Endpoints
Restrict access to your Secured Signal API.
Default
Secured Signal API acts as a proxy, this means any and all the Signal CLI REST API endpoints are available, because of security concerns the following endpoints are blocked:
| Endpoint | |
|---|---|
| /v1/configuration | /v1/unregister |
| /v1/devices | /v1/contacts |
| /v1/register | /v1/accounts |
| /v1/qrcodelink |
Customize
You can modify endpoints by configuring access.endpoints in your config:
settings:
access:
endpoints:
allowed:
- /v2/send
blocked:
- pattern: /v1/register
matchType: prefix
- pattern: /v1/unregister
matchType: prefix
- pattern: /v1/qrcodelink
matchType: prefix
- pattern: /v1/contacts
matchType: prefix
Match Types
Available options for matchType are:
| Value Type | Match Type | Notes | |
|---|---|---|---|
| string | equals | pattern ~= string | case-incensitive |
| string | contains | pattern.Contains(string) | case-incensitive |
| string | prefix | string.StartsWith(pattern) | case-incensitive |
| string | suffix | string.EndsWith(pattern) | case-incensitive |
| string | regex | example: [^\S] only non-whitespace | regex |
| string | glob | example: [abc] only a|b|c | glob-style pattern |
warning
Remember that some symbols have special meanings in regex, a good rule of thumb is:
- If it is a special character, it probably needs to be escaped (
/) - Otherwise test your pattern on a regex testing site
Behavior
| Allow | Block | Result |
|---|---|---|
/v2/send | — | Only /v2/send allowed |
| — | /v1/receive | All allowed, except /v1/receive |
/v2/send | /v2/.* (regex) | Only /v2/send allowed |
Rules
- Default: allow all
- Allow rules exist: default block
- Only block rules exist: default allow
- Explicit allow overrides block