Authentication and API Security
Add API key validation, CORS headers, and rate limiting filters.
Why API Security Matters
A Plumber API is a public HTTP server. Without authentication, anyone who can reach the port can call your endpoints. Security layers include authentication (who are you?), authorization (what can you do?), input validation, and transport security.
Plumber Filters as Middleware
Filters in Plumber run before the route handler. Use pr_filter(name, function(req, res){...}) to add middleware that inspects every request. Call plumber::forward() to pass to the next filter or route; return early to reject.
# library(plumber)
# pr <- plumb('api.R')
# pr |>
# pr_filter('logger', function(req, res) {
# cat(req$REQUEST_METHOD, req$PATH_INFO, '
')
# plumber::forward() # must call to continue
# }) |>
# pr_run(port = 8000)All lessons in this course
- Introduction to Plumber and REST
- Creating GET and POST Endpoints
- Authentication and API Security
- Deploying Plumber APIs to Production