Skip to content
Wrapd

Public Endpoints

By default, all Wrapd endpoints require an API key. Setting public: true on an endpoint makes it callable by anyone without authentication.

Configuration

Section titled “Configuration”
version: 1
endpoints:
  - name: health
    method: GET
    command: echo
    args:
      - name: msg
        default: "ok"
    public: true


  - name: deploy
    command: ./deploy.sh
    method: POST
    # public not set → requires X-API-Key

When to use public endpoints

Section titled “When to use public endpoints”
  • Health checks — let monitoring services ping your endpoint without managing API keys
  • Status pages — expose system status for embedding in dashboards
  • Webhooks — accept POSTs from services that can’t send custom headers (e.g. GitHub, Stripe)
  • Demos — share an endpoint URL that anyone can try

Security

Section titled “Security”

Public endpoints still run real commands on your server. Only expose safe, read-only commands as public. Avoid exposing endpoints that write data, delete files, or accept untrusted input.

Quotas

Section titled “Quotas”

Public endpoint calls count toward your monthly execution quota, same as private calls. This prevents abuse of public endpoints from draining your account.

Finding the URL

Section titled “Finding the URL”

In the dashboard, public endpoints are labeled with a PUBLIC badge. The endpoint detail panel shows the shareable URL and a cURL example without the X-API-Key header.