Skip to main content

Creating a plugin proxy

To access authenticated external APIs with your plugin, you can configure a plugin proxy.

Plugin proxies try to match incoming requests against configured URL prefixes and apply rules to those requests (such as adding headers) before propagating the request to the specified downstream URL. Header rules have access to secrets via Mustache-like templating for easy authentication.

Plugin proxies must be explicitly associated with a particular plugin in the plugin configuration; once specified, all proxyFetch requests made by that plugin will use the proxy. If no proxy is defined for a plugin, no special logic will apply and requests will be propagated to downstream URLs without modification.

Considerations

When creating a plugin proxy, consider the following:

  • If there are multiple matching URL prefixes with overlapping header keys, the more specific (i.e. longer) prefix rules will be used.
  • If a request from the plugin is invoked with header keys that overlap the proxy ruleset, the request-specific header values will be used.

How to create a plugin proxy

Users with the Edit plugin proxies permission can create a plugin proxy.

  1. If you are using a proxy with sensitive information, such as an access token, first follow the steps to create a secret for your proxy.
  2. Navigate to Plugins and click the "Proxies" tab.
  3. Click Create proxy.
  4. Configure the proxy:
    • Name: Enter a human-readable name for the proxy.
    • Tag: This field is automatically populated based on the name. It is a unique identifier for the proxy.
    • URLs: Click Add URL to configure URL prefixes to apply rules to requests going through this proxy. All requests passing through this proxy that match the URL prefix will have a set of rules applied.
  5. Click Create proxy.

See a sample plugin proxy configuration and sample plugin code below under Example plugin proxy configuration.

Example plugin proxy configuration

{
  "id": "22",
  "tag": "github",
  "urlConfigurations": {
    "https://api.github.com": {
      "headers": [
        { "key": "X-GitHub-API-Version", "value": "2022-11-28" },
        { "key": "Authorization", "value": "Bearer {{ secrets.github_read_token }}" }
      ]
    }
  }
}

Example plugin code

import { CortexApi } from "@cortexapps/plugin-core";

const getGithubReleases = async (ownerName: string, repoName: string) => {
  const githubReleases = await fetch(`http://api.github.com/repo/${ownerName}/${repoName}/releases`);
  return githubReleases.json();
};

In this scenario, the request to fetch GitHub requests will be sent with the X-GitHub-API-Version and Authorization headers, with the Authorization header value interpolated to include the github_read_token secret if it exists in your Cortex workspace.