Complete API Reference
This section provides a comprehensive reference for every REST API endpoint exposed by the MATIH Enterprise Platform. Endpoints are organized by service, grouped into Control Plane and Data Plane categories. Each endpoint listing includes the HTTP method, path, description, authentication requirements, and example request/response payloads.
API Conventions
All MATIH APIs follow consistent conventions across every service.
Base URL Pattern
# Control Plane services (via API Gateway)
https://{domain}/api/v1/{service-prefix}/{resource}
# Data Plane services (via tenant ingress)
https://{tenant}.{domain}/api/v1/{resource}
# Direct service access (within cluster)
http://{service}.{namespace}.svc.cluster.local:{port}/api/v1/{resource}Authentication
Every API request (except health checks and public endpoints) requires a valid JWT bearer token in the Authorization header:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...Tokens are obtained from the IAM Service authentication endpoints and contain tenant context, user identity, and role claims.
Common Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer token from IAM Service |
X-Tenant-ID | Conditional | Tenant identifier; required for data plane APIs |
X-Request-ID | No | Client-generated correlation ID for tracing |
Content-Type | Yes (POST/PUT/PATCH) | Always application/json unless uploading files |
Accept | No | Defaults to application/json |
X-Idempotency-Key | No | Idempotency key for mutating operations |
Pagination
All list endpoints support cursor-based or offset-based pagination:
{
"data": [...],
"pagination": {
"page": 1,
"size": 20,
"total": 145,
"totalPages": 8,
"hasNext": true,
"hasPrevious": false
}
}Query parameters: ?page=1&size=20&sort=created_at&order=desc
Standard Error Response
{
"error": {
"code": "MATIH-IAM-1001",
"message": "Authentication token has expired",
"details": "Token expiry: 2026-02-12T10:00:00Z, Current time: 2026-02-12T12:30:00Z",
"timestamp": "2026-02-12T12:30:00.000Z",
"requestId": "req-abc123",
"path": "/api/v1/users/me"
}
}Rate Limiting
All endpoints are subject to rate limiting. Rate limit information is returned in response headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Epoch timestamp when the window resets |
Retry-After | Seconds to wait (returned with 429 responses) |
Control Plane Services
IAM Service (Port 8081)
The Identity and Access Management Service handles authentication, authorization, user management, multi-factor authentication, OAuth2 provider integration, and SCIM provisioning.
Authentication Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/auth/login | Authenticate with email and password | Public |
POST | /api/v1/auth/refresh | Refresh an expired access token | Refresh Token |
POST | /api/v1/auth/logout | Invalidate the current session | Bearer |
POST | /api/v1/auth/forgot-password | Initiate password reset flow | Public |
POST | /api/v1/auth/reset-password | Complete password reset with token | Public |
POST | /api/v1/auth/change-password | Change password for authenticated user | Bearer |
POST | /api/v1/auth/verify-email | Verify email address with token | Public |
GET | /api/v1/auth/session | Get current session information | Bearer |
Login Request Example:
POST /api/v1/auth/login
Content-Type: application/json
{
"email": "admin@acme.matih.ai",
"password": "********",
"tenantSlug": "acme"
}Login Response Example:
{
"accessToken": "eyJhbGciOiJSUzI1NiIs...",
"refreshToken": "eyJhbGciOiJSUzI1NiIs...",
"tokenType": "Bearer",
"expiresIn": 3600,
"user": {
"id": "usr-a1b2c3d4",
"email": "admin@acme.matih.ai",
"firstName": "Jane",
"lastName": "Admin",
"roles": ["TENANT_ADMIN", "DATA_ENGINEER"],
"tenantId": "tnt-xyz789"
}
}Multi-Factor Authentication Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/auth/mfa/setup | Initialize MFA setup (returns QR code) | Bearer |
POST | /api/v1/auth/mfa/verify | Verify MFA code during setup | Bearer |
POST | /api/v1/auth/mfa/challenge | Submit MFA challenge during login | MFA Token |
DELETE | /api/v1/auth/mfa/disable | Disable MFA for current user | Bearer + MFA |
GET | /api/v1/auth/mfa/recovery-codes | Generate recovery codes | Bearer + MFA |
POST | /api/v1/auth/mfa/recovery | Authenticate with recovery code | MFA Token |
OAuth2 / SSO Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/auth/oauth2/authorize/{provider} | Initiate OAuth2 flow (Google, Azure AD, Okta) | Public |
POST | /api/v1/auth/oauth2/callback/{provider} | Handle OAuth2 callback | Public |
GET | /api/v1/auth/saml/metadata | SAML SP metadata document | Public |
POST | /api/v1/auth/saml/acs | SAML Assertion Consumer Service | Public |
GET | /api/v1/auth/oauth2/providers | List configured OAuth2 providers | Bearer (Admin) |
POST | /api/v1/auth/oauth2/providers | Register a new OAuth2 provider | Bearer (Admin) |
PUT | /api/v1/auth/oauth2/providers/{id} | Update an OAuth2 provider | Bearer (Admin) |
DELETE | /api/v1/auth/oauth2/providers/{id} | Remove an OAuth2 provider | Bearer (Admin) |
SCIM 2.0 Provisioning Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/scim/v2/Users | List SCIM users | SCIM Bearer |
GET | /api/v1/scim/v2/Users/{id} | Get SCIM user by ID | SCIM Bearer |
POST | /api/v1/scim/v2/Users | Create a SCIM user | SCIM Bearer |
PUT | /api/v1/scim/v2/Users/{id} | Replace a SCIM user | SCIM Bearer |
PATCH | /api/v1/scim/v2/Users/{id} | Partial update of a SCIM user | SCIM Bearer |
DELETE | /api/v1/scim/v2/Users/{id} | Deactivate a SCIM user | SCIM Bearer |
GET | /api/v1/scim/v2/Groups | List SCIM groups | SCIM Bearer |
POST | /api/v1/scim/v2/Groups | Create a SCIM group | SCIM Bearer |
PATCH | /api/v1/scim/v2/Groups/{id} | Update SCIM group membership | SCIM Bearer |
GET | /api/v1/scim/v2/ServiceProviderConfig | SCIM service provider configuration | Public |
GET | /api/v1/scim/v2/Schemas | List supported SCIM schemas | Public |
User Management Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/users | List users in tenant | Bearer (Admin) |
GET | /api/v1/users/{id} | Get user by ID | Bearer |
POST | /api/v1/users | Create a new user | Bearer (Admin) |
PUT | /api/v1/users/{id} | Update user profile | Bearer |
DELETE | /api/v1/users/{id} | Deactivate user | Bearer (Admin) |
GET | /api/v1/users/me | Get current user profile | Bearer |
PUT | /api/v1/users/me | Update current user profile | Bearer |
GET | /api/v1/users/{id}/roles | List roles assigned to user | Bearer (Admin) |
POST | /api/v1/users/{id}/roles | Assign roles to user | Bearer (Admin) |
DELETE | /api/v1/users/{id}/roles/{roleId} | Remove role from user | Bearer (Admin) |
Role and Permission Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/roles | List all roles | Bearer |
GET | /api/v1/roles/{id} | Get role details with permissions | Bearer |
POST | /api/v1/roles | Create a custom role | Bearer (Admin) |
PUT | /api/v1/roles/{id} | Update a role | Bearer (Admin) |
DELETE | /api/v1/roles/{id} | Delete a custom role | Bearer (Admin) |
GET | /api/v1/permissions | List all permissions | Bearer |
GET | /api/v1/roles/{id}/permissions | List permissions for a role | Bearer |
POST | /api/v1/roles/{id}/permissions | Add permissions to a role | Bearer (Admin) |
Tenant Service (Port 8082)
The Tenant Service manages tenant lifecycle, data source connectors, billing integration, tenant settings, and DNS provisioning.
Tenant Lifecycle Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/tenants | List all tenants (platform admin) | Bearer (Platform Admin) |
GET | /api/v1/tenants/{id} | Get tenant details | Bearer (Tenant Admin) |
POST | /api/v1/tenants | Create (provision) a new tenant | Bearer (Platform Admin) |
PUT | /api/v1/tenants/{id} | Update tenant settings | Bearer (Tenant Admin) |
DELETE | /api/v1/tenants/{id} | Deprovision a tenant | Bearer (Platform Admin) |
POST | /api/v1/tenants/{id}/activate | Activate a provisioned tenant | Bearer (Platform Admin) |
POST | /api/v1/tenants/{id}/suspend | Suspend a tenant | Bearer (Platform Admin) |
GET | /api/v1/tenants/{id}/status | Get provisioning status | Bearer (Admin) |
GET | /api/v1/tenants/{id}/health | Tenant health summary | Bearer (Admin) |
Create Tenant Request Example:
POST /api/v1/tenants
Content-Type: application/json
{
"name": "Acme Corporation",
"slug": "acme",
"plan": "ENTERPRISE",
"region": "eastus2",
"adminEmail": "admin@acme.com",
"settings": {
"maxUsers": 500,
"maxConnectors": 50,
"gpuEnabled": true,
"dedicatedIngress": true
}
}Connector Management Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/tenants/{id}/connectors | List connectors for tenant | Bearer |
GET | /api/v1/tenants/{id}/connectors/{connectorId} | Get connector details | Bearer |
POST | /api/v1/tenants/{id}/connectors | Register a new connector | Bearer (Admin) |
PUT | /api/v1/tenants/{id}/connectors/{connectorId} | Update connector configuration | Bearer (Admin) |
DELETE | /api/v1/tenants/{id}/connectors/{connectorId} | Remove a connector | Bearer (Admin) |
POST | /api/v1/tenants/{id}/connectors/{connectorId}/test | Test connector connectivity | Bearer |
POST | /api/v1/tenants/{id}/connectors/{connectorId}/sync | Trigger metadata sync | Bearer |
GET | /api/v1/tenants/{id}/connectors/{connectorId}/status | Get sync status | Bearer |
Billing and Settings Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/tenants/{id}/billing | Get billing summary | Bearer (Admin) |
GET | /api/v1/tenants/{id}/billing/usage | Get detailed usage breakdown | Bearer (Admin) |
GET | /api/v1/tenants/{id}/billing/invoices | List invoices | Bearer (Admin) |
GET | /api/v1/tenants/{id}/billing/invoices/{invoiceId} | Get invoice details | Bearer (Admin) |
PUT | /api/v1/tenants/{id}/settings | Update tenant settings | Bearer (Admin) |
GET | /api/v1/tenants/{id}/settings | Get tenant settings | Bearer (Admin) |
PUT | /api/v1/tenants/{id}/limits | Update resource limits | Bearer (Platform Admin) |
DNS and Ingress Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/tenants/{id}/dns/zone | Create DNS zone for tenant | Bearer (Platform Admin) |
GET | /api/v1/tenants/{id}/dns/zone | Get DNS zone details | Bearer (Admin) |
DELETE | /api/v1/tenants/{id}/dns/zone | Delete DNS zone | Bearer (Platform Admin) |
POST | /api/v1/tenants/{id}/ingress | Create tenant ingress | Bearer (Platform Admin) |
GET | /api/v1/tenants/{id}/ingress | Get ingress configuration | Bearer (Admin) |
POST | /api/v1/tenants/{id}/certificates | Provision TLS certificate | Bearer (Platform Admin) |
Config Service (Port 8888)
The Config Service manages centralized configuration, feature flags, and marketplace definitions.
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/config/{application}/{profile} | Get configuration for application and profile | Bearer |
GET | /api/v1/config/{application}/{profile}/{label} | Get configuration for specific label/branch | Bearer |
POST | /api/v1/config/refresh | Refresh configuration cache | Bearer (Admin) |
GET | /api/v1/feature-flags | List all feature flags | Bearer |
GET | /api/v1/feature-flags/{key} | Get feature flag value | Bearer |
PUT | /api/v1/feature-flags/{key} | Update feature flag | Bearer (Admin) |
POST | /api/v1/feature-flags | Create a new feature flag | Bearer (Admin) |
DELETE | /api/v1/feature-flags/{key} | Delete feature flag | Bearer (Admin) |
GET | /api/v1/marketplace/templates | List marketplace templates | Bearer |
GET | /api/v1/marketplace/connectors | List marketplace connectors | Bearer |
GET | /api/v1/marketplace/extensions | List marketplace extensions | Bearer |
Audit Service (Port 8086)
The Audit Service captures and queries audit trail events for compliance and forensics.
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/audit/events | Query audit events (with filters) | Bearer (Auditor) |
GET | /api/v1/audit/events/{id} | Get audit event details | Bearer (Auditor) |
GET | /api/v1/audit/events/export | Export audit events (CSV/JSON) | Bearer (Auditor) |
GET | /api/v1/audit/users/{userId}/events | Get events for a specific user | Bearer (Auditor) |
GET | /api/v1/audit/resources/{resourceType}/{resourceId} | Get events for a specific resource | Bearer (Auditor) |
GET | /api/v1/audit/compliance/reports | List compliance reports | Bearer (Admin) |
POST | /api/v1/audit/compliance/reports | Generate a compliance report | Bearer (Admin) |
GET | /api/v1/audit/compliance/reports/{id} | Get compliance report | Bearer (Admin) |
GET | /api/v1/audit/retention/policies | List retention policies | Bearer (Admin) |
PUT | /api/v1/audit/retention/policies/{id} | Update retention policy | Bearer (Admin) |
Audit Event Query Example:
GET /api/v1/audit/events?action=LOGIN&startDate=2026-02-01&endDate=2026-02-12&userId=usr-123&page=1&size=50Billing Service (Port 8087)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/billing/usage | Get platform-wide usage summary | Bearer (Platform Admin) |
GET | /api/v1/billing/usage/tenants/{tenantId} | Get tenant usage details | Bearer (Admin) |
GET | /api/v1/billing/usage/tenants/{tenantId}/breakdown | Detailed cost breakdown by service | Bearer (Admin) |
GET | /api/v1/billing/invoices | List all invoices | Bearer (Platform Admin) |
GET | /api/v1/billing/invoices/{id} | Get invoice detail | Bearer (Admin) |
POST | /api/v1/billing/invoices/{id}/finalize | Finalize a draft invoice | Bearer (Platform Admin) |
GET | /api/v1/billing/plans | List available plans | Public |
GET | /api/v1/billing/plans/{id} | Get plan details | Public |
POST | /api/v1/billing/metering/events | Submit a metering event (internal) | Service Token |
GET | /api/v1/billing/metering/summary | Get metering summary | Bearer (Admin) |
GET | /api/v1/billing/budgets/{tenantId} | Get budget for tenant | Bearer (Admin) |
PUT | /api/v1/billing/budgets/{tenantId} | Set budget for tenant | Bearer (Admin) |
GET | /api/v1/billing/alerts | List billing alerts | Bearer (Admin) |
Notification Service (Port 8085)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/notifications | List notifications for current user | Bearer |
GET | /api/v1/notifications/{id} | Get notification details | Bearer |
PUT | /api/v1/notifications/{id}/read | Mark notification as read | Bearer |
PUT | /api/v1/notifications/read-all | Mark all notifications as read | Bearer |
DELETE | /api/v1/notifications/{id} | Delete a notification | Bearer |
GET | /api/v1/notifications/channels | List notification channels | Bearer |
POST | /api/v1/notifications/channels | Create notification channel (Slack, email, webhook) | Bearer (Admin) |
PUT | /api/v1/notifications/channels/{id} | Update notification channel | Bearer (Admin) |
DELETE | /api/v1/notifications/channels/{id} | Delete notification channel | Bearer (Admin) |
POST | /api/v1/notifications/channels/{id}/test | Test notification channel | Bearer (Admin) |
GET | /api/v1/notifications/templates | List notification templates | Bearer (Admin) |
POST | /api/v1/notifications/templates | Create notification template | Bearer (Admin) |
PUT | /api/v1/notifications/templates/{id} | Update notification template | Bearer (Admin) |
GET | /api/v1/notifications/preferences | Get user notification preferences | Bearer |
PUT | /api/v1/notifications/preferences | Update user notification preferences | Bearer |
Observability API (Port 8088)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/observability/metrics | Query Prometheus metrics | Bearer |
GET | /api/v1/observability/metrics/services/{service} | Get metrics for a specific service | Bearer |
POST | /api/v1/observability/metrics/query | Execute PromQL query | Bearer |
GET | /api/v1/observability/logs | Query aggregated logs (Loki backend) | Bearer |
GET | /api/v1/observability/logs/services/{service} | Get logs for a specific service | Bearer |
GET | /api/v1/observability/traces | Query distributed traces (Tempo backend) | Bearer |
GET | /api/v1/observability/traces/{traceId} | Get trace details | Bearer |
GET | /api/v1/observability/dashboards | List observability dashboards | Bearer |
GET | /api/v1/observability/alerts | List active alerts | Bearer |
GET | /api/v1/observability/alerts/rules | List alert rules | Bearer (Admin) |
POST | /api/v1/observability/alerts/rules | Create alert rule | Bearer (Admin) |
PUT | /api/v1/observability/alerts/rules/{id} | Update alert rule | Bearer (Admin) |
DELETE | /api/v1/observability/alerts/rules/{id} | Delete alert rule | Bearer (Admin) |
GET | /api/v1/observability/health | Platform health summary | Bearer |
GET | /api/v1/observability/health/services | Per-service health status | Bearer |
Infrastructure Service (Port 8089)
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/infrastructure/terraform/plan | Generate Terraform plan | Bearer (Platform Admin) |
POST | /api/v1/infrastructure/terraform/apply | Apply Terraform configuration | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/terraform/state | Get Terraform state summary | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/terraform/outputs | Get Terraform outputs | Bearer (Platform Admin) |
POST | /api/v1/infrastructure/terraform/destroy | Destroy Terraform resources | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/clusters | List Kubernetes clusters | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/clusters/{id} | Get cluster details | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/clusters/{id}/nodes | List cluster nodes | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/namespaces | List namespaces | Bearer (Admin) |
POST | /api/v1/infrastructure/namespaces | Create namespace | Bearer (Platform Admin) |
GET | /api/v1/infrastructure/resources/usage | Get resource usage summary | Bearer (Admin) |
Platform Registry (Port 8084)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/registry/services | List registered services | Bearer |
GET | /api/v1/registry/services/{name} | Get service details | Bearer |
POST | /api/v1/registry/services | Register a service | Bearer (Admin) |
PUT | /api/v1/registry/services/{name} | Update service registration | Bearer (Admin) |
DELETE | /api/v1/registry/services/{name} | Deregister a service | Bearer (Admin) |
GET | /api/v1/registry/services/{name}/instances | List service instances | Bearer |
GET | /api/v1/registry/services/{name}/health | Get service health | Bearer |
GET | /api/v1/registry/services/{name}/endpoints | List service endpoints | Bearer |
GET | /api/v1/registry/topology | Get service topology graph | Bearer |
GET | /api/v1/registry/dependencies/{name} | Get service dependencies | Bearer |
Data Plane Services
AI Service (Port 8000)
The AI Service is the conversational intelligence engine that powers text-to-SQL, multi-agent orchestration, RAG-based Q&A, and streaming responses.
Conversation and Chat Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/chat | Send a chat message (synchronous) | Bearer |
POST | /api/v1/chat/stream | Send a chat message (SSE streaming) | Bearer |
GET | /api/v1/conversations | List conversations for current user | Bearer |
GET | /api/v1/conversations/{id} | Get conversation with messages | Bearer |
POST | /api/v1/conversations | Start a new conversation | Bearer |
DELETE | /api/v1/conversations/{id} | Delete a conversation | Bearer |
GET | /api/v1/conversations/{id}/messages | List messages in conversation | Bearer |
WebSocket | /api/v1/ws/chat | Real-time chat via WebSocket | Bearer |
Chat Request Example:
POST /api/v1/chat
Content-Type: application/json
X-Tenant-ID: tnt-xyz789
{
"conversationId": "conv-abc123",
"message": "Show me total revenue by region for Q4 2025",
"context": {
"dataSource": "sales_warehouse",
"dialect": "trino",
"enableVisualization": true
}
}Chat Response Example:
{
"messageId": "msg-def456",
"conversationId": "conv-abc123",
"response": {
"text": "Here is the total revenue by region for Q4 2025.",
"sql": "SELECT region, SUM(revenue) AS total_revenue FROM sales.orders WHERE quarter = 'Q4' AND year = 2025 GROUP BY region ORDER BY total_revenue DESC",
"data": {
"columns": ["region", "total_revenue"],
"rows": [
["North America", 4520000],
["Europe", 3180000],
["Asia Pacific", 2740000]
]
},
"visualization": {
"type": "bar",
"config": { "xAxis": "region", "yAxis": "total_revenue" }
}
},
"agentTrace": {
"agents": ["intent_classifier", "schema_retriever", "sql_generator", "sql_validator", "executor"],
"totalDurationMs": 2340,
"tokensUsed": 1820
}
}Agent Orchestration Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/agents | List available agents | Bearer |
GET | /api/v1/agents/{name} | Get agent details | Bearer |
POST | /api/v1/agents/{name}/execute | Execute a specific agent | Bearer |
GET | /api/v1/agents/traces | List agent execution traces | Bearer |
GET | /api/v1/agents/traces/{traceId} | Get detailed agent trace | Bearer |
GET | /api/v1/agents/metrics | Get agent performance metrics | Bearer |
Text-to-SQL Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/text-to-sql | Generate SQL from natural language | Bearer |
POST | /api/v1/text-to-sql/validate | Validate generated SQL | Bearer |
POST | /api/v1/text-to-sql/explain | Explain SQL in natural language | Bearer |
POST | /api/v1/text-to-sql/optimize | Suggest SQL optimizations | Bearer |
GET | /api/v1/text-to-sql/dialects | List supported SQL dialects | Bearer |
Feedback and Evaluation Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/feedback | Submit feedback on a response | Bearer |
GET | /api/v1/feedback/summary | Get feedback summary stats | Bearer (Admin) |
GET | /api/v1/evaluations | List evaluation results | Bearer (Admin) |
POST | /api/v1/evaluations/run | Run evaluation suite | Bearer (Admin) |
GET | /api/v1/evaluations/{id} | Get evaluation result details | Bearer (Admin) |
Studio and DNN Builder Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/studio/sessions | Create a new studio session | Bearer |
GET | /api/v1/studio/sessions/{id} | Get studio session state | Bearer |
POST | /api/v1/studio/sessions/{id}/chat | Chat within studio context | Bearer |
POST | /api/v1/dnn/architectures | Create a new DNN architecture | Bearer |
GET | /api/v1/dnn/architectures/{id} | Get DNN architecture details | Bearer |
POST | /api/v1/dnn/architectures/{id}/generate | Generate code for architecture | Bearer |
POST | /api/v1/dnn/architectures/{id}/validate | Validate architecture | Bearer |
ML Service (Port 8000)
The ML Service handles model lifecycle management, training, serving, feature engineering, experiments, and monitoring.
Model Management Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/models | List registered models | Bearer |
GET | /api/v1/models/{id} | Get model details | Bearer |
POST | /api/v1/models | Register a new model | Bearer |
PUT | /api/v1/models/{id} | Update model metadata | Bearer |
DELETE | /api/v1/models/{id} | Delete a model | Bearer (Admin) |
GET | /api/v1/models/{id}/versions | List model versions | Bearer |
POST | /api/v1/models/{id}/versions | Create a new model version | Bearer |
POST | /api/v1/models/{id}/versions/{versionId}/stage | Transition model stage | Bearer |
Training and Experiment Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/training/jobs | Submit a training job | Bearer |
GET | /api/v1/training/jobs | List training jobs | Bearer |
GET | /api/v1/training/jobs/{id} | Get training job details | Bearer |
POST | /api/v1/training/jobs/{id}/cancel | Cancel a training job | Bearer |
GET | /api/v1/training/jobs/{id}/logs | Get training logs | Bearer |
GET | /api/v1/training/jobs/{id}/metrics | Get training metrics | Bearer |
GET | /api/v1/experiments | List experiments | Bearer |
POST | /api/v1/experiments | Create an experiment | Bearer |
GET | /api/v1/experiments/{id} | Get experiment details | Bearer |
GET | /api/v1/experiments/{id}/runs | List experiment runs | Bearer |
POST | /api/v1/experiments/{id}/compare | Compare experiment runs | Bearer |
Model Serving Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/serving/deployments | Deploy a model for serving | Bearer |
GET | /api/v1/serving/deployments | List serving deployments | Bearer |
GET | /api/v1/serving/deployments/{id} | Get deployment details | Bearer |
DELETE | /api/v1/serving/deployments/{id} | Undeploy a model | Bearer |
POST | /api/v1/serving/deployments/{id}/predict | Run inference | Bearer |
POST | /api/v1/serving/deployments/{id}/predict/batch | Batch inference | Bearer |
PUT | /api/v1/serving/deployments/{id}/scale | Scale deployment replicas | Bearer (Admin) |
Feature Store Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/features | List feature groups | Bearer |
POST | /api/v1/features | Create a feature group | Bearer |
GET | /api/v1/features/{id} | Get feature group details | Bearer |
POST | /api/v1/features/{id}/materialize | Materialize features | Bearer |
POST | /api/v1/features/serve | Get online features | Bearer |
POST | /api/v1/features/historical | Get historical features | Bearer |
Model Monitoring Endpoints
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/monitoring/models/{id}/drift | Get data drift metrics | Bearer |
GET | /api/v1/monitoring/models/{id}/performance | Get model performance metrics | Bearer |
GET | /api/v1/monitoring/models/{id}/predictions | Get prediction log | Bearer |
POST | /api/v1/monitoring/alerts | Create monitoring alert | Bearer (Admin) |
GET | /api/v1/monitoring/alerts | List monitoring alerts | Bearer |
Query Engine (Port 8080)
| Method | Path | Description | Auth |
|---|---|---|---|
POST | /api/v1/query/execute | Execute a SQL query | Bearer |
POST | /api/v1/query/execute/async | Submit async query | Bearer |
GET | /api/v1/query/jobs/{jobId} | Get async query status | Bearer |
GET | /api/v1/query/jobs/{jobId}/results | Get async query results | Bearer |
POST | /api/v1/query/jobs/{jobId}/cancel | Cancel an async query | Bearer |
POST | /api/v1/query/explain | Get query execution plan | Bearer |
POST | /api/v1/query/optimize | Optimize a SQL query | Bearer |
GET | /api/v1/query/history | Get query history | Bearer |
GET | /api/v1/query/catalogs | List available catalogs | Bearer |
GET | /api/v1/query/catalogs/{catalog}/schemas | List schemas in catalog | Bearer |
GET | /api/v1/query/catalogs/{catalog}/schemas/{schema}/tables | List tables | Bearer |
POST | /api/v1/query/validate | Validate SQL syntax | Bearer |
BI Service (Port 8084)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/dashboards | List dashboards | Bearer |
GET | /api/v1/dashboards/{id} | Get dashboard details | Bearer |
POST | /api/v1/dashboards | Create a dashboard | Bearer |
PUT | /api/v1/dashboards/{id} | Update a dashboard | Bearer |
DELETE | /api/v1/dashboards/{id} | Delete a dashboard | Bearer |
POST | /api/v1/dashboards/{id}/clone | Clone a dashboard | Bearer |
POST | /api/v1/dashboards/{id}/share | Share a dashboard | Bearer |
GET | /api/v1/dashboards/{id}/widgets | List widgets on dashboard | Bearer |
POST | /api/v1/dashboards/{id}/widgets | Add widget to dashboard | Bearer |
PUT | /api/v1/dashboards/{id}/widgets/{widgetId} | Update widget | Bearer |
DELETE | /api/v1/dashboards/{id}/widgets/{widgetId} | Remove widget | Bearer |
GET | /api/v1/dashboards/{id}/filters | Get global dashboard filters | Bearer |
PUT | /api/v1/dashboards/{id}/filters | Update global filters | Bearer |
POST | /api/v1/dashboards/{id}/export | Export dashboard (PDF/PNG) | Bearer |
POST | /api/v1/dashboards/{id}/schedule | Schedule report delivery | Bearer |
GET | /api/v1/widgets/types | List available widget types | Bearer |
Catalog Service (Port 8086)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/catalog/databases | List databases | Bearer |
GET | /api/v1/catalog/databases/{db}/tables | List tables in database | Bearer |
GET | /api/v1/catalog/tables/{id} | Get table metadata | Bearer |
GET | /api/v1/catalog/tables/{id}/columns | Get column metadata | Bearer |
GET | /api/v1/catalog/tables/{id}/profile | Get data profile (statistics) | Bearer |
POST | /api/v1/catalog/tables/{id}/profile | Trigger data profiling | Bearer |
GET | /api/v1/catalog/tables/{id}/lineage | Get table lineage | Bearer |
GET | /api/v1/catalog/tables/{id}/lineage/upstream | Get upstream lineage | Bearer |
GET | /api/v1/catalog/tables/{id}/lineage/downstream | Get downstream lineage | Bearer |
GET | /api/v1/catalog/tables/{id}/tags | Get table tags | Bearer |
POST | /api/v1/catalog/tables/{id}/tags | Add tags to table | Bearer |
GET | /api/v1/catalog/search | Search metadata | Bearer |
GET | /api/v1/catalog/glossary | List business glossary terms | Bearer |
POST | /api/v1/catalog/glossary | Create glossary term | Bearer (Admin) |
GET | /api/v1/catalog/glossary/{id} | Get glossary term | Bearer |
Semantic Layer (Port 8086)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/semantic/models | List semantic models | Bearer |
GET | /api/v1/semantic/models/{id} | Get semantic model details | Bearer |
POST | /api/v1/semantic/models | Create a semantic model | Bearer |
PUT | /api/v1/semantic/models/{id} | Update a semantic model | Bearer |
DELETE | /api/v1/semantic/models/{id} | Delete a semantic model | Bearer (Admin) |
GET | /api/v1/semantic/models/{id}/metrics | List metrics in model | Bearer |
POST | /api/v1/semantic/models/{id}/metrics | Create a metric | Bearer |
PUT | /api/v1/semantic/models/{id}/metrics/{metricId} | Update a metric | Bearer |
DELETE | /api/v1/semantic/models/{id}/metrics/{metricId} | Delete a metric | Bearer |
POST | /api/v1/semantic/query | Execute semantic query | Bearer |
GET | /api/v1/semantic/models/{id}/dimensions | List dimensions | Bearer |
GET | /api/v1/semantic/models/{id}/entities | List entities in model | Bearer |
Pipeline Service (Port 8092)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/pipelines | List pipelines (DAGs) | Bearer |
GET | /api/v1/pipelines/{id} | Get pipeline details | Bearer |
POST | /api/v1/pipelines | Create a pipeline | Bearer |
PUT | /api/v1/pipelines/{id} | Update pipeline definition | Bearer |
DELETE | /api/v1/pipelines/{id} | Delete a pipeline | Bearer |
POST | /api/v1/pipelines/{id}/trigger | Manually trigger pipeline run | Bearer |
GET | /api/v1/pipelines/{id}/runs | List pipeline runs | Bearer |
GET | /api/v1/pipelines/{id}/runs/{runId} | Get run details | Bearer |
POST | /api/v1/pipelines/{id}/runs/{runId}/cancel | Cancel a running pipeline | Bearer |
GET | /api/v1/pipelines/{id}/runs/{runId}/logs | Get run logs | Bearer |
POST | /api/v1/pipelines/{id}/runs/{runId}/retry | Retry a failed run | Bearer |
GET | /api/v1/jobs | List scheduled jobs | Bearer |
POST | /api/v1/jobs | Create a scheduled job | Bearer |
PUT | /api/v1/jobs/{id} | Update job schedule | Bearer |
DELETE | /api/v1/jobs/{id} | Delete a scheduled job | Bearer |
POST | /api/v1/jobs/{id}/pause | Pause a scheduled job | Bearer |
POST | /api/v1/jobs/{id}/resume | Resume a paused job | Bearer |
Data Quality Service (Port 8000)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/quality/rules | List quality rules | Bearer |
POST | /api/v1/quality/rules | Create a quality rule | Bearer |
GET | /api/v1/quality/rules/{id} | Get rule details | Bearer |
PUT | /api/v1/quality/rules/{id} | Update a quality rule | Bearer |
DELETE | /api/v1/quality/rules/{id} | Delete a quality rule | Bearer |
POST | /api/v1/quality/rules/{id}/run | Execute a quality check | Bearer |
GET | /api/v1/quality/results | List quality check results | Bearer |
GET | /api/v1/quality/results/{id} | Get quality result details | Bearer |
GET | /api/v1/quality/slas | List SLA definitions | Bearer |
POST | /api/v1/quality/slas | Create an SLA | Bearer (Admin) |
GET | /api/v1/quality/slas/{id} | Get SLA details | Bearer |
GET | /api/v1/quality/slas/{id}/status | Get SLA compliance status | Bearer |
GET | /api/v1/quality/dashboards/{tableId} | Get quality dashboard for table | Bearer |
GET | /api/v1/quality/score/{tableId} | Get quality score for table | Bearer |
Governance Service (Port 8080)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/governance/policies | List governance policies | Bearer |
POST | /api/v1/governance/policies | Create a governance policy | Bearer (Admin) |
GET | /api/v1/governance/policies/{id} | Get policy details | Bearer |
PUT | /api/v1/governance/policies/{id} | Update a policy | Bearer (Admin) |
DELETE | /api/v1/governance/policies/{id} | Delete a policy | Bearer (Admin) |
POST | /api/v1/governance/policies/{id}/evaluate | Evaluate policy against data | Bearer |
GET | /api/v1/governance/masking/rules | List data masking rules | Bearer |
POST | /api/v1/governance/masking/rules | Create masking rule | Bearer (Admin) |
PUT | /api/v1/governance/masking/rules/{id} | Update masking rule | Bearer (Admin) |
DELETE | /api/v1/governance/masking/rules/{id} | Delete masking rule | Bearer (Admin) |
GET | /api/v1/governance/classifications | List data classifications | Bearer |
POST | /api/v1/governance/classifications | Create data classification | Bearer (Admin) |
POST | /api/v1/governance/classifications/auto-detect | Auto-detect PII classifications | Bearer |
GET | /api/v1/governance/access/requests | List access requests | Bearer |
POST | /api/v1/governance/access/requests | Submit access request | Bearer |
PUT | /api/v1/governance/access/requests/{id}/approve | Approve access request | Bearer (Admin) |
PUT | /api/v1/governance/access/requests/{id}/deny | Deny access request | Bearer (Admin) |
Ontology Service (Port 8101)
| Method | Path | Description | Auth |
|---|---|---|---|
GET | /api/v1/ontology/entities | List ontology entities | Bearer |
POST | /api/v1/ontology/entities | Create an entity | Bearer |
GET | /api/v1/ontology/entities/{id} | Get entity details | Bearer |
PUT | /api/v1/ontology/entities/{id} | Update an entity | Bearer |
DELETE | /api/v1/ontology/entities/{id} | Delete an entity | Bearer |
GET | /api/v1/ontology/relationships | List relationships | Bearer |
POST | /api/v1/ontology/relationships | Create a relationship | Bearer |
GET | /api/v1/ontology/relationships/{id} | Get relationship details | Bearer |
PUT | /api/v1/ontology/relationships/{id} | Update a relationship | Bearer |
DELETE | /api/v1/ontology/relationships/{id} | Delete a relationship | Bearer |
GET | /api/v1/ontology/graph | Get ontology graph | Bearer |
POST | /api/v1/ontology/import | Import ontology (OWL/RDF) | Bearer (Admin) |
GET | /api/v1/ontology/export | Export ontology | Bearer |
POST | /api/v1/ontology/validate | Validate ontology (SHACL) | Bearer |
GET | /api/v1/ontology/search | Search ontology entities | Bearer |
GET | /api/v1/ontology/namespaces | List ontology namespaces | Bearer |
Health Check Endpoints
Every service exposes a standard health check endpoint that does not require authentication:
| Service | Health Endpoint | Port |
|---|---|---|
| IAM Service | GET /api/v1/actuator/health | 8081 |
| Tenant Service | GET /api/v1/actuator/health | 8082 |
| API Gateway | GET /actuator/health | 8080 |
| Config Service | GET /api/v1/actuator/health | 8888 |
| Audit Service | GET /api/v1/actuator/health | 8086 |
| Billing Service | GET /api/v1/actuator/health | 8087 |
| Notification Service | GET /api/v1/actuator/health | 8085 |
| Observability API | GET /api/v1/actuator/health | 8088 |
| Infrastructure Service | GET /api/v1/actuator/health | 8089 |
| Platform Registry | GET /api/v1/actuator/health | 8084 |
| AI Service | GET /health and GET /api/v1/health | 8000 |
| ML Service | GET /health | 8000 |
| Query Engine | GET /api/v1/actuator/health | 8080 |
| BI Service | GET /api/v1/actuator/health | 8084 |
| Catalog Service | GET /api/v1/actuator/health | 8086 |
| Semantic Layer | GET /api/v1/actuator/health | 8086 |
| Pipeline Service | GET /api/v1/actuator/health | 8092 |
| Data Quality Service | GET /health | 8000 |
| Governance Service | GET /health | 8080 |
| Ontology Service | GET /health | 8101 |
| Render Service | GET /health | 8098 |
| Data Plane Agent | GET /api/v1/actuator/health | 8085 |
| Ops Agent Service | GET /health | 8080 |
Health check response format for Spring Boot services:
{
"status": "UP",
"components": {
"db": { "status": "UP" },
"redis": { "status": "UP" },
"kafka": { "status": "UP" },
"diskSpace": { "status": "UP" }
}
}Health check response format for Python FastAPI services:
{
"status": "healthy",
"version": "1.0.0",
"uptime_seconds": 86400,
"checks": {
"database": "connected",
"redis": "connected",
"llm_provider": "available"
}
}API Versioning
All MATIH APIs are versioned using URL path versioning (e.g., /api/v1/). When breaking changes are introduced, a new version (e.g., /api/v2/) will be created. Previous versions are supported for a minimum of two major platform releases, providing at least six months of overlap for migration.