Endpoints
Restrict access to your Secured Signal API.
Default
Secured Signal API is just a proxy, which means any and all the Signal CLI REST API endpoints are available, because of security concerns the following endpoints are blocked:
| Endpoint | |
|---|---|
| /v1/configuration | /v1/unregister |
| /v1/devices | /v1/contacts |
| /v1/register | /v1/accounts |
| /v1/qrcodelink |
Customize
important
- Matching uses regex
- On compile error exact match is used instead
warning
Remember that some symbols have special meanings in regex, a good rule of thumb is:
- If it is a special character, it probably needs to be escaped (
/) if you are not looking to use regex - Otherwise test your pattern on a regex testing site
You can modify endpoints by configuring access.endpoints in your config:
settings:
access:
endpoints:
- "!/v1/register"
- "!/v1/unregister"
- "!/v1/qrcodelink"
- "!/v1/contacts"
- /v2/send
By default, adding an endpoint explicitly allows access to it, use ! to block it instead.
note
When using ! to block you must enclose the endpoint in quotes, like in the example above
Behavior
| Allow | Block | Result |
|---|---|---|
/v2/send | — | Only /v2/send allowed |
| — | !/v1/receive | All allowed, except /v1/receive |
/v2/send | !/v2/.* | Only /v2/send allowed |
Rules
- Default: allow all
- Allow rules exist: default block
- Only block rules exist: default allow
- Explicit allow overrides block