Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
66f947f8
Commit
66f947f8
authored
Apr 23, 2021
by
Mikhail Mazurskiy
Committed by
Marcia Ramos
Apr 23, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Prefer external API endpoints
parent
7d7151f0
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
0 deletions
+16
-0
doc/development/internal_api.md
doc/development/internal_api.md
+16
-0
No files found.
doc/development/internal_api.md
View file @
66f947f8
...
@@ -14,6 +14,22 @@ working on the GitLab codebase.
...
@@ -14,6 +14,22 @@ working on the GitLab codebase.
This documentation does not yet include the internal API used by
This documentation does not yet include the internal API used by
GitLab Pages.
GitLab Pages.
## Adding new endpoints
API endpoints should be externally accessible by default, with proper authentication and authorization.
Before adding a new internal endpoint, consider if the API would potentially be
useful to the wider GitLab community and can be made externally accessible.
One reason we might favor internal API endpoints sometimes is when using such an endpoint requires
internal data that external actors can not have. For example, in the internal Pages API we might use
a secret token that identifies a request as internal or sign a request with a public key that is
not available to a wider community.
Another reason to separate something into an internal API is when request to such API endpoint
should never go through an edge (public) load balancer. This way we can configure different rate
limiting rules and policies around how the endpoint is being accessed, because we know that only
internal requests can be made to that endpoint going through an internal load balancer.
## Authentication
## Authentication
These methods are all authenticated using a shared secret. This secret
These methods are all authenticated using a shared secret. This secret
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment