MATIH Platform is in active MVP development. Documentation reflects current implementation status.
15. Workbench Architecture
Authentication & API Client

Authentication and API Client

The MATIH API client architecture is built on the native Fetch API with httpOnly cookie authentication, CSRF protection, automatic retries with exponential backoff, configurable timeouts, and unified pagination normalization across Java (Spring Boot) and Python (FastAPI) backends. The base ApiClient class at frontend/shared/src/api/client.ts serves as the foundation for 16 domain-specific service clients.

Base API Client

Configuration

interface ApiConfig {
  baseUrl: string;
  tenantId: string;
  userId?: string;
  accessToken?: string;           // @deprecated - use httpOnly cookies
  onUnauthorized?: () => void;
  withCredentials?: boolean;       // Default: true
  timeout?: number;                // Default: 30000ms
  retries?: number;                // Default: 2
}

Authentication Model

The API client uses httpOnly cookies for authentication. Tokens are set by the backend and sent automatically with credentials: 'include'. CSRF protection is provided via the X-XSRF-TOKEN header extracted from a cookie set by the backend.

Retry Strategy

Automatic retries with exponential backoff for 5xx and 429 responses:

AttemptDelay
1st retry1000ms
2nd retry2000ms
3rd retry4000ms

Unified Pagination

The normalizePagedResponse function handles pagination differences between Spring Boot (content/totalElements) and FastAPI (items/total) backends, plus cursor-based pagination.

Service Client Modules

ClientBackend ServicePortKey Operations
BIApiClientbi-service8084Dashboards, widgets, filters, exports
QueryApiClientquery-engine8080SQL execution, query history
SemanticApiClientsemantic-layer8086Models, entities, metrics
AIApiClientai-service8000Chat sessions, agent execution
MLApiClientml-service8000Experiments, models, deployments
DataApiClientcatalog-service8086Assets, lineage, quality
PipelineApiClientpipeline-service8092Pipeline CRUD, runs
DbtApiClientpipeline-service8092dbt projects, models, runs
DataQualityApiClientdata-quality-service8000Rules, profiles, SLA
GovernanceApiClientgovernance-service8080Policies, access requests
OntologyApiClientontology-service8101Object types, properties
RenderApiClientrender-service8098PDF/PNG export
OpsAgentApiClientops-agent-service8080Chat, actions, health
AgentStudioApiClientai-service8000Templates, configs
NotificationApiClientnotification-service8085Notifications, channels
BillingApiClientbilling-service8087Plans, subscriptions, invoices

Singleton Pattern

let apiClientInstance: ApiClient | null = null;
 
export function initializeApiClient(config: ApiConfig): ApiClient {
  apiClientInstance = new ApiClient(config);
  return apiClientInstance;
}
 
export function getApiClient(): ApiClient {
  if (!apiClientInstance) {
    throw new Error('API client not initialized.');
  }
  return apiClientInstance;
}

For detailed API client internals, see Shared Library - API Clients.

State ManagementOverview