Skip to main content

Is there a difference between sending parameters to an endpoint by making a request via a query from the frontend and setting them through Kuroco management screen?

There are two ways to set parameters for endpoints.

  • Make a request with a query from the front-end.
  • Set on the Kuroco admin panel.

Each feature is explained below. Please select the most suitable method according to your usage.

Make a request with a query from the front-end

You can dynamically change the response from your endpoint by requesting it with a query.

Image (fetched from Gyazo) The filter parameter in Implementing a search function and the ?_lang=en parameter in Building a multi-language website with Kuroco and Nuxt.js is set using this method, and the display is changed on the same page.

Set on the Kuroco admin panel

Click [Update] on the API page and set in [Endpoint settings].

Image from Gyazo

Once a parameter is set on the administration screen, it cannot be changed by the user (or by external parties). For parameters that you want to keep fixed or parameters that you do not want to be changed due to security concerns, please set them in the Kuroco management screen.


Basically, the parameters specified in the API settings cannot be overwritten by external requests. However, there are some parameters and settings that can be overwritten for the purpose of further narrowing down search conditions.
Example) The cnt parameter that specifies the number of items to display in the list can be overwritten.

For example, if you create an endpoint like POST .../form/${form_id} as an inquiry form, users can send it with any parameters. Then, data can be sent to any of the following forms (ID=1/3/4), which poses a security problem.

Image from Gyazo

In such a case, create separate endpoints for each form to be published and set the form ID in the management screen.

For example, by setting as follows, the form with form_id 1 cannot be freely used by the user, thus removing the security risk.

  • POST .../form/bug_report -> form_id fixed at 3
  • POST .../form/inquiry -> form_id fixed at 4


The difference between the two methods is whether the user can change the parameters or not.

The method of making a request with a query from the front end is suitable when you want to assign parameters dynamically, and the method of setting on the Kuroco management screen is suitable when you want to fix parameters for security reasons. Please set according to the purpose.


If you have any other questions, please contact us or check out Our Slack Community.