Overview
The /post endpoint demonstrates how to restrict an endpoint to accept only specific HTTP methods. This endpoint only accepts POST requests and rejects all other methods (GET, PUT, DELETE, etc.).
Endpoint Details
- Method: POST only
- Path:
/post
- Authentication: None required
- Backend:
/__debug/post (fake API debug endpoint)
Try It
POST Request (Success)
curl -X POST http://localhost:8080/post
GET Request (Fails)
curl http://localhost:8080/post
HTTP/1.1 405 Method Not Allowed
Configuration
From config/krakend/krakend.json:
{
"endpoint": "/post",
"method": "POST",
"backend": [
{
"url_pattern": "/__debug/post"
}
]
}
Key Configuration
Method Restriction
This configuration:
- Accepts: Only POST requests
- Rejects: GET, PUT, DELETE, PATCH, HEAD, OPTIONS with HTTP 405
- No Array: Unlike some configurations,
method accepts a single string, not an array
If you omit the method field, KrakenD accepts all HTTP methods by default and forwards them to the backend.
HTTP Method Validation
KrakenD validates the method before processing the request:
Client → KrakenD (method check) → Backend
↓ if wrong method
405 Method Not Allowed
- No backend call is made for invalid methods
- Saves backend resources
- Provides immediate feedback to clients
Supported Methods
You can restrict endpoints to any standard HTTP method:
// POST only
"method": "POST"
// GET only
"method": "GET"
// PUT only
"method": "PUT"
// DELETE only
"method": "DELETE"
// PATCH only
"method": "PATCH"
KrakenD does not support multiple methods in a single endpoint. To accept multiple methods, create separate endpoint configurations for each method.
Multiple Methods Example
If you need to handle both GET and POST on the same path, create two endpoint entries:
{
"endpoints": [
{
"endpoint": "/resource",
"method": "GET",
"backend": [
{
"url_pattern": "/resources"
}
]
},
{
"endpoint": "/resource",
"method": "POST",
"backend": [
{
"url_pattern": "/resources",
"method": "POST"
}
]
}
]
}
Use Cases
1. API Design Clarity
Explicitly document which methods each endpoint supports:
{
"endpoint": "/users",
"method": "POST",
"backend": [{"url_pattern": "/users"}]
}
2. Security
Prevent accidental method exposure:
{
"endpoint": "/admin/reset-password",
"method": "POST",
"backend": [{"url_pattern": "/admin/reset-password"}]
}
3. RESTful Design
Enforce REST conventions:
// List resources - GET only
{
"endpoint": "/products",
"method": "GET",
"backend": [{"url_pattern": "/products"}]
}
// Create resource - POST only
{
"endpoint": "/products",
"method": "POST",
"backend": [{"url_pattern": "/products"}]
}
// Update resource - PUT only
{
"endpoint": "/products/{id}",
"method": "PUT",
"backend": [{"url_pattern": "/products/{id}"}]
}
4. Backend Protection
Prevent method-based attacks on backends:
{
"endpoint": "/data",
"method": "GET",
"backend": [{"url_pattern": "/data"}]
}
Backend Method Forwarding
By default, KrakenD forwards the same HTTP method to the backend:
{
"endpoint": "/post",
"method": "POST",
"backend": [
{
"url_pattern": "/__debug/post"
// method: POST is forwarded automatically
}
]
}
{
"endpoint": "/get-as-post",
"method": "GET",
"backend": [
{
"url_pattern": "/data",
"method": "POST"
}
]
}
Error Response
When a client uses the wrong method:
$ curl -X GET http://localhost:8080/post
HTTP/1.1 405 Method Not Allowed
Content-Type: application/json
{
"error": "Method not allowed"
}
- Status Code: 405 Method Not Allowed
- Reason: Standard HTTP error for unsupported methods
- Headers: No CORS or other method-related headers
Testing Different Methods
# POST - ✓ Allowed
curl -X POST http://localhost:8080/post
# GET - ✗ Not allowed
curl -X GET http://localhost:8080/post
# PUT - ✗ Not allowed
curl -X PUT http://localhost:8080/post
# DELETE - ✗ Not allowed
curl -X DELETE http://localhost:8080/post
# PATCH - ✗ Not allowed
curl -X PATCH http://localhost:8080/post
Learn More