### API Configuration for Service Binding Source: https://docs.serverlessapigateway.com/configuration/service-binding Example JSON configuration demonstrating how to define services and bind them to API paths. ```APIDOC ## API Configuration for Service Binding ### Description This section details the structure of the API configuration file (`api-config.schema.json`) used to define services and map them to specific API paths via service binding. ### Method N/A (Configuration File) ### Endpoint N/A (Configuration File) ### Parameters #### Request Body (Configuration File) ```json { "$schema": "./api-config.schema.json", "title": "API Gateway Config", "description": "Configuration for the Serverless API Gateway", "services": [ { "alias": "endpoint1", "entrypoint": "./services/endpoint1" } ], "paths": [ { "method": "GET", "path": "/api/v1/endpoint1", "integration": { "type": "service", "binding": "endpoint1" } } ] } ``` * **services** (array): An array of service definitions. * **alias** (string) - Required - A unique name to reference the service. * **entrypoint** (string) - Required - The path to the service's entry file. * **paths** (array): An array of API path definitions. * **method** (string) - Required - The HTTP method for the path (e.g., GET, POST). * **path** (string) - Required - The API endpoint path. * **integration** (object) - Required - Defines how the path integrates with a backend. * **type** (string) - Required - Must be "service" for service binding. * **binding** (string) - Required - The alias of the service to bind to. ### Request Example (See Parameters section for Request Body Example) ### Response #### Success Response (200) N/A (This describes configuration, not an API response). #### Response Example N/A ``` -------------------------------- ### Deploy Serverless API Gateway (Bash) Source: https://docs.serverlessapigateway.com/configuration/authentication A simple bash command to deploy the configured Serverless API Gateway. This command assumes the project is set up with Wrangler and all configurations and secrets are correctly in place. ```bash wrangler deploy ``` -------------------------------- ### Supabase Authentication Configuration Source: https://docs.serverlessapigateway.com/configuration/authentication Configuration for Supabase authentication using Serverless API Gateway. ```APIDOC ## POST /api/v1/supabase/auth ### Description Initiates the Supabase passwordless authentication flow by sending an OTP. ### Method POST ### Endpoint /api/v1/supabase/auth ### Parameters #### Request Body (No specific request body fields are detailed in the provided text, but typically includes email or phone number for OTP. ### Request Example (Example not provided in the source text.) ### Response #### Success Response (200) (Success response details not provided in the source text.) #### Response Example (Example not provided in the source text.) --- ## POST /api/v1/supabase/verify ### Description Verifies the OTP sent via Supabase passwordless authentication. ### Method POST ### Endpoint /api/v1/supabase/verify ### Parameters #### Request Body (No specific request body fields are detailed in the provided text, but typically includes OTP and email/phone number. ### Request Example (Example not provided in the source text.) ### Response #### Success Response (200) Returns an access token upon successful verification. #### Response Example (Example not provided in the source text.) --- ## GET /api/v1/protected ### Description An example of a protected endpoint that requires authentication. ### Method GET ### Endpoint /api/v1/protected ### Parameters #### Query Parameters (No query parameters specified.) #### Request Body (No request body specified.) ### Request Example (Example not provided in the source text.) ### Response #### Success Response (200) - **status** (string) - Indicates the status of the endpoint. - **message** (string) - A success message. #### Response Example ```json { "status": "protected endpoint", "message": "You are successfully authenticated!" } ``` ``` -------------------------------- ### Auth0 Authentication Configuration Source: https://docs.serverlessapigateway.com/configuration/authentication Configuration for Auth0 authentication using Serverless API Gateway. ```APIDOC ## GET /api/v1/auth0/callback ### Description Handles the callback from Auth0 after user authentication. ### Method GET ### Endpoint /api/v1/auth0/callback ### Parameters (No specific parameters are detailed in the provided text, but typically includes query parameters like 'code' from Auth0.) ### Request Example (Example not provided in the source text.) ### Response #### Success Response (200) (Success response details not provided in the source text.) #### Response Example (Example not provided in the source text.) --- ## GET /api/v1/auth0/profile ### Description Retrieves the user's profile information from Auth0. ### Method GET ### Endpoint /api/v1/auth0/profile ### Parameters #### Request Body (No request body specified.) ### Request Example (Example not provided in the source text.) ### Response #### Success Response (200) - Returns user profile information from Auth0. #### Response Example (Example not provided in the source text.) --- ## GET /api/v1/protected ### Description An example of a protected endpoint that requires authentication. ### Method GET ### Endpoint /api/v1/protected ### Parameters #### Query Parameters (No query parameters specified.) #### Request Body (No request body specified.) ### Request Example (Example not provided in the source text.) ### Response #### Success Response (200) - **status** (string) - Indicates the status of the endpoint. - **message** (string) - A success message. #### Response Example ```json { "status": "protected endpoint", "message": "You are successfully authenticated!" } ``` ``` -------------------------------- ### GET /api/v1/auth0/callback-redirect Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 Initiates the authentication flow by redirecting the user to the Auth0 login page. ```APIDOC ## GET /api/v1/auth0/callback-redirect ### Description This endpoint serves as the entry point for initiating the user authentication process with Auth0. It redirects the user's browser to Auth0's authorization endpoint, starting the login flow. ### Method GET ### Endpoint /api/v1/auth0/callback-redirect ### Parameters This endpoint does not require any specific parameters as it constructs the redirect URL based on the pre-configured Auth0 settings. ### Request Example Making a GET request to this endpoint will result in an HTTP 302 Found response, redirecting the client to Auth0. ### Response #### Redirect Response (302) This endpoint returns a redirect response, sending the user's browser to the Auth0 login page. #### Response Example An HTTP 302 Found status code with a `Location` header pointing to the Auth0 authorization URL, for example: `Location: https://your-auth0-domain.auth0.com/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://your-api-url/api/v1/auth0/callback&response_type=code&scope=openid%20profile%20email&state=SOME_STATE_VALUE` ``` -------------------------------- ### Basic API Configuration Source: https://docs.serverlessapigateway.com/configuration/overview A template for a basic API configuration, including CORS settings and example endpoints. ```APIDOC ## Basic API Configuration ### Description This configuration defines a basic API gateway with custom CORS policies and a health check endpoint. ### Method Configuration File ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body ```json { "$schema": "./api-config.schema.json", "title": "Your API Title", "description": "Description of your API", "cors": { "allow_origins": ["https://your-domain.com"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["Content-Type", "Authorization"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok", "version": "1.0.0" } }, { "method": "GET", "path": "/api/v1/public", "response": { "message": "This is a public endpoint" }, "auth": false } ] } ``` ### Request Example N/A ### Response #### Success Response (200) N/A #### Response Example N/A ``` -------------------------------- ### Send Phone OTP using cURL Source: https://docs.serverlessapigateway.com/configuration/integrations/supabase-otp An example using cURL to send an OTP to a phone number. This is typically used for server-side operations or testing. The payload includes the phone number for OTP generation. ```bash curl -X POST "https://auth-test.serverlessapigw.com/api/v1/supabase/auth" \ -H "Content-Type: application/json" \ -d '{"phone": "+1234567890"}' ``` -------------------------------- ### Auth0 Environment Variables and Secrets (Bash) Source: https://docs.serverlessapigateway.com/configuration/authentication This bash snippet shows how to set up environment variables and secrets for Auth0 integration with Serverless API Gateway. It specifies variables for `wrangler.toml` and commands to upload secrets such as the Auth0 client secret and JWKS. ```bash # Environment Variables (in wrangler.toml) AUTH0_DOMAIN=your-domain.us.auth0.com AUTH0_CLIENT_ID=your_client_id_here # Secrets (use wrangler secret put) wrangler secret put AUTH0_CLIENT_SECRET wrangler secret put AUTH0_JWKS ``` -------------------------------- ### JWT Authorizer Configuration Example Source: https://docs.serverlessapigateway.com/configuration/authorizer This snippet demonstrates the configuration for JWT authorization in ServerlessAPIGateway. It specifies the token type, secret key, algorithm, audience, and issuer. ```json { "authorizer": { "type": "jwt", "secret": "{YOUR_SECRET_KEY}", "algorithm": "HS256", "audience": "opensourcecommunity", "issuer": "serverlessapigw" } } ``` -------------------------------- ### Supabase Environment Variables and Secrets (Bash) Source: https://docs.serverlessapigateway.com/configuration/authentication This bash snippet outlines the necessary environment variables and secrets for configuring Supabase integration with Serverless API Gateway. It includes instructions for setting `wrangler.toml` variables and using `wrangler secret put` for sensitive information like the JWT secret. ```bash # Environment Variables (in wrangler.toml) SUPABASE_URL=https://YOUR_PROJECT_ID.supabase.co SUPABASE_KEY=your_anon_key_here # Secrets (use wrangler secret put) wrangler secret put SUPABASE_JWT_SECRET ``` -------------------------------- ### Send Email OTP with Supabase JavaScript Client Source: https://docs.serverlessapigateway.com/configuration/integrations/supabase-otp Example of explicitly requesting an email OTP using the Supabase JavaScript client. Ensure to set emailRedirectTo to undefined to prevent magic link generation. This function is intended for client-side usage. ```javascript const { data, error } = await supabase.auth.signInWithOtp({ email: 'user@example.com', options: { emailRedirectTo: undefined, // Don't set redirect URL for magic links shouldCreateUser: true } }); ``` -------------------------------- ### GET /api/v1/endpoint1 Source: https://docs.serverlessapigateway.com/configuration/service-binding This endpoint integrates with a defined service (Worker) using service binding. When a GET request is made to this path, the request is forwarded to the specified service. ```APIDOC ## GET /api/v1/endpoint1 ### Description This endpoint is configured to forward requests to a pre-defined service using service binding. It allows your API Gateway to leverage the capabilities of serverless functions (Workers) for request handling. ### Method GET ### Endpoint /api/v1/endpoint1 ### Parameters #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) The response will be directly from the bound service. For the example service provided, it would be: ``` Hello from Worker 1! ``` with `Content-Type: text/plain`. #### Response Example ``` Hello from Worker 1! ``` ``` -------------------------------- ### GET /prefix/{.+} Source: https://docs.serverlessapigateway.com/configuration/paths/add-and-remove-prefix This endpoint demonstrates how to add a prefix to incoming GET requests. Any request made to the API Gateway endpoint will have a specified prefix appended before being proxied to the backend server. ```APIDOC ## GET /{.+} ### Description This endpoint demonstrates how to add a prefix to incoming GET requests. Any request made to the API Gateway endpoint will have a specified prefix appended before being proxied to the backend server. ### Method GET ### Endpoint `/{.+}` ### Parameters #### Path Parameters - **.+** (string) - Required - The remaining path after the base URL, which will have the prefix appended. ### Request Example ```json { "servers": [ { "alias": "prefixing", "url": "https://sub.serverlessapigw.com/prefix/" } ], "paths": [ { "method": "GET", "path": "/{.+}", "integration": { "type": "http_proxy", "server": "prefixing" } } ] } ``` ### Response #### Success Response (200) - **message** (string) - Indicates successful proxying of the request. #### Response Example ```json { "message": "Request successfully proxied." } ``` ``` -------------------------------- ### GET /api/v1/auth0/callback Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 Handles the callback from Auth0 after user authentication, processing the authorization code and exchanging it for tokens. ```APIDOC ## GET /api/v1/auth0/callback ### Description This endpoint is responsible for handling the callback from Auth0 after a user has successfully authenticated. It receives an authorization code, exchanges it for access and ID tokens, and typically returns these tokens to the client. ### Method GET ### Endpoint /api/v1/auth0/callback ### Parameters No explicit path or query parameters are defined for this endpoint. It relies on parameters passed by Auth0 during the callback process. ### Request Example This endpoint is typically invoked by Auth0 as a redirect. A sample incoming request might look like: `/api/v1/auth0/callback?code=AUTHORIZATION_CODE&state=SOME_STATE_VALUE` ### Response #### Success Response (200) Upon successful processing, the endpoint will typically return the obtained access and ID tokens. The exact response format may vary based on your specific integration setup. - **accessToken** (string) - The access token issued by Auth0. - **idToken** (string) - The ID token containing user information. #### Response Example ```json { "accessToken": "eyJ...", "idToken": "eyJ..." } ``` ``` -------------------------------- ### GET /api/v1/auth0/profile Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 Retrieves user profile information from Auth0 after successful authentication. ```APIDOC ## GET /api/v1/auth0/profile ### Description This endpoint allows applications to retrieve detailed user profile information from Auth0 after a user has been successfully authenticated. It utilizes the `/userinfo` endpoint provided by Auth0 to fetch user attributes. ### Method GET ### Endpoint /api/v1/auth0/profile ### Parameters This endpoint requires authentication. The user's access token is typically expected in the `Authorization` header. #### Request Headers - **Authorization** (string) - Required - The Bearer token for the authenticated user (e.g., `Bearer YOUR_ACCESS_TOKEN`). ### Request Example ```bash curl -X GET \ https://your-api-url/api/v1/auth0/profile \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` ### Response #### Success Response (200) Returns a JSON object containing the authenticated user's profile information as provided by Auth0. - **sub** (string) - The unique identifier for the user. - **name** (string) - The user's full name. - **nickname** (string) - The user's nickname. - **email** (string) - The user's email address. - **picture** (string) - A URL to the user's profile picture. #### Response Example ```json { "sub": "auth0|user123", "name": "Jane Doe", "nickname": "Jane", "email": "jane.doe@example.com", "picture": "https://example.com/path/to/picture.jpg" } ``` ``` -------------------------------- ### Supabase API Gateway Configuration (JSON) Source: https://docs.serverlessapigateway.com/configuration/authentication This JSON configuration sets up the Serverless API Gateway to use Supabase for authentication. It defines CORS settings, authorizer details (type, JWT secret, issuer), and API paths including protected endpoints and Supabase-specific integrations. ```json { "$schema": "./api-config.schema.json", "title": "Supabase Integration", "description": "Configuration for Supabase authentication", "cors": { "allow_origins": ["*"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["*"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "authorizer": { "type": "supabase", "jwt_secret": "$env.SUPABASE_JWT_SECRET", "issuer": "https://YOUR_PROJECT_ID.supabase.co/auth/v1", "audience": "authenticated" }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok" } }, { "method": "POST", "path": "/api/v1/supabase/auth", "integration": { "type": "supabase_passwordless_auth" } }, { "method": "POST", "path": "/api/v1/supabase/verify", "integration": { "type": "supabase_passwordless_verify" } }, { "method": "GET", "path": "/api/v1/protected", "response": { "status": "protected endpoint", "message": "You are successfully authenticated!" }, "auth": true } ] } ``` -------------------------------- ### Configure API Gateway to Bind a Service Source: https://docs.serverlessapigateway.com/configuration/service-binding An example API Gateway configuration file in JSON format. It defines services and paths, demonstrating how to bind a service (defined elsewhere) to a specific API path using an alias. This configuration is crucial for routing requests to the appropriate backend service. ```json { "$schema": "./api-config.schema.json", "title": "API Gateway Config", "description": "Configuration for the Serverless API Gateway", "services": [ { "alias": "endpoint1", "entrypoint": "./services/endpoint1" } ], "paths": [ { "method": "GET", "path": "/api/v1/endpoint1", "integration": { "type": "service", "binding": "endpoint1" } } ] } ``` -------------------------------- ### Test Email OTP Sending via cURL Source: https://docs.serverlessapigateway.com/configuration/integrations/supabase-otp This cURL command initiates the process of sending an email OTP. It targets a specific API endpoint with JSON data containing the email address. This is useful for testing the backend configuration. ```bash curl -X POST "https://auth-test.serverlessapigw.com/api/v1/supabase/auth" \ -H "Content-Type: application/json" \ -d '{"email": "test@example.com"}' ``` -------------------------------- ### GET /prefix/{.+} Source: https://docs.serverlessapigateway.com/configuration/paths/add-and-remove-prefix This endpoint demonstrates how to remove a prefix from incoming GET requests. By configuring the API Gateway, a specific prefix can be stripped from the request path before it is proxied to the backend server. ```APIDOC ## GET /prefix/{.+} ### Description This endpoint demonstrates how to remove a prefix from incoming GET requests. By configuring the API Gateway, a specific prefix can be stripped from the request path before it is proxied to the backend server. ### Method GET ### Endpoint `/prefix/{.+}` ### Parameters #### Path Parameters - **.+** (string) - Required - The remaining path after the '/prefix/' segment, which will be proxied to the backend. ### Request Example ```json { "servers": [ { "alias": "prefixing", "url": "https://sub.serverlessapigw.com" } ], "paths": [ { "method": "GET", "path": "/prefix/{.+}", "integration": { "type": "http_proxy", "server": "prefixing" } } ] } ``` ### Response #### Success Response (200) - **message** (string) - Indicates successful proxying of the request with the prefix removed. #### Response Example ```json { "message": "Request successfully proxied with prefix removed." } ``` ``` -------------------------------- ### Auth0 API Gateway Configuration (JSON) Source: https://docs.serverlessapigateway.com/configuration/authentication This JSON configuration sets up the Serverless API Gateway to use Auth0 for authentication. It includes CORS settings, detailed authorizer parameters (domain, client ID/secret, URIs), and API paths for Auth0 callbacks, user info, and protected resources. ```json { "$schema": "./api-config.schema.json", "title": "Auth0 Integration", "description": "Configuration for Auth0 authentication", "cors": { "allow_origins": ["*"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["*"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "authorizer": { "type": "auth0", "domain": "$env.AUTH0_DOMAIN", "client_id": "$env.AUTH0_CLIENT_ID", "client_secret": "$env.AUTH0_CLIENT_SECRET", "redirect_uri": "https://your-api.com/api/v1/auth0/callback", "callback_uri": "https://your-api.com/api/v1/auth0/callback-redirect", "jwks_uri": "https://your-domain.us.auth0.com/.well-known/jwks.json", "scope": "openid profile email" }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok" } }, { "method": "GET", "path": "/api/v1/auth0/callback", "integration": { "type": "auth0_callback" } }, { "method": "GET", "path": "/api/v1/auth0/profile", "integration": { "type": "auth0_userinfo" }, "auth": true }, { "method": "GET", "path": "/api/v1/protected", "response": { "status": "protected endpoint", "message": "You are successfully authenticated!" }, "auth": true } ] } ``` -------------------------------- ### Verify OTP Email with Supabase Client Source: https://docs.serverlessapigateway.com/configuration/integrations/supabase-otp This snippet demonstrates how to verify an email OTP using the Supabase client. It requires the user's email and the received OTP token. This is part of the client-side authentication flow. ```javascript # Send OTP curl -X POST "https://auth-test.serverlessapigw.com/api/v1/supabase/auth" \ -H "Content-Type: application/json" \ -d '{"email": "test@example.com"}' # You should receive an email with a 6-digit code like: 123456 # Then verify with: curl -X POST "https://auth-test.serverlessapigw.com/api/v1/supabase/verify" \ -H "Content-Type: application/json" \ -d '{"email": "test@example.com", "token": "123456"}' ``` -------------------------------- ### Generate OTP Link with Supabase Admin Client Source: https://docs.serverlessapigateway.com/configuration/integrations/supabase-otp This JavaScript code uses the Supabase admin client to generate an OTP link. It requires the SUPABASE_SERVICE_ROLE_KEY and explicitly sets redirectTo to undefined for OTP. This is a server-side operation. ```javascript // Try using admin client with explicit OTP type const supabase = createClient( process.env.SUPABASE_URL, process.env.SUPABASE_SERVICE_ROLE_KEY // Use service role key ); const { data, error } = await supabase.auth.admin.generateLink({ type: 'signup', // or 'signin' email: email, options: { redirectTo: undefined // No redirect for OTP } }); ``` -------------------------------- ### Auth0 Login Redirect Configuration (JSON) Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 This JSON configuration defines a GET endpoint for initiating the Auth0 login process. The 'auth0_callback_redirect' integration redirects users to the Auth0 authorization server. Authentication is explicitly disabled ('auth: false') for this endpoint. ```json { "method": "GET", "path": "/api/v1/auth0/callback-redirect", "integration": { "type": "auth0_callback_redirect" }, "auth": false } ``` -------------------------------- ### JSON Example: Local vs Global Variables in API Gateway Source: https://docs.serverlessapigateway.com/configuration/variable-mapping/priority-variables Illustrates how local variables within a specific API path configuration take precedence over global variables. This JSON snippet demonstrates the structure for defining both global and path-specific variables, highlighting the override mechanism for the 'database-url' variable. ```json { "variables": { "global_variable": "global_value", "database-url": "sqlite://primary-db.sqlite" // Global variable }, "paths": [ { "method": "GET", "path": "/api/v1/special-endpoint", "variables": { "database-url": "sqlite://special-db.sqlite" // Local variable takes precedence } } ] } ``` -------------------------------- ### Auth0 Callback Handler Configuration (JSON) Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 This JSON configuration sets up a GET endpoint to handle the callback from Auth0 after user authentication. The 'auth0_callback' integration exchanges the authorization code for tokens. It requires the correct path to match the redirect_uri in the Auth0 settings. ```json { "method": "GET", "path": "/api/v1/auth0/callback", "integration": { "type": "auth0_callback" } } ``` -------------------------------- ### Auth0 User Info Retrieval Configuration (JSON) Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 This JSON configuration sets up a GET endpoint to retrieve user information from Auth0. The 'auth0_userinfo' integration calls the /userinfo endpoint. Authentication is enabled ('auth: true') for this endpoint, ensuring only authenticated users can access their profile data. ```json { "method": "GET", "path": "/api/v1/auth0/profile", "integration": { "type": "auth0_userinfo" }, "auth": true } ``` -------------------------------- ### GitHub Actions Workflow for Serverless API Gateway Deployment Source: https://docs.serverlessapigateway.com/deployment/github-actions This YAML workflow automates the deployment of a Serverless API Gateway. It checks out the repository, prepares configuration using a custom action, and deploys to Cloudflare Workers. It requires GITHUB_TOKEN and CLOUDFLARE_API_TOKEN secrets. ```yaml name: Deploy Serverless API Gateway on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Prepare Serverless API Gateway Config for Deployment uses: irensaltali/serverlessapigateway-action@v0.0.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: configJson: './api-config.json' wranglerToml: './wrangler.toml' versionTag: 'v1.0.1' - name: Deploy to Cloudflare Workers uses: cloudflare/wrangler-action@v3 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} workingDirectory: "worker" ``` -------------------------------- ### Wrangler Configuration Source: https://docs.serverlessapigateway.com/configuration/overview A template for the `wrangler.toml` file, specifying project settings, environment variables, and build rules for Cloudflare Workers. ```APIDOC ## Wrangler Configuration (`wrangler.toml`) ### Description This TOML configuration file is used for Cloudflare Workers projects, defining project name, entry point, compatibility settings, and environment variables. ### Method Configuration File ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body ```toml # wrangler.toml name = "your-api-gateway" main = "src/index.js" compatibility_date = "2025-01-01" compatibility_flags = ["nodejs_compat"] send_metrics = true minify = true workers_dev = false find_additional_modules = true rules = [ { type = "ESModule", globs = ["services/*.js"]} ] # Environment variables (non-sensitive) [vars] ENVIRONMENT = "production" API_VERSION = "1.0.0" # Add your non-sensitive environment variables here # SUPABASE_URL = "https://YOUR_PROJECT_ID.supabase.co" # AUTH0_DOMAIN = "your-domain.us.auth0.com" # AUTH0_CLIENT_ID = "your_client_id" # Secrets are set using: wrangler secret put SECRET_NAME ``` ### Request Example N/A ### Response #### Success Response (200) N/A #### Response Example N/A ``` -------------------------------- ### Supabase Configuration Source: https://docs.serverlessapigateway.com/configuration/overview A template for integrating with Supabase for authentication, including passwordless flows and protected endpoints. ```APIDOC ## Supabase API Configuration ### Description This configuration sets up an API Gateway with Supabase authentication, enabling passwordless login and securing API paths. ### Method Configuration File ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body ```json { "$schema": "./api-config.schema.json", "title": "Supabase API Gateway", "description": "API Gateway with Supabase authentication", "cors": { "allow_origins": ["*"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["*"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "authorizer": { "type": "supabase", "jwt_secret": "$env.SUPABASE_JWT_SECRET", "issuer": "https://YOUR_PROJECT_ID.supabase.co/auth/v1", "audience": "authenticated" }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok" } }, { "method": "POST", "path": "/api/v1/supabase/auth", "integration": { "type": "supabase_passwordless_auth" } }, { "method": "POST", "path": "/api/v1/supabase/verify", "integration": { "type": "supabase_passwordless_verify" } }, { "method": "GET", "path": "/api/v1/protected", "response": { "status": "success", "message": "This is a protected endpoint" }, "auth": true } ] } ``` ### Request Example N/A ### Response #### Success Response (200) N/A #### Response Example N/A ``` -------------------------------- ### JSON API Configuration Template Source: https://docs.serverlessapigateway.com/configuration/overview A basic JSON template for defining API endpoints, CORS settings, and general API information. It serves as a foundation for more specific configurations and includes a schema reference for validation. ```json { "$schema": "./api-config.schema.json", "title": "Your API Title", "description": "Description of your API", "cors": { "allow_origins": ["https://your-domain.com"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["Content-Type", "Authorization"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok", "version": "1.0.0" } }, { "method": "GET", "path": "/api/v1/public", "response": { "message": "This is a public endpoint" }, "auth": false } ] } ``` -------------------------------- ### Auth0 Configuration Source: https://docs.serverlessapigateway.com/configuration/overview A template for integrating with Auth0 for authentication, including user info endpoints and protected routes. ```APIDOC ## Auth0 API Configuration ### Description This configuration integrates an API Gateway with Auth0 for authentication, providing secure access to protected resources and user profile information. ### Method Configuration File ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body ```json { "$schema": "./api-config.schema.json", "title": "Auth0 API Gateway", "description": "API Gateway with Auth0 authentication", "cors": { "allow_origins": ["*"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["*"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "authorizer": { "type": "auth0", "domain": "$env.AUTH0_DOMAIN", "client_id": "$env.AUTH0_CLIENT_ID", "client_secret": "$env.AUTH0_CLIENT_SECRET", "redirect_uri": "https://your-api.com/api/v1/auth0/callback", "callback_uri": "https://your-api.com/api/v1/auth0/callback-redirect", "jwks_uri": "https://your-domain.us.auth0.com/.well-known/jwks.json", "scope": "openid profile email" }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok" } }, { "method": "GET", "path": "/api/v1/auth0/callback", "integration": { "type": "auth0_callback" } }, { "method": "GET", "path": "/api/v1/auth0/profile", "integration": { "type": "auth0_userinfo" }, "auth": true }, { "method": "GET", "path": "/api/v1/protected", "response": { "status": "success", "message": "This is a protected endpoint" }, "auth": true } ] } ``` ### Request Example N/A ### Response #### Success Response (200) N/A #### Response Example N/A ``` -------------------------------- ### Auth0 Configuration Parameters Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 Provides the structure for configuring Auth0 as an authorizer, including domain, client ID, secrets, and JWKS information. ```APIDOC ## Auth0 Configuration Parameters This section outlines the configuration parameters required to set up Auth0 as an authorization service. These parameters should be provided within the `authorizer` object. ### Configuration Structure ```json { "authorizer": { "type": "auth0", "domain": "your-auth0-domain.auth0.com", "client_id": "your-client-id", "client_secret": "your-client-secret", "redirect_uri": "https://your-api-url/api/v1/auth0/callback", "jwks": "{JSON Escaped JWKS}", "jwks_uri": "https://your-auth0-domain.auth0.com/.well-known/jwks.json", "scope": "openid profile email" } } ``` ### Parameters Explained * **type** (string) - Required - Specifies the type of authorizer. Must be set to "auth0". * **domain** (string) - Required - The Auth0 domain associated with your account (e.g., `your-auth0-domain.auth0.com`). * **client_id** (string) - Required - The unique identifier for your Auth0 application. * **client_secret** (string) - Required - The secret key associated with your Auth0 application. Store this securely. * **redirect_uri** (string) - Required - The URI to which Auth0 will redirect users after authentication. * **jwks** (string) - Optional - A JSON Web Key Set (JWKS) containing the public keys used to verify JWT signatures. Either `jwks` or `jwks_uri` is required. * **jwks_uri** (string) - Optional - The URI to retrieve the JWKS from Auth0. Either `jwks` or `jwks_uri` is required. * **scope** (string) - Optional - The permissions being requested from the user (e.g., `openid profile email`). ### Important Notes * Ensure sensitive information like `client_secret` is stored securely. * Update all placeholder values with your actual Auth0 account details. * Thoroughly test the configuration in a safe environment before production deployment. ``` -------------------------------- ### JSON Configuration for API Gateway Variable Mapping Source: https://docs.serverlessapigateway.com/configuration/variable-mapping This JSON configuration demonstrates how to define variable mappings for headers and query parameters within an API Gateway path definition. It shows how to use template syntax to dynamically set header and query parameter values based on JWT claims and existing query parameters. ```json { "paths": [ { "method": "GET", "path": "/api/v1/example", "integration": { "type": "http_proxy", "server": "serverlessapigateway-api" }, "auth": true, "mapping": { "headers": { "x-custom-header": "$request.jwt.customClaim" }, "query": { "user": "$request.query.userId" } }, "variables": { "api_key": "API_KEY_VALUE" } } ] } ``` -------------------------------- ### Cloudflare Workers Wrangler Configuration Source: https://docs.serverlessapigateway.com/configuration/overview TOML configuration file for Cloudflare Workers, specifying the worker name, entry point, compatibility settings, metrics, minification, and module rules. It also includes sections for environment variables and secrets. ```toml # wrangler.toml name = "your-api-gateway" main = "src/index.js" compatibility_date = "2025-01-01" compatibility_flags = ["nodejs_compat"] send_metrics = true minify = true workers_dev = false find_additional_modules = true rules = [ { type = "ESModule", globs = ["services/*.js"]} ] # Environment variables (non-sensitive) [vars] ENVIRONMENT = "production" API_VERSION = "1.0.0" # Add your non-sensitive environment variables here # SUPABASE_URL = "https://YOUR_PROJECT_ID.supabase.co" # AUTH0_DOMAIN = "your-domain.us.auth0.com" # AUTH0_CLIENT_ID = "your_client_id" # Secrets are set using: wrangler secret put SECRET_NAME ``` -------------------------------- ### Implement a Service Worker for API Integration Source: https://docs.serverlessapigateway.com/configuration/service-binding Defines a basic service that responds to requests. This JavaScript code is intended to be used as a Cloudflare Worker, which can then be bound to an API Gateway path. It takes a request, environment variables, and context, returning a plain text response. ```javascript export default class Service { async fetch(request, env, ctx) { return new Response("Hello from Worker 1!", { headers: { "content-type": "text/plain" }, }); } } ``` -------------------------------- ### Supabase Authentication API Configuration Source: https://docs.serverlessapigateway.com/configuration/overview JSON configuration for an API Gateway integrated with Supabase for authentication. It specifies Supabase as the authorizer type, JWT secret, issuer, and audience, along with API paths for health checks, authentication, and protected routes. ```json { "$schema": "./api-config.schema.json", "title": "Supabase API Gateway", "description": "API Gateway with Supabase authentication", "cors": { "allow_origins": ["*"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["*"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "authorizer": { "type": "supabase", "jwt_secret": "$env.SUPABASE_JWT_SECRET", "issuer": "https://YOUR_PROJECT_ID.supabase.co/auth/v1", "audience": "authenticated" }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok" } }, { "method": "POST", "path": "/api/v1/supabase/auth", "integration": { "type": "supabase_passwordless_auth" } }, { "method": "POST", "path": "/api/v1/supabase/verify", "integration": { "type": "supabase_passwordless_verify" } }, { "method": "GET", "path": "/api/v1/protected", "response": { "status": "success", "message": "This is a protected endpoint" }, "auth": true } ] } ``` -------------------------------- ### Auth0 Authorizer Configuration (JSON) Source: https://docs.serverlessapigateway.com/configuration/integrations/auth0 This JSON object defines the parameters for configuring Auth0 as an authorizer. It includes essential details like domain, client ID, secrets, redirect URI, and JWKS configuration for JWT verification. Ensure sensitive data is handled securely. ```json { "authorizer": { "type": "auth0", "domain": "your-auth0-domain.auth0.com", "client_id": "your-client-id", "client_secret": "your-client-secret", "redirect_uri": "https://your-api-url/api/v1/auth0/callback", "jwks": "{JSON Escaped JWKS}", "jwks_uri": "https://your-auth0-domain.auth0.com/.well-known/jwks.json", "scope": "openid profile email" } } ``` -------------------------------- ### Auth0 Authentication API Configuration Source: https://docs.serverlessapigateway.com/configuration/overview JSON configuration for an API Gateway integrated with Auth0 for authentication. It includes Auth0 domain, client ID, client secret, redirect URIs, JWKS URI, and scope, along with API paths for health checks, callbacks, user info, and protected routes. ```json { "$schema": "./api-config.schema.json", "title": "Auth0 API Gateway", "description": "API Gateway with Auth0 authentication", "cors": { "allow_origins": ["*"], "allow_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"], "allow_headers": ["*"], "expose_headers": ["*"], "allow_credentials": true, "max_age": 3600 }, "authorizer": { "type": "auth0", "domain": "$env.AUTH0_DOMAIN", "client_id": "$env.AUTH0_CLIENT_ID", "client_secret": "$env.AUTH0_CLIENT_SECRET", "redirect_uri": "https://your-api.com/api/v1/auth0/callback", "callback_uri": "https://your-api.com/api/v1/auth0/callback-redirect", "jwks_uri": "https://your-domain.us.auth0.com/.well-known/jwks.json", "scope": "openid profile email" }, "paths": [ { "method": "GET", "path": "/health", "response": { "status": "ok" } }, { "method": "GET", "path": "/api/v1/auth0/callback", "integration": { "type": "auth0_callback" } }, { "method": "GET", "path": "/api/v1/auth0/profile", "integration": { "type": "auth0_userinfo" }, "auth": true }, { "method": "GET", "path": "/api/v1/protected", "response": { "status": "success", "message": "This is a protected endpoint" }, "auth": true } ] } ``` -------------------------------- ### Add Prefix to API Gateway Requests (JSON) Source: https://docs.serverlessapigateway.com/configuration/paths/add-and-remove-prefix This configuration adds a prefix to incoming requests. The 'servers' section defines the backend server with an alias, and the 'paths' section routes requests matching the pattern to this server, appending the prefix from the server URL. The '.+' in the path captures the remaining part of the URL to be appended. ```json { "servers": [ { "alias": "prefixing", "url": "https://sub.serverlessapigw.com/prefix/" } ], "paths": [ { "method": "GET", "path": "/{.+}", "integration": { "type": "http_proxy", "server": "prefixing" } } ] } ```