You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Plugin controllers are plain factory functions and do not extend createCoreController.
30317
+
Description: Plugin controllers are plain factory functions and do not extend createCoreController like in the Strapi core (see backend customization for details).
Copy file name to clipboardExpand all lines: docusaurus/static/llms-full.txt
+26-13Lines changed: 26 additions & 13 deletions
Original file line number
Diff line number
Diff line change
@@ -11307,7 +11307,7 @@ All server code can technically live in the single entry file, but splitting eac
11307
11307
11308
11308
:::note Notes
11309
11309
* The entry file accepts either an object literal or a function that receives `{ strapi }` and returns the same object shape. The function form is useful when you need a reference to the Strapi instance at declaration time.
11310
-
* `config` is a configuration object, not an executable lifecycle hook. Unlike `register()`, `bootstrap()`, or `destroy()`, it is not called as a function during the plugin lifecycle. It is loaded at startup and used to set defaults and validate user configuration.
11310
+
* `config` is a configuration object, not an executable lifecycle hook. Unlike `register()`, `bootstrap()`, or `destroy()`, it is not called as a function during the plugin lifecycle. It is loaded at startup and used to set defaults and validate user configuration. See [server lifecycle](/cms/plugins-development/server-lifecycle) for more information.
11311
11311
:::
11312
11312
11313
11313
## Available actions
@@ -11335,7 +11335,7 @@ Use the following table to find which capability matches your goal:
11335
11335
The following cards link directly to each dedicated page:
11336
11336
11337
11337
:::strapi Backend customization
11338
-
Plugin routes, controllers, services, policies, and middlewares follow the same conventions as [backend customization](/cms/backend-customization) in a standard Strapi application. The Server API wraps these into the plugin namespace automatically — see [Content-types](/cms/plugins-development/server-content-types#uids-and-naming-conventions) for details on UIDs and naming conventions.
11338
+
Plugin routes, controllers, services, policies, and middlewares follow the same conventions as [backend customization](/cms/backend-customization) in a standard Strapi application. The Server API wraps these into the plugin namespace automatically (see [server content types](/cms/plugins-development/server-content-types#uids-and-naming-conventions) for details on UIDs and naming conventions).
11339
11339
:::
11340
11340
11341
11341
@@ -11421,7 +11421,7 @@ This UID is used consistently across all APIs:
11421
11421
Controllers, services, policies, and middlewares use the same `plugin::<plugin-name>.<resource-name>` UID format for global getters, but are referenced by their short registry key (e.g., `'article'`) within plugin-level APIs such as route `handler` and `policies`. See [Getters & usage](/cms/plugins-development/server-getters-usage) for details.
11422
11422
:::
11423
11423
11424
-
## Accessing content-types at runtime
11424
+
## Access at runtime
11425
11425
11426
11426
### Querying with the Document Service API
11427
11427
@@ -11471,7 +11471,7 @@ Controllers and services are the 2 building blocks that handle request processin
11471
11471
11472
11472
When your plugin exposes Content API routes, sanitize query parameters and output data before returning them. This prevents leaking private fields or bypassing access rules.
11473
11473
11474
-
Plugin controllers are plain factory functions and do not extend `createCoreController`. This means the `this.sanitizeQuery` and `this.sanitizeOutput` shorthands are not available. Use `strapi.contentAPI.sanitize` directly instead, passing the content-type schema explicitly:
11474
+
Plugin controllers are plain factory functions and do not extend `createCoreController` like in the Strapi core (see [backend customization](/cms/backend-customization/controllers) for details). This means the `this.sanitizeQuery` and `this.sanitizeOutput` shorthands are not available. Use `strapi.contentAPI.sanitize` directly instead, passing the content-type schema explicitly:
11475
11475
11476
11476
</Tabs>
11477
11477
@@ -11528,7 +11528,7 @@ Plugin server resources, such as controllers, services, policies, middlewares, a
11528
11528
11529
11529
### Calling a plugin service from bootstrap
11530
11530
11531
-
Services called in `bootstrap()` have access to the full `strapi` instance, including other plugins' services.
11531
+
Services called in `bootstrap()` have access to the full `strapi` instance, including other plugins' services:
11532
11532
11533
11533
</Tabs>
11534
11534
@@ -11540,7 +11540,20 @@ From application-level controllers or services (outside the plugin), or when cal
`strapi.plugin('my-plugin').config('key')` reads the merged configuration (user overrides applied on top of plugin defaults). It is the recommended way to read config inside plugin code. See [Server configuration](/cms/plugins-development/server-configuration) for how plugin configuration is declared and merged.
@@ -11562,10 +11575,10 @@ Use the content-type getter when you need the schema object, for example to pass
11562
11575
11563
11576
- **Using an incomplete UID in global getters.** `strapi.service('todo.task')` is not a valid plugin UID. Use the full `plugin::todo.task` form. Without the proper namespace, the service call fails or returns `undefined` at runtime.
11564
11577
11565
-
| Scope | Example UID |
11566
-
| --- | --- |
11567
-
| Plugin service | `plugin::todo.task` |
11568
-
| API service | `api::project.project` |
11578
+
| Scope | Example UID |
11579
+
| --- | --- |
11580
+
| Plugin service | `plugin::todo.task` |
11581
+
| API service | `api::project.project` |
11569
11582
11570
11583
## Best practices
11571
11584
@@ -11656,7 +11669,7 @@ For the full policy reference including GraphQL support and the `policyContext`
11656
11669
11657
11670
## Middlewares
11658
11671
11659
-
A middleware is a Koa-style function that wraps the request/response cycle. Unlike policies (which are pass/fail guards), middlewares can read and modify the request before it reaches the controller, and modify the response after the controller has executed.
11672
+
A middleware is a Koa-style function that wraps the request/response cycle. Unlike [policies](#policies) (which are pass/fail guards), middlewares can read and modify the request before it reaches the controller, and modify the response after the controller has executed.
11660
11673
11661
11674
Plugins can export middlewares in 2 ways:
11662
11675
@@ -11720,7 +11733,7 @@ Routes expose your plugin's HTTP endpoints and map incoming requests to controll
11720
11733
11721
11734
### Named router format
11722
11735
11723
-
Use an object with named keys (`admin`, `content-api`, or any custom name) to declare separate router groups. Each group is a router object with a `type`, optional `prefix`, and a `routes` array. Use this format when your plugin exposes both admin and Content API routes.
11736
+
With the named router format, use an object with named keys (`admin`, `content-api`, or any custom name) to declare separate router groups. Each group is a router object with a `type`, optional `prefix`, and a `routes` array. Use this format when your plugin exposes both admin and Content API routes.
11724
11737
11725
11738
</Tabs>
11726
11739
@@ -11790,7 +11803,7 @@ For configuration examples including policies, public routes, dynamic URL parame
11790
11803
11791
11804
- **Use the named router format when exposing both admin and Content API endpoints.** It makes the intent of each route explicit and avoids relying on the `type` default, which can be surprising.
11792
11805
11793
-
- **Keep `handler` as a string.** String handlers get automatic auth scope generation. Function handlers do not: authentication still runs for both string and function handlers unless you set `config.auth: false`, but only string handlers get automatic `config.auth.scope`. If you use a function handler and need route-level permission scoping, define `config.auth.scope` explicitly.
11806
+
- **Keep `handler` as a string.** String handlers get automatic auth scope generation, function handlers do not. Authentication still runs for both string and function handlers unless you set `config.auth: false`, but only string handlers get automatic `config.auth.scope`. If you use a function handler and need route-level permission scoping, define `config.auth.scope` explicitly.
11794
11807
11795
11808
- **Scope policies to their namespace.** When referencing a plugin policy in a route, use the full `plugin::my-plugin.policy-name` form. This avoids ambiguity if a policy with the same short name exists elsewhere in the application.
Copy file name to clipboardExpand all lines: docusaurus/static/llms.txt
+7-7Lines changed: 7 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -119,13 +119,13 @@
119
119
- [Plugin structure](https://docs.strapi.io/cms/plugins-development/plugin-structure): Learn more about the structure of a Strapi plugin
120
120
- [Plugins extension](https://docs.strapi.io/cms/plugins-development/plugins-extension): Existing plugins can be overriden by placing code in /src/extensions or using global register/bootstrap hooks. Instructions in this documentation cover reshaping plugin content-type schemas or server logic — altough upstream updates may break extensions.
121
121
- [Server API for plugins](https://docs.strapi.io/cms/plugins-development/server-api): The Server API defines what a plugin registers, exposes, and executes on the Strapi server. It covers lifecycle hooks, routes, controllers, services, policies, middlewares, and configuration. Use the entry file to declare what the plugin contributes, then navigate to the dedicated pages below for each capability.
122
-
- [Server configuration](https://docs.strapi.io/cms/plugins-development/server-configuration): Expose a config object with a default property and a validator function. Strapi deep-merges the defaults with the user's config/plugins file, then runs validation before the plugin loads. Read configuration at runtime with strapi.plugin('my-plugin').config('key').
123
-
- [Server content-types](https://docs.strapi.io/cms/plugins-development/server-content-types): Export a contentTypes object from the server entry file to declare plugin content-types. Each key must match the content-type's info.singularName. The UID follows the plugin:: . convention and is used to query, sanitize, and reference the content-type at runtime.
124
-
- [Server controllers & services](https://docs.strapi.io/cms/plugins-development/server-controllers-services): Controllers handle the HTTP layer: they receive ctx, call services, and return responses. Services hold reusable business logic and interact with content-types through the Document Service API. Keep controllers thin and put domain logic in services.
125
-
- [Server getters & usage](https://docs.strapi.io/cms/plugins-development/server-getters-usage): Access plugin resources through top-level getters (strapi.plugin('my-plugin').service('name')) or global getters (strapi.service('plugin::my-plugin.name')). Both return the same object. Use top-level getters inside your own plugin, and global getters from application code or other plugins. Routes have no global getter equivalent. Configuration uses dedicated config APIs.
126
-
- [Server lifecycle](https://docs.strapi.io/cms/plugins-development/server-lifecycle): Use register() to declare capabilities before the app is fully initialized, bootstrap() to run logic once Strapi is initialized, and destroy() to clean up resources on shutdown. Each function receives { strapi } as its argument.
127
-
- [Server policies & middlewares](https://docs.strapi.io/cms/plugins-development/server-policies-middlewares): Policies run before a controller action and return true or false to allow or block the request. Middlewares run in sequence around the full request/response cycle and call next() to continue. Declare policies and middlewares as objects of factory functions and reference them by their plugin-namespaced name in routes.
128
-
- [Server routes](https://docs.strapi.io/cms/plugins-development/server-routes): Export a routes value from the server entry file to expose plugin endpoints. Use the array format for simple cases, the named router format to separate admin and Content API routes, or the factory callback format for dynamic route configuration.
122
+
- [Server configuration](https://docs.strapi.io/cms/plugins-development/server-configuration): The Server API exposes a config object with a default property and a validator function. Strapi deep-merges the defaults with the user's config/plugins file, then runs validation before the plugin loads. Read configuration at runtime with strapi.plugin('my-plugin').config('key').
123
+
- [Server content-types](https://docs.strapi.io/cms/plugins-development/server-content-types): The Server API exports a contentTypes object from the server entry file to declare plugin content-types. The UID follows the plugin:: . convention and is used to query, sanitize, and reference the content-type at runtime.
124
+
- [Server controllers & services](https://docs.strapi.io/cms/plugins-development/server-controllers-services): Just like the Strapi core, plugins can have controllers and services. Plugin controllers handle the HTTP layer: they receive ctx, call services, and return responses. Plugin services hold reusable business logic and interact with content-types through the Document Service API. Keep controllers thin and put domain logic in services.
125
+
- [Server getters & usage](https://docs.strapi.io/cms/plugins-development/server-getters-usage): Access plugin resources through top-level getters (strapi.plugin('my-plugin').service('name')) or global getters (strapi.service('plugin::my-plugin.name')). Both return the same object. Use top-level getters inside your own plugin, and global getters from application code or other plugins. Routes have no global getter equivalent. Configuration uses dedicated configuration APIs.
126
+
- [Server lifecycle](https://docs.strapi.io/cms/plugins-development/server-lifecycle): The Server API has 3 lifecycle functions. Use register() to declare capabilities before the app is fully initialized, bootstrap() to run logic once Strapi is initialized, and destroy() to clean up resources on shutdown. Each function receives { strapi } as its argument.
127
+
- [Server policies & middlewares](https://docs.strapi.io/cms/plugins-development/server-policies-middlewares): Just like the Strapi core, plugins can have policies and middlewares. Plugin policies run before a controller action and return true or false to allow or block the request. Plugin middlewares run in sequence around the full request/response cycle and call next() to continue. Declare policies and middlewares as objects of factory functions and reference them by their plugin-namespaced name in routes.
128
+
- [Server routes](https://docs.strapi.io/cms/plugins-development/server-routes): The Server API exports a routes value from the server entry file to expose plugin endpoints. Use the array format for simple cases, the named router format to separate admin and Content API routes, or the factory callback format for dynamic route configuration.
129
129
- [Documentation plugin](https://docs.strapi.io/cms/plugins/documentation): The Documentation plugin auto-generates OpenAPI/Swagger docs for your API by scanning content types and routes. This documentation walks you through installation, customizing settings, and restricting access to the docs.
130
130
- [GraphQL plugin](https://docs.strapi.io/cms/plugins/graphql): The GraphQL plugin adds a GraphQL endpoint and Apollo-based sandbox for crafting queries and mutations. Options in config/plugins let you tune depth, item limits, and other Apollo Server settings which are explained in this documentation.
131
131
- [Installing Plugins via the Marketplace](https://docs.strapi.io/cms/plugins/installing-plugins-via-marketplace): The in-app Marketplace lists plugins and providers with badges, search, and “More” links to detailed Strapi Market pages. This documentation outlines browsing cards and following provider-specific instructions to install new integrations.
0 commit comments