This host exposes internal REST API endpoints for devreler service integration. It is not intended for direct public use. All requests require a valid Bearer token issued by the authentication service.
Responses are JSON-encoded. Rate limiting and request logging are active on all routes. Access outside of configured service accounts is rejected at the gateway level.
Authentication required for all non-health endpoints. Unauthenticated requests return 401 Unauthorized.
Authentication
Method
Details
Type
Bearer token (JWT)
Header
Authorization: Bearer <token>
Expiry
3600s, renewable via /auth/refresh
Scope
Per-service, defined at token issuance
Service parameters
Parameter
Value
Protocol
HTTPS/1.1, HTTP/2
TLS
TLS 1.2 / 1.3
Response format
application/json
Rate limiting
500 req/min per token
Timeout
30s per request
Status
Operational
Endpoints
GET/health
Returns service health status. No authentication required.
POST/auth/token
Issues a JWT token for the provided service credentials.
POST/auth/refresh
Refreshes an existing non-expired token. Returns new token with reset expiry.
GET/v2/services
Returns list of registered services and their current availability status.
POST/v2/events
Publishes an event to the internal message bus. Requires events:write scope.
GET/v2/config/{service}
Returns runtime configuration for the specified service. Requires config:read scope.
DELETE/v2/sessions/{id}
Invalidates an active session by ID. Requires sessions:write scope.