API Design
The MATIH Platform exposes a consistent, well-structured API surface across all 24 microservices. Every API follows shared conventions for URL structure, request/response formats, authentication, error handling, and rate limiting. These conventions are enforced through the commons-java and commons-python shared libraries.
API Surface Overview
| Plane | Services | Base URL Pattern | Protocol |
|---|---|---|---|
| Control Plane | 10 services | /api/v1/:resource | REST/JSON |
| Data Plane (Java) | 7 services | /api/v1/:resource | REST/JSON |
| Data Plane (Python) | 6 services | /api/v1/:resource | REST/JSON |
| Data Plane (Node.js) | 1 service | /api/v1/:resource | REST/JSON |
All APIs are routed through the Kong API Gateway (port 8080), which handles authentication, rate limiting, and request routing before traffic reaches backend services.
API Sections
| Section | Description |
|---|---|
| REST Conventions | URL patterns, HTTP methods, query parameters, pagination |
| Error Handling | Error response structure, error codes, exception handling |
| Authentication | JWT tokens, API keys, service-to-service auth |
| Rate Limiting | Per-tenant rate limits, quota enforcement, throttling |
Common Patterns
Response Envelope
All APIs return responses in a consistent envelope format:
{
"success": true,
"data": { },
"metadata": {
"timestamp": "2026-02-12T10:30:00Z",
"requestId": "abc-123",
"version": "v1"
}
}Authentication
Every authenticated request must include a valid JWT token:
Authorization: Bearer <access_token>The gateway extracts the tenant_id claim from the JWT and injects it as the X-Tenant-ID header for downstream services.
Content Type
All request and response bodies use JSON:
Content-Type: application/json
Accept: application/jsonGateway Routing
The Kong API Gateway routes requests to backend services based on URL prefix:
| URL Prefix | Target Service |
|---|---|
/api/v1/auth/* | iam-service:8081 |
/api/v1/tenants/* | tenant-service:8082 |
/api/v1/config/* | config-service:8888 |
/api/v1/query/* | query-engine:8080 |
/api/v1/ai/* | ai-service:8000 |
/api/v1/ml/* | ml-service:8000 |
/api/v1/bi/* | bi-service:8084 |
/api/v1/catalog/* | catalog-service:8086 |
/api/v1/pipelines/* | pipeline-service:8092 |
Related Sections
- Data Flow -- Request lifecycle through the API layer
- Service Topology -- Service communication patterns
- Security: Authentication -- Full authentication architecture