Multiple Endpoints Using the Same File
Product: PowerShell Universal Version: 2026.1.2
Hello,
I’m trying to create multiple endpoints off the same script but it’s giving the following error:
Endpoint already exists at path
While the error is pretty self-explanatory, is there a reason why different endpoints can’t use the same code source?
What I’m trying to accomplish is support GET requests without authentication but require auth/roles for POST or PATCH, where the code handles all three of the options rather than splitting it across multiple files and having repeat code. Is there a good way to accomplish without using multiple files?
All Comments (6)
I think you should be able to use the built in variables $Method, $Identity and $ClaimsPrincipal. Set the endpoint with no authentication then switch on $Method and set your own rules using $Identity and/or $ClaimsPrincipal for POST or PATCH.
For ease, I’d probably build two endpoints and allow Powershell Universal to handle the authentication.
Interestingly, if you don’t set Authentication = True for the endpoint, both the identity and claimsprincipal do not populate even if you supply a cred (ie -UseDefaultCredentials), so I’m unable to manually handle validating authentication.
Yes, the end goal is to basically do the following:
@{ Path = 'C:\Repo\api\v1\NamingDictionary.ps1'; URL = 'api/v1/NamingDictionary/(?<Dictionary>[A-Za-z0-9]+)/?(?<ID>[0-9]+)?'; Method = @('GET'); Environment = 'Dedicated - API - v1'; Description = "Returns naming dictionary information based on requested dictionary and optionally ID." ; Regex = $True }
@{ Path = 'C:\Repo\api\v1\NamingDictionary.ps1'; URL = 'api/v1/NamingDictionary/(?<Dictionary>[A-Za-z0-9]+)'; Method = @('POST'); Environment = 'Dedicated - API - v1'; Description = "Allows an administrator to configure a new dictionary code." ; Regex = $True; Authentication = $True; Role = @('Administrator') }
This will result in 2 endpoints, but since they use the same code file, it throws an error when running the New-PSUEndpoint with the 2nd hashtable.
Ah, yes. I remember I came across that before.
I had to create a role named Public, which basically included all users and then set Public as the security profile of the endpoint.
Is that possible if there aren’t any credentials/auths supplied in the request though? If there’s nothing to even attempt to auth with, doesn’t the API/Endpoint reject it as unauthenticated?
A further option is to store a credential under Platform > Variables vault and use that credential to authenticate against the endpoint, but if your goal is to restrict some users from using POST/PATCH, you’re going to need some form of user identification outside of authentication - which I’m not sure is possible, certainly it would be convoluted and messy.
Is there some reason authentication can’t be enabled or configured in your environment?
So the goal is to leave the read access open to anyone so we don’t have to generate keys/they don’t have to use auths to pull data that is not considered private/secure. We call it dictionary data.
Now, obviously we want to restrict who can write/modify these. This is why I was trying to configure two different endpoints, but it seems PSU throws an error when trying to use the same file for multiple endpoints.