Endpoints
All operational and health endpoints exposed by IdentityScribe. For guidance on using these in practice, see Health and Monitoring.
Health probes
Section titled “Health probes”Kubernetes-style (plain text)
Section titled “Kubernetes-style (plain text)”| Path | Description |
|---|---|
/livez | Liveness — is the process alive? |
/readyz | Readiness — can it serve traffic? |
/startedz | Startup — have services initialized? |
/healthz | Combined — all health checks |
Append ?verbose for detailed output.
MicroProfile (JSON)
Section titled “MicroProfile (JSON)”| Path | Description |
|---|---|
/observe/health | Combined health |
/observe/health/live | Liveness probe |
/observe/health/ready | Readiness probe |
/observe/health/started | Startup probe |
/observe/health/check/{name} | Individual check by name |
Metrics
Section titled “Metrics”| Path | Description |
|---|---|
/metrics | Prometheus scrape endpoint (OpenTelemetry-backed) |
The root path / no longer serves metrics — use /metrics explicitly.
Observe API (/observe/*)
Section titled “Observe API (/observe/*)”These endpoints expose on-demand insights as cached JSON. They cover data that would explode metrics cardinality if exposed as Prometheus gauges.
| Path | Description |
|---|---|
/observe | OpenAPI documentation (HTML UI + JSON/YAML spec) |
/observe/status | Basic status |
/observe/channels | Channel and socket discovery with runtime bindings |
/observe/config | Resolved configuration (passwords redacted) |
/observe/doctor | Health report with threshold checks and recommendations |
/observe/services | Service lifecycle status (state, uptime, failures) |
/observe/pressure | Saturation metrics (queue/task/memory pressure) |
/observe/signals | Golden signals summary |
/observe/indexes | Index build status |
/observe/hints | Persisted query hints |
/observe/signatures | Query signatures |
/observe/stats/queries | Slow query analysis (requires pg_stat_statements) |
/observe/stats/values | Value size statistics per entry type and attribute |
/observe/stats/entries | Entry blob size percentiles per entry type |
/observe/stats/events | Event rate windows (dashboard-friendly buckets) |
/observe/stats/ingest | Ingest lag and checkpoint positions |
/observe/mcp | MCP server for AI assistants (see MCP Channel) |
Use /observe for interactive API docs. For machine-readable status, use /observe/status.
Endpoint details
Section titled “Endpoint details”Channels (/observe/channels)
Section titled “Channels (/observe/channels)”Returns enabled channels, sockets, and runtime bindings. Useful for service discovery and debugging port assignments.
{ "channels": { "ldap": { "enabled": true, "running": true, "bindings": [ { "host": "0.0.0.0", "configuredPort": 0, "actualPort": 10389, "ssl": false, "url": "ldap://0.0.0.0:10389" } ] }, "rest": { "enabled": true, "sockets": ["@default"], "basePath": "/api" } }, "sockets": { "@default": { "host": "0.0.0.0", "configuredPort": 8080, "actualPort": 8080, "ssl": false, "url": "http://localhost:8080" } }, "request": { "socket": "@default", "host": "localhost", "port": 8080, "scheme": "http" }}channels.ldap.bindings[].actualPort— the runtime-assigned port (matters whenconfiguredPortis 0)sockets.<name>.url— auto-generated base URL (proxy-aware for the current socket viaX-Forwarded-*headers)request— shows how the current request’s host and scheme were detected
Config (/observe/config)
Section titled “Config (/observe/config)”Returns resolved configuration with all password fields replaced by <REDACTED>. Equivalent to the --printconfig CLI flag, but accessible at runtime.
| Accept Header | Response |
|---|---|
application/json (default) | JSON with config and timestamp fields |
text/plain | Raw HOCON text |
# Plain textcurl -H "Accept: text/plain" http://localhost:8080/observe/configConfig is computed once on first request. Responses include Cache-Control: max-age=3600, private. The response excludes JVM internal paths (java.*, jdk.*, sun.*, org.graalvm.*).
Services (/observe/services)
Section titled “Services (/observe/services)”Returns per-service status with uptime, startup duration, tags, and failure causes.
{ "services": [ { "id": "Scribe.user", "name": "Scribe", "state": "running", "healthy": true, "uptime_seconds": 3600, "startup_seconds": 2.5 }, { "id": "Database.System", "name": "Database.System", "state": "failed", "healthy": false, "failure": "Connection refused" } ], "summary": { "total": 8, "healthy": 7, "unhealthy": 1, "restarts_5m": 3 }}Doctor (/observe/doctor)
Section titled “Doctor (/observe/doctor)”Returns threshold-based health checks, per-service status, and actionable recommendations. The services.down check names which services are down by ID. The recommendations array contains prioritized hints.
Pressure (/observe/pressure)
Section titled “Pressure (/observe/pressure)”Returns saturation metrics with per-entry-type breakdown. The query_permit_queue field counts threads waiting for query permits — non-zero values indicate contention. Omits metrics with non-finite values (e.g., task pressure before any tasks complete).
Stats endpoints
Section titled “Stats endpoints”The /observe/stats/* endpoints execute direct database queries. They’re designed for investigation and dashboard population, not continuous scraping.
Caching: Two tiers protect the database:
- In-process cache (30s TTL) for
/values,/entries,/ingest - HTTP
Cache-Control: max-age=30, privateon all responses /eventsuses client-side caching only (parameterized bysince)
Row limits: Queries return at most 100 rows by default.
since parameter (/observe/stats/events):
- ISO-8601 timestamps:
2026-01-01T00:00:00Z - Duration strings:
1h,24h,7d - Invalid input returns 400 (future timestamps, negative durations, unparseable values)
Precision: Numeric byte fields (avgBytes, p50Bytes, etc.) use double to preserve fractional values.