Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/traefik/traefik/llms.txt

Use this file to discover all available pages before exploring further.

REST API

Traefik exposes a comprehensive REST API for querying runtime configuration, monitoring routers, services, middlewares, and more.

Overview

The Traefik API provides access to:
  • Runtime configuration of routers, services, and middlewares
  • Entry points and their configurations
  • TCP and UDP router information
  • Health and status information
  • Debug and profiling endpoints (when enabled)
The API is disabled by default and must be explicitly enabled in the static configuration.

Security Considerations

1

Never Expose Publicly

The API exposes sensitive configuration data including:
  • Service endpoints and backends
  • Middleware configurations
  • TLS certificate information
  • Provider details
Always restrict API access to internal networks only.
2

Use Authentication

Always secure the API with authentication middleware:
  • Basic Authentication
  • Digest Authentication
  • Forward Authentication
  • IP Allow Lists
3

Disable in Production

Consider disabling the API entirely in production, or exposing it only on a separate internal entry point.

Configuration

Enable the API

Enable the API in your static configuration: 
api:
  dashboard: true
  debug: false
This creates a special service api@internal that can be referenced in routers. Create a router with authentication to access the API: 
http:
  routers:
    api:
      rule: "Host(`traefik.example.com`)"
      service: api@internal
      middlewares:
        - auth
      
  middlewares:
    auth:
      basicAuth:
        users:
          - "admin:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
The router rule must match the /api path prefix. Using a Host rule is recommended as it matches all paths on that host.

Insecure Mode

For development and testing only: 
traefik --api.insecure=true
This exposes the API on the traefik entry point (default port 8080) at http://<traefik-ip>:8080/api/
Insecure mode is not recommended for production and does not support authentication middleware.

Configuration Options

dashboard
boolean
default:"true"
Enable the web dashboard UI.
api:
  dashboard: true
See Dashboard Documentation for details.
debug
boolean
default:"false"
Enable additional debug endpoints under /debug/ for profiling and diagnostics.
api:
  debug: true
Exposes Go profiling endpoints like /debug/pprof/.
insecure
boolean
default:"false"
Enable API in insecure mode on the traefik entry point.
api:
  insecure: true  # Development only!
basePath
string
default:"/"
Customize the base path for API and dashboard endpoints.
api:
  basePath: "/traefik"
This serves the API at /traefik/api and dashboard at /traefik/dashboard.

API Endpoints

All endpoints accept GET requests and return JSON responses.

HTTP Routers

GET /api/http/routers
endpoint
List all HTTP routers with their configuration and status.Response:
[
  {
    "name": "my-router@docker",
    "provider": "docker",
    "status": "enabled",
    "using": ["web"],
    "rule": "Host(`example.com`)",
    "priority": 0,
    "service": "my-service@docker",
    "middlewares": ["compress@docker"]
  }
]
GET /api/http/routers/{name}
endpoint
Get details of a specific HTTP router.Example: /api/http/routers/my-router@dockerResponse:
{
  "name": "my-router@docker",
  "provider": "docker",
  "status": "enabled",
  "using": ["web"],
  "rule": "Host(`example.com`)",
  "priority": 0,
  "service": "my-service@docker",
  "middlewares": ["compress@docker"],
  "tls": {
    "certResolver": "letsencrypt"
  }
}

HTTP Services

GET /api/http/services
endpoint
List all HTTP services.Response:
[
  {
    "name": "my-service@docker",
    "provider": "docker",
    "type": "loadbalancer",
    "status": "enabled",
    "serverStatus": {
      "http://10.0.0.1:80": "UP",
      "http://10.0.0.2:80": "UP"
    },
    "loadBalancer": {
      "servers": [
        {"url": "http://10.0.0.1:80"},
        {"url": "http://10.0.0.2:80"}
      ],
      "passHostHeader": true
    }
  }
]
GET /api/http/services/{name}
endpoint
Get details of a specific HTTP service.Example: /api/http/services/my-service@docker

HTTP Middlewares

GET /api/http/middlewares
endpoint
List all HTTP middlewares.Response:
[
  {
    "name": "compress@docker",
    "provider": "docker",
    "type": "compress",
    "status": "enabled",
    "usedBy": ["my-router@docker"]
  }
]
GET /api/http/middlewares/{name}
endpoint
Get details of a specific HTTP middleware.

TCP Routers

GET /api/tcp/routers
endpoint
List all TCP routers.Response:
[
  {
    "name": "tcp-router@file",
    "provider": "file",
    "status": "enabled",
    "using": ["mysql"],
    "rule": "HostSNI(`*.example.com`)",
    "service": "mysql-service@file"
  }
]
GET /api/tcp/routers/{name}
endpoint
Get details of a specific TCP router.

TCP Services

GET /api/tcp/services
endpoint
List all TCP services.
GET /api/tcp/services/{name}
endpoint
Get details of a specific TCP service.

TCP Middlewares

GET /api/tcp/middlewares
endpoint
List all TCP middlewares.
GET /api/tcp/middlewares/{name}
endpoint
Get details of a specific TCP middleware.

UDP Routers

GET /api/udp/routers
endpoint
List all UDP routers.
GET /api/udp/routers/{name}
endpoint
Get details of a specific UDP router.

UDP Services

GET /api/udp/services
endpoint
List all UDP services.
GET /api/udp/services/{name}
endpoint
Get details of a specific UDP service.

Entry Points

GET /api/entrypoints
endpoint
List all entry points.Response:
[
  {
    "name": "web",
    "address": ":80"
  },
  {
    "name": "websecure",
    "address": ":443"
  }
]
GET /api/entrypoints/{name}
endpoint
Get details of a specific entry point.

Overview

GET /api/overview
endpoint
Get statistical overview of routers, services, middlewares, features, and providers.Response:
{
  "http": {
    "routers": {"total": 10, "warnings": 0, "errors": 0},
    "services": {"total": 8, "warnings": 0, "errors": 0},
    "middlewares": {"total": 5, "warnings": 0, "errors": 0}
  },
  "tcp": {
    "routers": {"total": 2, "warnings": 0, "errors": 0},
    "services": {"total": 2, "warnings": 0, "errors": 0},
    "middlewares": {"total": 0, "warnings": 0, "errors": 0}
  },
  "udp": {
    "routers": {"total": 0, "warnings": 0, "errors": 0},
    "services": {"total": 0, "warnings": 0, "errors": 0}
  },
  "features": {
    "tracing": "Jaeger",
    "metrics": "Prometheus",
    "accessLog": true
  },
  "providers": ["docker", "file"]
}

Raw Data

GET /api/rawdata
endpoint
Get complete runtime configuration including all routers, services, middlewares, and their relationships.Response:
{
  "routers": {...},
  "middlewares": {...},
  "services": {...},
  "tcpRouters": {...},
  "tcpMiddlewares": {...},
  "tcpServices": {...},
  "udpRouters": {...},
  "udpServices": {...}
}

Support Dump

GET /api/support-dump
endpoint
Generate a support dump archive containing anonymized static and runtime configuration.Response: Archive file downloadUseful for troubleshooting and support requests.

Version

GET /api/version
endpoint
Get Traefik version information.Response:
{
  "version": "v3.2.0",
  "codename": "Tatooine",
  "buildDate": "2024-09-24T14:30:00Z"
}

Pagination

List endpoints support pagination using query parameters:
page
integer
default:"1"
Page number to retrieve.
per_page
integer
default:"100"
Number of results per page.
Example: 
curl "https://traefik.example.com/api/http/routers?page=2&per_page=20"
Response Headers:
  • X-Next-Page: Page number of the next page (if available)

Debug Endpoints

When api.debug=true is enabled, additional debugging endpoints are available:
GET /debug/vars
endpoint
Expvar data showing internal variables.See Go expvar documentation.
GET /debug/pprof/
endpoint
pprof index page for profiling.See Go pprof documentation.
GET /debug/pprof/cmdline
endpoint
Command line arguments.
GET /debug/pprof/profile
endpoint
CPU profile (add ?seconds=30 for duration).
GET /debug/pprof/symbol
endpoint
Symbol lookup.
GET /debug/pprof/trace
endpoint
Execution trace.
Debug endpoints should never be exposed publicly as they can expose sensitive information and impact performance.

Usage Examples

Query All HTTP Routers

curl -u admin:password https://traefik.example.com/api/http/routers | jq

Get Specific Service Details

curl -u admin:password https://traefik.example.com/api/http/services/my-service@docker | jq

Check System Overview

curl -u admin:password https://traefik.example.com/api/overview | jq '.features'

Monitor Router Status

watch -n 5 'curl -s -u admin:password https://traefik.example.com/api/http/routers | jq ".[].status"'

Export Configuration

curl -u admin:password https://traefik.example.com/api/rawdata > traefik-config.json

Source Code References

  • API Handler: pkg/api/handler.go:84-126
  • HTTP Routers: pkg/api/handler_http.go:72-127
  • Overview Endpoint: pkg/api/handler_overview.go:40-67
  • Dashboard Integration: pkg/api/dashboard/dashboard.go:66-127

Additional Resources