Services /
Update service ports
Updates the list of ports for the given service.
Required permission
Project > Services > General > Update
Path parameters
projectId
string requiredID of the projectserviceId
string requiredID of the service
Request body
- {object}
ports
[array] requiredAn array of ports to replace or update existing ports with.- {object}
id
stringThe id of an existing port. Pass this when changing in order to keep security configurations.pattern^[a-z]-?[a-z0-9]+(-[a-z0-9]+)*$name
string requiredThe name used to identify the port.min length1max length8pattern^[a-zA-Z](-?[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*)?$internalPort
integer requiredThe port number.min1max65535public
booleanIf true, the port will be exposed publicly.protocol
string requiredThe protocol to use for the port. Public ports only support `HTTP` and `HTTP/2`.one ofHTTP, HTTP/2, TCP, UDPdomains
[array]An array of domains to redirect to this port. Each domain must first be verified and registered to your account.- stringA domain to redirect to this port.
security
{object}credentials
[array]An array of credentials to access the service.- {object}
username
string requiredThe username to access the servicemin length3max length39pattern^[a-zA-Z](-?[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*)?$password
string requiredThe password to access the service with this username.type
string requiredThe type of authentication usedone ofbasic-authip
[array]An array of IP address policies.- {object}
addresses
[array] requiredAn array of IP addresses used for this rule- stringAn IP address used by this rule
action
string requiredThe action for this rule.one ofALLOW, DENYpolicies
[array]An array of IP address policies.- {object}
addresses
[array] requiredAn array of IP addresses used for this rule- stringAn IP address used by this rule
action
string requiredThe action for this rule.one ofALLOW, DENYsso
{object}Configure port authentication via SSOorganizationId
stringID of the SSO organization that the user will have to be a member ofdirectoryGroupIds
[array]Array of directory groups that will have access- string
validateInternalTraffic
booleanEnforce internal traffic through SSO authentication flowsetCookieOnRootDomain
booleanSet SSO authentication cookie on root domainallowInternalTrafficViaPublicDns
booleanAllow internal traffic from same or shared projects via public DNS to skip SSO authentication flowheaders
[array]List of header authentication settings, it checks the presence of all headers and compares it against the expected value. Wildcard (*) is supported.- (multiple options: anyOf)
- {object}Matches provided headers as strings.
regexMode
booleanname
string requiredpattern^[a-zA-Z0-9_\-%$+]+$value
string required- {object}Matches provided headers as regex.
regexMode
booleanname
string requiredvalue
string requiredverificationMode
stringMode used to verify multiple security features like ip policies and SSO authenticationone ofor, andsecurePathConfiguration
{object}enabled
booleanEnable security policies on a path-level styleskipSecurityPoliciesForInternalTrafficViaPublicDns
booleanAllow internal traffic from same or shared projects via public DNS to skip all security policiesrules
[array]- {object}
paths
[array] requiredArray of path objects which represent the paths and their priority for which the security policies will be enforced- (multiple options: oneOf)Data about how the path should be handled.
- {object}Route when the path starts with the provided prefix.
path
string requiredpattern^\/([_a-zA-Z0-9-&?=.]*)((\/[_a-zA-Z0-9-&?=.]+)*(\/)?)?$routingMode
string requiredMode of the path, determining how the URI will be interpreted.one ofprefixpriority
integer requiredmin0max100- {object}Route when the path is an exact match.
path
string requiredpattern^\/([_a-zA-Z0-9-&?=.]*)((\/[_a-zA-Z0-9-&?=.]+)*(\/)?)?$routingMode
string requiredMode of the path, determining how the URI will be interpreted.one ofexactpriority
integer requiredmin0max100- {object}Route when the path matches the provided regex.
path
string requiredroutingMode
string requiredMode of the path, determining how the URI will be interpreted.one ofregexpriority
integer requiredmin0max100accessMode
string requiredSpecify the way the path rule will behave when processing policies. This enables an allow-list/deny-list approach for access control on each pathone ofprotected, unprotectedsecurityPolicies
{object}orPolicies
{object}credentials
[array]An array of credentials to access the service.- {object}
username
string requiredThe username to access the servicemin length3max length39pattern^[a-zA-Z](-?[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*)?$password
string requiredThe password to access the service with this username.type
string requiredThe type of authentication usedone ofbasic-authip
[array]An array of IP address policies.- {object}
addresses
[array] requiredAn array of IP addresses used for this rule- stringAn IP address used by this rule
action
string requiredThe action for this rule.one ofALLOW, DENYpolicies
[array]An array of IP address policies.- {object}
addresses
[array] requiredAn array of IP addresses used for this rule- stringAn IP address used by this rule
action
string requiredThe action for this rule.one ofALLOW, DENYsso
{object}Configure port authentication via SSOorganizationId
stringID of the SSO organization that the user will have to be a member ofdirectoryGroupIds
[array]Array of directory groups that will have access- string
validateInternalTraffic
booleanEnforce internal traffic through SSO authentication flowsetCookieOnRootDomain
booleanSet SSO authentication cookie on root domainallowInternalTrafficViaPublicDns
booleanAllow internal traffic from same or shared projects via public DNS to skip SSO authentication flowheaders
[array]List of header authentication settings, it checks the presence of all headers and compares it against the expected value. Wildcard (*) is supported.- (multiple options: anyOf)
- {object}Matches provided headers as strings.
regexMode
booleanname
string requiredpattern^[a-zA-Z0-9_\-%$+]+$value
string required- {object}Matches provided headers as regex.
regexMode
booleanname
string requiredvalue
string requiredrequiredPolicies
{object}credentials
[array]An array of credentials to access the service.- {object}
username
string requiredThe username to access the servicemin length3max length39pattern^[a-zA-Z](-?[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*)?$password
string requiredThe password to access the service with this username.type
string requiredThe type of authentication usedone ofbasic-authip
[array]An array of IP address policies.- {object}
addresses
[array] requiredAn array of IP addresses used for this rule- stringAn IP address used by this rule
action
string requiredThe action for this rule.one ofALLOW, DENYpolicies
[array]An array of IP address policies.- {object}
addresses
[array] requiredAn array of IP addresses used for this rule- stringAn IP address used by this rule
action
string requiredThe action for this rule.one ofALLOW, DENYsso
{object}Configure port authentication via SSOorganizationId
stringID of the SSO organization that the user will have to be a member ofdirectoryGroupIds
[array]Array of directory groups that will have access- string
validateInternalTraffic
booleanEnforce internal traffic through SSO authentication flowsetCookieOnRootDomain
booleanSet SSO authentication cookie on root domainallowInternalTrafficViaPublicDns
booleanAllow internal traffic from same or shared projects via public DNS to skip SSO authentication flowheaders
[array]List of header authentication settings, it checks the presence of all headers and compares it against the expected value. Wildcard (*) is supported.- (multiple options: anyOf)
- {object}Matches provided headers as strings.
regexMode
booleanname
string requiredpattern^[a-zA-Z0-9_\-%$+]+$value
string required- {object}Matches provided headers as regex.
regexMode
booleanname
string requiredvalue
string requireddisableNfDomain
booleanDisable routing on the default code.run domain for public HTTP ports with custom domains.
OR
OR
OR
OR
OR
Response body
- {object}Response object.
data
{object} requiredResult data.
API
CLI
JS Client
POST /v1/projects/{projectId}/services/{serviceId}/ports
Example request
Request body
curl
curl --header "Content-Type: application/json" \
--header "Authorization: Bearer NORTHFLANK_API_TOKEN" \
--request POST \
--data '{"ports":[{"id":"p01","name":"p01","internalPort":12345,"public":true,"protocol":"HTTP","domains":["app.example.com"],"security":{"credentials":[{"username":"admin","password":"password123","type":"basic-auth"}],"ip":[{"addresses":["127.0.0.1"],"action":"DENY"}],"policies":[{"addresses":["127.0.0.1"],"action":"DENY"}],"headers":[{"regexMode":false}],"securePathConfiguration":{"rules":[{"paths":[{"routingMode":"prefix"}],"securityPolicies":{"orPolicies":{"credentials":[{"username":"admin","password":"password123","type":"basic-auth"}],"ip":[{"addresses":["127.0.0.1"],"action":"DENY"}],"policies":[{"addresses":["127.0.0.1"],"action":"DENY"}],"headers":[{"regexMode":false}]},"requiredPolicies":{"credentials":[{"username":"admin","password":"password123","type":"basic-auth"}],"ip":[{"addresses":["127.0.0.1"],"action":"DENY"}],"policies":[{"addresses":["127.0.0.1"],"action":"DENY"}],"headers":[{"regexMode":false}]}}}]}}}]}' \
https://api.northflank.com/v1/projects/{projectId}/services/{serviceId}/portsExample response
200 OK
The operation was performed successfully.
JSON
{
"data": {}
}Example response
404 Not Found
One of the provided domains has not been registered to this account.