Skip to main content

Examples cookbook: Custom routes

This page is part of the back end customization examples cookbook. Please ensure you've read its introduction.

💭 Context:

Out of the box, FoodAdvisor does not control access to its content-type endpoints.

Let's say we previously created a policy to restrict access to the "Reviews" content-type to some conditions, for instance to prevent a restaurant's owner to create a review for their restaurants. We must now enable the policy on the route we use to create reviews.

🎯 Goals:

  • Explicitly define a routes configuration for the "Reviews" content-type.
  • Configure the route used when creating a review to:

Additional information can be found in the Policies and Routes documentation.

🧑‍💻 Code example:

In the /api folder of the FoodAdvisor project, replace the content of the api/src/api/review/routes/review.js file with the following code:

src/api/review/routes/review.js

'use strict';

const { createCoreRouter } = require('@strapi/strapi').factories;

module.exports = createCoreRouter('api::review.review', {
config: {
create: {
auth: false, // set the route to bypass the normal Strapi authentication system
policies: ['is-owner-review'], // set the route to use a custom policy
middlewares: [],
},
},
});

:::strapi What's next? Learn more about how to configure custom middlewares to perform additional actions that extend your Strapi-based application. :::