Configuring the REST API properties via panel.ini
By default, REST API allows only HTTPS requests. HTTPS encrypts and secures the data sent via REST API. However, you can configure REST API to accept requests sent via plain HTTP. To do so, add the following lines to the
[api] allowPlainHttpAccess = on
Note: For security reasons, we do not recommend sending REST API requests via HTTP.
Disabling or limiting CORS
By default, REST API allows cross-origin resource sharing (CORS). To enhance security, you can completely disable CORS or restrict it to particular domains and HTTP methods. To disable CORS, add the following lines to the
[ext-rest-api] cors.enabled = off
If you do not want to completely disable CORS, you can restrict its usage to particular domains and methods. To do so, add lines of the following pattern to the
[ext-rest-api] cors.origin = domain_name cors.methods = HTTP_method
For example, to accept cross-origin API requests only with the GET and POST methods and only from example.com, add the following lines to
[ext-rest-api] cors.origin = example.com cors.methods = GET,POST
Leave your feedback on this topic here
If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.