Catch-all proxy
A single route handler at /api/[...directusPath] forwards GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS requests. The Directus path is whatever trail comes after /api/.
Babolo internal
Directus Proxy Service
This edge-hosted Next.js app accepts every request under /api/* and forwards it to Directus using the service token stored in the environment. Clients authenticate with a Keycloak Bearer token; the proxy verifies it, applies rate limits, and injects Directus credentials on their behalf.
How routing works
Path translation
/api/items/player translates directly to {DIRECTUS_URL}/items/player (query strings are preserved). The handler only swaps the Authorization header for the Directus service token.
Automatic protections
Keycloak tokens are verified before proxying, per-subject rate limits are enforced, and CORS headers echo the caller origin so browser-based tools can talk to the proxy.
Using the proxy
1. Configure env vars
Copy .env.example to .env.local (or your deployment secret store) and fill in KEYCLOAK_* plus DIRECTUS_* values.
2. Issue requests
Send requests to /api/<any-directus-endpoint> with a Bearer Keycloak access token. The body and query parameters are streamed directly to Directus.
3. Inspect headers
Responses include standard X-RateLimit-* headers so you can monitor client consumption. Retry-After is present whenever a caller is throttled.