First-Time Configuration
After deploying the MATIH Platform (either locally or in the cloud), you need to perform initial configuration to make the platform operational. This includes creating the first platform administrator, setting up an initial tenant, configuring data source connections, and verifying that all services can communicate.
Configuration Order
Follow these steps in order:
| Step | Action | API/Tool |
|---|---|---|
| 1 | Register the platform administrator | Auth API |
| 2 | Create the first tenant | Tenant API |
| 3 | Configure platform settings | Config Service |
| 4 | Connect a data source | Query Engine API |
| 5 | Verify service communication | Platform Status |
| 6 | Set up observability | Grafana dashboards |
Step 1: Register the Platform Administrator
The first user registered becomes the platform's super administrator.
Local Development
curl -X POST http://localhost:8081/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "admin@matih.local",
"password": "SecureP@ssw0rd!",
"firstName": "Platform",
"lastName": "Administrator"
}'Cloud Deployment
# Replace with your platform's API gateway URL
PLATFORM_URL="https://api.matih.ai"
curl -X POST ${PLATFORM_URL}/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "admin@your-company.com",
"password": "SecureP@ssw0rd!",
"firstName": "Platform",
"lastName": "Administrator"
}'Save the access token from the response:
{
"accessToken": "eyJhbGciOiJIUzI1NiJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9...",
"tokenType": "Bearer",
"expiresIn": 900
}# Store the token for subsequent requests
export ACCESS_TOKEN="eyJhbGciOiJIUzI1NiJ9..."Step 2: Create the First Tenant
Create a tenant organization for your first users:
curl -X POST ${PLATFORM_URL:-http://localhost:8082}/api/v1/tenants \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"name": "ACME Corporation",
"slug": "acme-corp",
"plan": "enterprise",
"settings": {
"maxUsers": 100,
"dataRetentionDays": 365,
"features": {
"aiService": true,
"mlService": true,
"biService": true,
"dataQuality": true
}
},
"adminUser": {
"email": "admin@acme.com",
"firstName": "Tenant",
"lastName": "Admin"
}
}'The tenant provisioning process:
- Creates a Kubernetes namespace (
tenant-acme-corp) - Deploys data plane services into the namespace
- Creates tenant-specific secrets
- Configures network policies
- Sets up resource quotas
- Returns the tenant configuration
{
"id": "tenant-uuid",
"slug": "acme-corp",
"status": "ACTIVE",
"namespace": "tenant-acme-corp",
"endpoints": {
"api": "https://acme.matih.ai/api",
"websocket": "wss://acme.matih.ai/ws"
}
}Step 3: Configure Platform Settings
Configure the Config Service
The Config Service (Spring Cloud Config) provides centralized configuration for all services:
# Check current configuration
curl http://localhost:8888/api/v1/config/ai-service/default \
-H "Authorization: Bearer ${ACCESS_TOKEN}"Set LLM Provider Configuration
Configure the AI service's LLM provider:
curl -X PUT ${PLATFORM_URL:-http://localhost:8082}/api/v1/tenants/acme-corp/settings \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"aiService": {
"llmProvider": "openai",
"model": "gpt-4o",
"temperature": 0.1,
"maxTokens": 4096,
"streamingEnabled": true
}
}'Configure Notification Channels
Set up notification delivery:
curl -X POST ${PLATFORM_URL:-http://localhost:8085}/api/v1/notifications/channels \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"type": "email",
"config": {
"smtpHost": "smtp.your-provider.com",
"smtpPort": 587,
"useTls": true,
"fromAddress": "platform@your-company.com"
}
}'Step 4: Connect a Data Source
Register a data source that the AI and BI services can query:
# Register a PostgreSQL data source
curl -X POST ${PLATFORM_URL:-http://localhost:8082}/api/v1/tenants/acme-corp/datasources \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Analytics",
"type": "postgresql",
"connection": {
"host": "analytics-db.acme-internal.com",
"port": 5432,
"database": "analytics",
"schema": "public",
"sslMode": "require"
},
"credentialSecret": "acme-corp-analytics-db-credentials"
}'Supported Data Sources
| Type | Connection String Format |
|---|---|
| PostgreSQL | postgresql://host:5432/database |
| MySQL | mysql://host:3306/database |
| StarRocks | starrocks://host:9030/database |
| Snowflake | snowflake://account.region/database |
| BigQuery | bigquery://project/dataset |
| Redshift | redshift://host:5439/database |
Verify Data Source Connectivity
curl -X POST ${PLATFORM_URL:-http://localhost:8082}/api/v1/tenants/acme-corp/datasources/test \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"datasourceId": "ds-uuid"
}'Expected response:
{
"status": "CONNECTED",
"latencyMs": 45,
"version": "PostgreSQL 16.1",
"schemas": ["public", "analytics"],
"tableCount": 42
}Step 5: Verify Service Communication
Check that all services can communicate with each other:
# Check platform status
./scripts/tools/platform-status.shManual Service Verification
| Service | Health Check | Expected Response |
|---|---|---|
| IAM Service | curl http://localhost:8081/actuator/health | {"status": "UP"} |
| Tenant Service | curl http://localhost:8082/actuator/health | {"status": "UP"} |
| Config Service | curl http://localhost:8888/actuator/health | {"status": "UP"} |
| AI Service | curl http://localhost:8000/health | {"status": "healthy"} |
| API Gateway | curl http://localhost:8080/actuator/health | {"status": "UP"} |
Verify Inter-Service Communication
# Test that the AI service can reach the query engine
curl http://localhost:8000/api/v1/health/dependencies \
-H "Authorization: Bearer ${ACCESS_TOKEN}"{
"status": "healthy",
"dependencies": {
"database": "connected",
"redis": "connected",
"kafka": "connected",
"queryEngine": "connected"
}
}Step 6: Set Up Observability
Access Grafana
In a local development environment:
# Port-forward to Grafana (if running in Kubernetes)
kubectl port-forward svc/grafana 3000:3000 -n matih-monitoringDefault Grafana credentials:
- Username:
admin - Password: Retrieved from Kubernetes secret
grafana-admin-credentials
Import MATIH Dashboards
The platform includes pre-built Grafana dashboards:
| Dashboard | Purpose |
|---|---|
| Platform Overview | Service health, request rates, error rates |
| AI Service | Agent orchestration, LLM latency, token usage |
| Query Engine | Query execution time, cache hit rates |
| Tenant Metrics | Per-tenant resource usage, request volumes |
| Infrastructure | Kubernetes node health, pod resource usage |
Configure Alerting
Set up alert rules for critical metrics:
| Alert | Condition | Severity |
|---|---|---|
| Service Down | Health check fails for 2 minutes | Critical |
| High Error Rate | Error rate exceeds 5% for 5 minutes | Warning |
| High Latency | P95 latency exceeds 2 seconds | Warning |
| Disk Usage | Persistent volume above 80% | Warning |
| Certificate Expiry | TLS certificate expires within 30 days | Warning |
Initial Configuration Checklist
| Task | Status | Notes |
|---|---|---|
| Platform administrator registered | Save the access token | |
| First tenant created | Note the tenant slug | |
| LLM provider configured | OpenAI API key in secrets | |
| Data source connected | Test connectivity | |
| Service health verified | All services reporting UP | |
| Grafana dashboards accessible | Import pre-built dashboards | |
| Notification channels configured | Email or webhook |
Next Steps
- Proceed to Verifying the Deployment for comprehensive validation
- Ready to explore? Start the Quickstart Tutorials