Strapi authentication system
      policies: ['is-owner-review'], // set the route to use a custom policy
      middlewares: [],
    },
  },
});

🤓 What's next?

Learn more about how to configure custom middlewares to perform additional actions that extend your Strapi-based application.