This file contains information of use to developers wanting to integrate a Terracotta-based API into other applications.
The main sections in this document are:
- Machine-consumable endpoints
- User-facing endpoints
- Asset-serving endpoints
- Authentication
- Authorisation
There is a simple availability check endpoint at /api/ping
. This endpoint is
intended to be used by monitoring systems to check that the application is
available.
-
GET /api/ping
Returns a200 OK
response with an empty body. -
GET /api/version
Returns a200 OK
response with a JSON body containing the current version of the application.
The health check endpoints are not authenticated, and not versioned.
Statistics are available at /api/stats
.
-
GET /api/stats
Returns a200 OK
response with a JSON body containing various statistics about the API service. -
GET /api/stats/history
Returns a200 OK
response with a JSON body containing historical interval statistics about the API service. -
GET /api/stats/feed
Returns a200 OK
response with a status code of101 Switching Protocols
and theConnection
header set toUpgrade
. This will upgrade the HTTP connection to a WebSocket connection, It will then stream statistics every second in JSON format.
The statistics endpoints are not authenticated, and not versioned.
There are three main areas for which measurements are tracked and interval-based statistics are calculated. For each of the areas below, cumulative statistics are calculated for each endpoint, and for each HTTP status code returned. Average, maximum, and minimum response times plus sample count are tracked for each interval, and summarised for each period of time configured.
-
Response times
These are straightforward, being the amount of time taken to respond to a request. -
Active connections
The connection average is not a measure of connections over time. For that, the number of requests per period can be used, to work out, for instance, the number of requests per second. That's a trivial calculation. Rather, the connection average is the average number of connections in existence when the system is being used. Periods of zero activity will not affect this average — although obviously they will cause the requests per time period to fall. When each response is served, the number of active connections is sampled, and this is used for the average. This is more important than requests per second for connection monitoring, as it shows the average load profile of the system: in other words, "when the system is actively used, what is the typical number of connections". This is what the average, max, and min are measuring — and so the min will never fall below 1. The importance of these statistics is that they help ensure the system is providing what is needed when it is asked. -
Memory usage
The memory usage is the amount of memory used by the application at the end of processing each request and preparing its response. This is not a measure of the peak memory usage whilst processing the request, although if there are multiple simultaneous requests then the point of sampling will naturally coincide with some of the other requests still being processed. Rather, this is a measure at a consistent point in time, so that memory leaks can be detected.
As Terracotta is a blueprint for both web applications and APIs, it comes with a number of pre-configured endpoints that are intended for consumption by humans using a browser. These are:
-
Protected
/
: Index page
-
Public
/login
: Login page/logout
: Logout endpoint
OpenAPI documentation is available at the following endpoints:
Although Swagger is the typical choice, all three of these UIs are made available to allow for personal preference. They all allow browsing of the API functionality according to the OpenAPI schema generated from the code.
There are a number of endpoints that serve static assets. These are:
-
Protected
/*path
: Any files that exist in thecontent
folder and where the path does not match any registered endpoint
-
Public
/css/*path
: CSS files/img/*path
: Image files/js/*path
: JavaScript files/webfonts/*path
: Webfont files
At present there is no API-specific authentication mechanism, and the only available authentication is for users logging in via a browser.
Terracotta does not come with any authorisation functionality, and so it is up to the developers building upon this foundation to implement authorisation and various permissions as may be required.