SciDx Remote Execution v0.0.8 GitHub ↗
API Reference

API Reference

REST API documentation for the Rexec Server Deployment API and NDP Endpoint API. Both are FastAPI services with live Swagger UIs at /docs.

Authentication Deploy API NDP EP API

Authentication

Protected endpoints require a Bearer token (issued by Keycloak or a compatible identity provider) passed in the Authorization HTTP header.

Bearer Token Scheme

Authorization: Bearer <your-token>

How token validation works

Both Rexec Deploy API and NDP Endpoint API do not validate tokens directly. Instead, each service is configured with an AUTH_API_URL pointing to an endpoint on the identity service (Keycloak). On every protected request the service forwards the token to that endpoint: 

GET <AUTH_API_URL>
Authorization: Bearer <your-token>

Keycloak validates and decodes the token and returns the user's identity claims: 

// AUTH_API_URL response
{
  "sub":      "a1b2c3d4-...",        // user ID
  "username": "alice",
  "roles":    ["user", "admin"],
  "groups":   ["/ndp_ep/ep-<id>", "researchers"]
}

Group-based access control

Each service can be configured with an allowed group (GROUP_NAMES). When enabled, the service checks whether any of the groups returned by Keycloak match the configured allowed group. If none match, the request is rejected with 403 Forbidden.

Group-based access control is optional and configured independently for the Rexec Deploy API and the NDP Endpoint API via the GROUP_NAMES environment variable in each service's Helm values.

Rexec Server Deployment API

FastAPI service that provisions and destroys per-user rexec-server pods in Kubernetes. By default served at your configured Ingress host under path /rexec.

Interactive Swagger UI: https://<your-host>/rexec/docs

POST /spawn Create Rexec Server
GET /broker-config Get Rexec Broker Configuration

NDP Endpoint API

FastAPI service providing authentication integration and Rexec spawn API address to client libraries. Served at /api by default.

Interactive Swagger UI: https://<your-host>/api/docs

GET /health Health check (liveness probe)
GET /status/rexec Get rexec deployment api connection details

HTTP Error Codes

CodeMeaningCommon Cause
200OKRequest succeeded.
400Bad RequestMalformed request body or missing required field.
401UnauthorizedMissing or expired Bearer token.
403ForbiddenToken is valid but the user's groups are not in the ACL allow-list.
404Not FoundResource (e.g., server pod) does not exist.
409ConflictA server pod already exists for this user.
500Internal Server ErrorKubernetes API error or misconfiguration. Check pod logs.
503Service UnavailableAuth API or Kubernetes cluster not reachable.
Live interactive docs Both APIs expose full OpenAPI schemas at /docs (Swagger UI) and /redoc (ReDoc). These are the authoritative API references for the running version of each service.