News Turn any service into MCP tools - Released EE v2.12

Enterprise Documentation

Document updated on Oct 16, 2025

Endpoint Configuration

Endpoint Configuration

Endpoints are the most important core concept in KrakenD. An oversimplification is that they define the available routes and protocols the gateway supports. For instance, you create a /foo route and this connects to a foo.example.com to fetch the data. If you are familiar with the API or AI Gateway offering, as you continue reading, you will quickly realize that KrakenD is quite different from other products.

Instead of acting as a mere proxy and coupling one sad route to one sad underlying service of the same type, in KrakenD you define the API contract you want to expose, and then you create the composite of services that fulfill the contract. Said otherwise, create whatever API definition you want, and plug it into your existing stack. It does not matter the protocols or encodings you have on each side, as KrakenD takes care of transforming the data for you.

For example, say you declare a route that offers REST API content on `/foo, but you want to aggregate the results of querying a gRPC server, a regular REST API, a Lambda service, and an LLM Model altogether. Or maybe you want to offer all the latter under a gRPC server. Or maybe you have a twenty-year-old SOAP service and want to create an MPC Server instantly so your AI client can talk “naturally” to it. All that and more is available as an endpoint.

Because KrakenD treats users’ interactions with the gateway and the gateway’s interactions with services separate, endpoints are a piece of magic that can complete all kinds of use cases.

The endpoint object

Deep dive into the configuration
If you are still getting familiar with KrakenD’s configuration structure, take a moment to read Understanding the configuration file. This section explains what an endpoint looks like, but take a moment to understand the different pieces.

We refer to all routes as families, regardless of their transport nature (HTTP, WebSockets, SOAP, etc.), as endpoints. Each of these endpoints can retrieve data from one or more different upstream services, which we collectively call the backend array.

The endpoints array in the configuration contains the API definition you are publishing, and is a collection of endpoint objects that granularly define how each route behaves. Because everything is independent and highly configurable, the gateway can feed from a vast ecosystem and can add new functionality to your stack.

To create an endpoint, you only need to add an endpoint object under the endpoints collection of the configuration. An endpoint object should contain at least the endpoint name and a backend section (to which it connects). The defaults are taken if no further information is declared (e.g., method will be a GET, and output_encoding as json).

A simpleendpoints section for a REST endpoint might look like this:

{
  "$schema": "https://www.krakend.io/schema/v2.12/krakend.json",
  "version": 3,
  "endpoints": [
    {
      "endpoint": "/v1/users/{user}",
      "method": "GET",
      "backend": [
        {
          "url_pattern": "/users/summary/{user}",
          "method": "GET",
          "host": [
            "https://api.example.com"
          ]
        }
      ]
    }
  ]
}

The previous example exposes a REST GET /v1/users/{user} endpoint to the clients and takes the data from your existing backend GET https://api.example.com/users/summary/{user}.

This is the most simple example of an endpoint definition, from here you can add manipulation options, transform the request or the response, and a lot more stuff. See the options below.

Endpoint object configuration

When declaring endpoints objects in the configuration, the following fields are available for each one of them:

Fields of Endpoint Object
* required fields

backend * array
An array with all the backend services you want to use in this endpoint. See the backend object documentation to know all the available options, they are omitted here for brevity.
cache_ttl
Sets or overrides the cache headers to inform how long the client or CDN can cache the request to this endpoint. Setting this value to a zero-value will use the cache_ttl in the root of the configuration if any. This attribute does not cache content but tells others how to do it. For caching, see Caching Backend Responses.
Specify units using ns (nanoseconds), us or µs (microseconds), ms (milliseconds), s (seconds), m (minutes), or h (hours).
concurrent_calls integer
The concurrent requests are an excellent technique to improve the response times and decrease error rates by requesting in parallel the same information multiple times. Yes, you make the same request to several backends instead of asking to just one. When the first backend returns the information, the remaining requests are canceled.
Defaults to 1
endpoint * string
The path of the URL you want to expose. The path is case-sensitive and should start with a slash /. You can use {placeholders} to allow dynamic variables. For example: /foo/{var}/baz. You can also add an ending /* in the path to enable wildcards. Enterprise only.

The router will try to automatically redirect calls to endpoints with an incorrect case or incorrect trailing slash to its correct version offering a 301. There are no guarantees that it will succeed and the request might even fail completely while trying (and log an ugly error with a trace). The safest option is to disable automatic redirections by setting to true the flags disable_redirect_fixed_path and disable_redirect_trailing_slash in the router options.

Limitations: URLs do not support colons : in their definition. All {vars} are meant to be isolated in the path and not to be used to build words, like in /file.{ext} See disable_rest for that usage.
Examples: "/new-endpoint" , "/foo/{var}" , "/foo/{var1}/{var2}"
extra_config object
Besides the functionality ofered by the endpoint, you can load more functionalty into this endpoint by adding new entries under this extra configuration object. You will find across all documentation a lot of functionality that is designed to be placed here.
input_headers array
Defines the list of all headers allowed to reach the backend when passed.

By default, KrakenD won’t pass any header from the client to the backend. This list is case-insensitive. You can declare headers in lowercase, uppercase, or mixed.

An entry ["Cookie"] forwards all cookies, and a single star element ["*"] as value forwards everything to the backend (it’s safer to avoid this option), including cookies. See headers forwarding
Defaults to []
input_query_strings array
Defines the exact list of quey strings parameters that are allowed to reach the backend. This list is case-sensitive.

By default, KrakenD won’t pass any query string to the backend.

A single star element ["*"] as value forwards everything to the backend (it’s safer to avoid this option)
Defaults to []
method
The method supported by this endpoint. Create multiple endpoint entries if you need different methods.
Possible values are: "GET" , "POST" , "PUT" , "PATCH" , "DELETE"
Defaults to "GET"
output_encoding
The gateway can work with several content types, even allowing your clients to choose how to consume the content. See the supported encodings
Possible values are: "json" , "json-collection" , "yaml" , "fast-json" , "xml" , "negotiate" , "string" , "no-op"
Defaults to "json"
timeout string
The duration you write in the timeout represents the whole duration of the pipe, so it counts the time all your backends take to respond and the processing of all the components involved in the endpoint (the request, fetching data, manipulation, etc.). Usually specified in seconds (s) or milliseconds (ms. e.g.: 2000ms or 2s). If you don’t set any timeout, the timeout is taken from the entry in the service level, or to the system’s default
Specify units using ns (nanoseconds), us or µs (microseconds), ms (milliseconds), s (seconds), m (minutes), or h (hours).
Examples: "2s" , "1500ms"
Defaults to "2s"
Schema: https://www.krakend.io/schema/v2.12/endpoint.json

Endpoints with multiple nesting levels

You might have envisioned KrakenD as a proxy and expected its endpoint declaration to work as a prefix and listen to any path with an undetermined number of nesting levels. But KrakenD does not work like this by default. Instead, it expects you to declare every possible URL structure.

For instance, you declared an "endpoint": "/user/{id}" and you expected to resolve URLs like /user/john/profile/preferences, but you are getting a 404 instead. There are two solutions to this problem:

  1. You can declare all possible endpoints: /user/{id}, /user/{id}/{level2}, /user/{id}/{level2}/{level3}, etc.
  2. You use a Wildcard

Endpoints listening to multiple methods

The method attribute defines the HTTP verb you can use with the endpoint. If you need to support multiple methods (e.g., GET, POST, DELETE) in the same endpoint, you must declare one endpoint object for each method. So if you want the same endpoint to listen to GET and POST requests, you need the following configuration:

{
  "endpoints": [
    {
      "endpoint": "/v1/users/{user}",
      "method": "GET",
      "backend": [
        {
          "url_pattern": "/users/summary/{user}",
          "method": "GET",
          "host": [
            "https://api.example.com"
          ]
        }
      ]
    },
    {
      "endpoint": "/v1/users/{user}",
      "method": "POST",
      "backend": [
        {
          "url_pattern": "/users/summary/{user}",
          "method": "POST",
          "host": [
            "https://api.example.com"
          ]
        }
      ]
    }

  ]
}
Notice that the method is declared both in the endpoint and in the backend (as they could be different).

Endpoint variables

As you can see in the examples above, endpoints can define variables in their endpoint definition. To do so, encapsulate the variable name with curly braces, like {var}.

{
  "endpoint": "/user/{id}"
}

The previous endpoint will accept requests like /user/123 or /user/A-B-C. But it won’t take a request like /user/1/2, as there is an extra slash than the definition, and KrakenD considers this to be a different endpoint.

Router rules to avoid collisions

When you declare multiple endpoints that share common prefixes, make sure that you do not declare the same route with different variable names.

For instance, you cannot have the following two endpoints coexisting:

  • endpoint: /user/{userid}
  • endpoint: /user/{iduser}/some

This will cause a panic on startup (that you can catch earlier if you run a krakend check -t -c krakend.json )

But you can have the same routes declared as:

  • endpoint: /user/{userid}
  • endpoint: /user/{userid}/some

And this will work.

Similarly you can’t do this:

  • endpoint: /v1/{domain}/user/{userid}
  • endpoint: /v1/{domain}/user/{iduser}/some

But you can declare the same route as:

  • endpoint: /v1/{domain}/user/{userid}
  • endpoint: /v1/{domain}/user/{userid}/some

Summarizing, on colliding routes, make sure to use the same variable names.

Disable RESTful checking

By default KrakenD only works with RESTful URL patterns in its endpoint definition. Enable the option disable_rest in the root of your configuration if need unrestful endpoints, e.g.: /file.{extension}

{
  "$schema": "https://www.krakend.io/schema/v2.12/krakend.json",
  "version": 3,
  "disable_rest": true,
  "endpoints": [
    {
      "endpoint": "/foo/{var}/file.{extension}",
      "backend": [
        {
          "host": [
            "http://example.com"
          ],
          "url_pattern": "/{var}.{extension}"
        }
      ]
    }
  ]
}

Automatic protocol and encoding translation

The endpoints return HTTP content to the end-user in any of the supported encodings, regardless of the type of backend you are connecting to.

If, for instance, one of the backends you are connecting to uses AMQP, Kafka, gRPC, or any other supported services, KrakenD will perform automatically for you both the protocol and the encoding translation.

Additional endpoint functionality

The extra_config entry of any endpoint can include additional components that provide further functionality. The following is the list of all components accepted under extra_config, see the linked documentation of each for more information:

Available components of an endpoint
* required fields

ai/mcp
Enterprise only. Declares the endpoint as an MCP server entrypoint
auth/api-keys object
Enterprise only. Validates that users of this endpoint pass a valid API-key containing one of the declared roles.
auth/basic object
Enterprise only. Validates the access to the endpoint using Basic Authentication.
auth/signer object
A component that cryptographically signs tokens generated by your legacy login system (without JWT signing) to be later validated by the auth/validator component.
auth/validator object
Protect endpoints from public usage by validating JWT tokens generated by any industry-standard OpenID Connect (OIDC) integration.
documentation/openapi object
Enterprise only. Documents the endpoint so you can automatically generate OpenAPI documentation through krakend openapi export command.
documentation/postman object
Enterprise only. Documents the endpoint so you can generate postman documentation automatically through the krakend postman export command.
governance/quota object
Enterprise only. Attach a quota to the endpoint, backend, or service. The quota component allows you to limit the number of requests a user can do in a given time window.
modifier/jmespath object
Enterprise only. The JMESPath is a query language that allows you to select, slice, filter, map, project, flatten, sort, and all sorts of operations on data.
modifier/lua-endpoint object
Scripting with Lua is an additional choice to extend your business logic, and is compatible with the rest of options such as CEL, Martian, or other Go plugins and middlewares.
modifier/lua-proxy object
Scripting with Lua is an additional choice to extend your business logic, and is compatible with the rest of options such as CEL, Martian, or other Go plugins and middlewares.
modifier/request-body-generator object
Enterprise only. Freely transform the request body/payload you will send to your services using a templating system.
modifier/response-body object
An alias of modifier/response-body-generator
modifier/response-body-generator object
Enterprise only. Freely transform the response body you get from your backends.
plugin/middleware object
Enterprise only. Inject your own Go middleware plugins
proxy object
Fine tune different options for the proxy phase of the API request/response flow.
qos/ratelimit/router/redis object
Enterprise only. Stateful endpoint rate limit persisted on a Redis database
qos/ratelimit/tiered object
Enterprise only. The rate limit based on tiers allows you to have multiple sets of rate limits that apply differently to users depending on their tier or sometimes called subscription plans.
security/bot-detector object
The bot detector module checks incoming connections to the gateway to determine if a bot made them, helping you detect and reject bots carrying out scraping, content theft, and form spam.
security/cors object
Define Cross-Origin Resource Sharing (CORS) configuration to send additional HTTP headers to tell browsers if they can use resources from a different origin.
security/http object
Security HTTP headers, including HSTS, HPKP, MIME-Sniffing prevention, Clickjacking protection, and others.
security/policies object
Enterprise only. A policies engine that allows you to write custom sets of policies that are validated during requests, responses, or token validation.
telemetry/opentelemetry object
Enables metrics and traces using OpenTelemetry.
validation/cel object
The Common Expression Language (CEL) middleware enables expression evaluation, when an expression returns false, KrakenD does not return the content as the condition has failed. Otherwise, if all expressions returned true, the content is served.
validation/json-schema object
Apply automatic validations using a JSON Schema definition before the content passes to the backends. The json schema component allows you to define validation rules on the body, type definition, or even validate the fields’ values.
validation/response-json-schema object
Enterprise only. Applies a JSON schema validation to the response before is sent to the end-user or before it’s merged in the endpoint with the rest of the backends.
websocket object
Enterprise only. Enables websocket communication
Schema: https://www.krakend.io/schema/v2.12/endpoint_extra_config.json

Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.

See all support channels