If you run shiny applications and plumber APIs on a secure server behind a proxy then you probably do not need authentication. If said applications are exposed publicly then you might want to use authentication so that the metrics are not publicly accessible.
Prometheus supports basic authentication, by default it does not use any, but optionally a user and password can be specified in the
prometheus.yml so that these are used when hitting the
This means the endpoint needs to be secured with the same user and password.
Securing the endpoint¶
Use the helper function
generateBasicAuth to create a token based on a username and password. Note that the function throws a warning: this function should not be left as-is in your application or plumber API.
1 2 3 4
1 2 3
Do not use
generateBasicAuth in your application or use the
token in plain text: it exposes the password.
Once the authentication token is created it can be used in
setAuthentication. The token should not be displayed in the code as in the example below, ideally should be an environment variable or option.
1 2 3 4 5 6 7 8 9 10 11 12
Running the application above then visiting
/metrics should display
Unauthorized. Indeed, visiting the endpoint from the browser executes a simple
GET request that does not feature bear the token: it is unauthorised.
One can open a new R session and use the convenience function
getMetrics to test the endpoint. The function optionally takes a second argument, the authentication to use.
1 2 3 4
1 2 3 4 5 6 7 8
This returns the metrics as it is, unlike via the browser, authenticated.
Then one can place the username and password in the job configuration.
1 2 3 4