Examples cookbook: Custom routes
This page is part of the back end customization examples cookbook. Please ensure you've read its introduction.
π Context:
Out of the box, FoodAdvisor does not control access to its content-type endpoints.
Let's say we previously created a policy to restrict access to the "Reviews" content-type to some conditions, for instance to prevent a restaurant's owner to create a review for their restaurants. We must now enable the policy on the route we use to create reviews.
π― Goals:
- Explicitly define a routes configuration for the "Reviews" content-type.
- Configure the route used when creating a review to:- bypass the default Strapi authentication system
- and restrict access depending on the previously defined custom policy.
 
π§βπ» Code example:
In the /api folder of the FoodAdvisor project, replace the content of the api/src/api/review/routes/review.js file with the following code:
'use strict';
const { createCoreRouter } = require('@strapi/strapi').factories;
module.exports = createCoreRouter('api::review.review', {
  config: {
    create: {
      auth: false, // set the route to bypass the normal Strapi authentication system
      policies: ['is-owner-review'], // set the route to use a custom policy
      middlewares: [],
    },
  },
});
Learn more about how to configure custom middlewares to perform additional actions that extend your Strapi-based application.