Skip to main content

Access Control Example

The Implementing Access Control page has been updated with links to the relevant areas on how to implement access control.


As part of the effort to help ATSs implement Access Control, the following have been added:

hapiApi additions

  • jwtHeaderValuePrefix which is used when attaching the x-authorization header to the request headers. The default is Bearer TOKENHERE and the setter function setJWTHeaderValuePrefix
  • responseInterceptorId and responseInterceptorOptions to be able to add response interceptor so that any response with status 401 can run side effects
  • retryOptions for the axios-retry package so it can be changed
  • onAfterResponseFulfilledHandler and onAfterResponseRejectedHandler callback functions to run side effects on response status
  • removeResponseInterceptorFromAxiosInstance and addResponseInterceptorToAxiosInstance to eject and inject the response interceptor based on values of onAfterResponseFulfilledHandler and onAfterResponseRejectedHandler
  • getModuleConfigs, getFlattenedModuleConfigs, getFlattenedModuleConfigURLs, getFlattenedModuleConfigURLPaths functions to help ATSs figure out routes of HAPI Backend for their Access Control implementations