Version: 2.32.8
Last Updated: 2025-06-20
Architectural Decisions: Reflects ADR-001 through ADR-031 implementation
- Overview
- Authentication
- Core Entity Operations
- Temporal Operations
- Dataset Management
- Entity Relationships
- User Management
- Configuration & Feature Flags
- Metrics & Monitoring
- Health & Status
- RBAC & Security
- Error Handling
- Examples
http://localhost:8085
https://localhost:8443 (when SSL enabled)
All endpoints are prefixed with /api/v1/
- Request:
application/json - Response:
application/json(except for Prometheus metrics endpoint)
Most endpoints require authentication via Bearer token in the Authorization header:
Authorization: Bearer <token>
Authentication Architecture v2.29.0+ (ADR-013): EntityDB uses embedded credentials stored directly in user entity content following pure tag-based session management architecture. No separate credential entities or relationships needed (single source of truth compliance).
Authenticate and receive a session token.
POST /api/v1/auth/loginRequest Body:
{
"username": "string",
"password": "string"
}Response:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "admin",
"roles": ["admin", "user"]
},
"expires_at": "2025-01-01T12:00:00Z"
}Invalidate the current session.
POST /api/v1/auth/logout
Authorization: Bearer <token>Response:
{
"status": "ok",
"message": "Logged out successfully"
}Get information about the currently authenticated user.
GET /api/v1/auth/whoami
Authorization: Bearer <token>Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "admin",
"roles": ["admin", "user"]
}Refresh the session token to extend expiration.
POST /api/v1/auth/refresh
Authorization: Bearer <token>Response:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"expires_at": "2025-01-01T14:00:00Z"
}Check authentication status and session validity.
GET /api/v1/auth/status
Authorization: Bearer <token>Response:
{
"authenticated": true,
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "admin",
"roles": ["admin", "user"]
},
"expires_at": "2025-01-01T12:00:00Z"
}List all entities with optional filtering.
GET /api/v1/entities/list
Authorization: Bearer <token>Query Parameters:
tag(string, optional): Filter by tag (e.g., "type:user")wildcard(string, optional): Filter by wildcard patternsearch(string, optional): Search contentcontentType(string, optional): Content type for searchnamespace(string, optional): Filter by namespaceinclude_timestamps(boolean, optional): Include temporal timestamps in tags
Response:
{
"status": "ok",
"data": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:user", "status:active", "rbac:role:admin"],
"content": "base64_encoded_content",
"created_at": 1737564000000000000,
"updated_at": 1737564000000000000
}
],
"count": 1
}Retrieve a single entity by ID.
GET /api/v1/entities/get?id=<entity_id>
Authorization: Bearer <token>Query Parameters:
id(string, required): Entity IDinclude_timestamps(boolean, optional): Include temporal timestamps in tags
Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:user", "status:active"],
"content": "base64_encoded_content",
"created_at": 1737564000000000000,
"updated_at": 1737564000000000000
}Create a new entity.
POST /api/v1/entities/create
Authorization: Bearer <token>Request Body:
{
"id": "optional_custom_id",
"tags": ["type:document", "status:draft"],
"content": "string_or_base64_or_json_object"
}Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:document", "status:draft"],
"content": "...",
"created_at": 1737564000000000000,
"updated_at": 1737564000000000000
}Update an existing entity.
PUT /api/v1/entities/update?id=<entity_id>
Authorization: Bearer <token>Request Body:
{
"tags": ["type:document", "status:published"],
"content": "updated_content"
}Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:document", "status:published"],
"content": "updated_content",
"created_at": 1737564000000000000,
"updated_at": 1737565000000000000
}Query entities with advanced filtering, sorting, and pagination.
GET /api/v1/entities/query
Authorization: Bearer <token>Query Parameters:
filter(string): Filter field (e.g., "created_at", "tag:type")operator(string): Filter operator (eq, ne, gt, lt, gte, lte, like, in)value(string): Filter valuesort(string): Sort field (created_at, updated_at, id, tag_count)order(string): Sort order (asc, desc)limit(integer): Limit resultsoffset(integer): Offset results
Response:
{
"entities": [...],
"total": 100,
"limit": 10,
"offset": 0
}Stream large entity content.
GET /api/v1/entities/stream?id=<entity_id>
Authorization: Bearer <token>Response: Binary stream of entity content
Download entity content as a file.
GET /api/v1/entities/download?id=<entity_id>
Authorization: Bearer <token>Response: File download with appropriate Content-Type and Content-Disposition headers
Retrieve an entity as it existed at a specific point in time.
GET /api/v1/entities/as-of?id=<entity_id>&as_of=<timestamp>
Authorization: Bearer <token>Query Parameters:
id(string, required): Entity IDas_of(string, required): Timestamp in RFC3339 format
Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:document", "status:draft"],
"content": "...",
"created_at": 1737564000000000000,
"updated_at": 1737564000000000000
}Retrieve the history of an entity within a time range.
GET /api/v1/entities/history?id=<entity_id>&from=<timestamp>&to=<timestamp>
Authorization: Bearer <token>Query Parameters:
id(string, required): Entity IDfrom(string, optional): Start timestamp in RFC3339 format (default: 24 hours ago)to(string, optional): End timestamp in RFC3339 format (default: now)
Response:
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:document", "status:draft"],
"content": "...",
"created_at": 1737564000000000000,
"updated_at": 1737564000000000000
}
]Retrieve entities that have changed since a given timestamp.
GET /api/v1/entities/changes?since=<timestamp>
Authorization: Bearer <token>Query Parameters:
since(string, optional): Timestamp in RFC3339 format (default: 1 hour ago)
Response:
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tags": ["type:document", "status:published"],
"content": "...",
"created_at": 1737564000000000000,
"updated_at": 1737565000000000000
}
]Compare an entity at two different points in time.
GET /api/v1/entities/diff?id=<entity_id>&t1=<timestamp>&t2=<timestamp>
Authorization: Bearer <token>Query Parameters:
id(string, required): Entity IDt1(string, required): First timestamp in RFC3339 formatt2(string, required): Second timestamp in RFC3339 format
Response:
{
"t1": {
"tags": ["type:document", "status:draft"],
"content": "original_content"
},
"t2": {
"tags": ["type:document", "status:published"],
"content": "updated_content"
},
"changes": {
"tags": {
"added": ["status:published"],
"removed": ["status:draft"]
},
"content_changed": true
}
}List all datasets.
GET /api/v1/datasets
Authorization: Bearer <token>Response:
[
{
"id": "default",
"name": "Default Dataset",
"description": "Main dataset",
"created_at": "2025-01-01T00:00:00Z"
}
]Create a new dataset.
POST /api/v1/datasets
Authorization: Bearer <token>Request Body:
{
"id": "metrics",
"name": "Metrics Dataset",
"description": "Dataset for system metrics"
}Get details of a specific dataset.
GET /api/v1/datasets/{id}
Authorization: Bearer <token>Update dataset details.
PUT /api/v1/datasets/{id}
Authorization: Bearer <token>Delete a dataset.
DELETE /api/v1/datasets/{id}
Authorization: Bearer <token>Create an entity within a specific dataset.
POST /api/v1/datasets/entities/create
Authorization: Bearer <token>
X-Dataset: <dataset_id>Query entities within a specific dataset.
GET /api/v1/datasets/entities/query
Authorization: Bearer <token>
X-Dataset: <dataset_id>Create a relationship between two entities.
POST /api/v1/entity-relationships
Authorization: Bearer <token>Request Body:
{
"source_id": "550e8400-e29b-41d4-a716-446655440000",
"target_id": "660e8400-e29b-41d4-a716-446655440001",
"relationship_type": "contains"
}Response:
{
"id": "rel_770e8400-e29b-41d4-a716-446655440002",
"source_id": "550e8400-e29b-41d4-a716-446655440000",
"target_id": "660e8400-e29b-41d4-a716-446655440001",
"relationship_type": "contains",
"created_at": "2025-01-01T10:00:00Z"
}Get a specific relationship.
GET /api/v1/entity-relationships?source_id=<id>&relationship_type=<type>&target_id=<id>
Authorization: Bearer <token>List all relationships where the entity is the source.
GET /api/v1/entity-relationships/by-source?source_id=<entity_id>&relationship_type=<type>
Authorization: Bearer <token>List all relationships where the entity is the target.
GET /api/v1/entity-relationships/by-target?target_id=<entity_id>&relationship_type=<type>
Authorization: Bearer <token>List all relationships of a specific type.
GET /api/v1/entity-relationships/by-type?relationship_type=<type>
Authorization: Bearer <token>Delete a relationship.
DELETE /api/v1/entity-relationships?source_id=<id>&relationship_type=<type>&target_id=<id>
Authorization: Bearer <token>Create a new user with embedded credentials (requires admin permission). Creates a single user entity with credentials stored in the content field.
POST /api/v1/users/create
Authorization: Bearer <token>Request Body:
{
"username": "newuser",
"password": "secure_password",
"email": "user@example.com",
"full_name": "New User",
"role": "user"
}Response:
{
"id": "880e8400-e29b-41d4-a716-446655440003",
"tags": ["type:user", "rbac:role:user", "status:active"],
"created_at": 1737564000000000000
}Change the current user's password.
POST /api/v1/users/change-password
Authorization: Bearer <token>Request Body:
{
"username": "currentuser",
"current_password": "old_password",
"new_password": "new_secure_password"
}Response:
{
"status": "ok"
}Reset a user's password (requires admin permission).
POST /api/v1/users/reset-password
Authorization: Bearer <token>Request Body:
{
"username": "targetuser",
"password": "new_password"
}Retrieve system configuration.
GET /api/v1/config?namespace=<namespace>&key=<key>
Authorization: Bearer <token>Query Parameters:
namespace(string, optional): Configuration namespacekey(string, optional): Configuration key
Response:
[
{
"id": "config_123",
"tags": ["type:config", "conf:system:max_connections"],
"content": "100"
}
]Update configuration values.
POST /api/v1/config/set
Authorization: Bearer <token>Request Body:
{
"namespace": "system",
"key": "max_connections",
"value": "200"
}Retrieve feature flags.
GET /api/v1/feature-flags?stage=<stage>
Authorization: Bearer <token>Query Parameters:
stage(string, optional): Filter by stage (alpha, beta, stable)
Update a feature flag.
POST /api/v1/feature-flags/set
Authorization: Bearer <token>Request Body:
{
"flag": "new_ui",
"enabled": true
}Basic health check endpoint (no authentication required).
GET /healthResponse:
{
"status": "healthy",
"version": "2.19.0",
"uptime": "2h15m30s",
"timestamp": "2025-01-01T10:00:00Z",
"checks": {
"database": "ok",
"storage": "ok",
"memory": "ok"
},
"metrics": {
"entity_count": 1000,
"user_count": 10,
"database_size_bytes": 1048576,
"memory_usage": {
"alloc_bytes": 10485760,
"total_alloc_bytes": 20971520,
"sys_bytes": 73400320,
"num_gc": 5
},
"goroutines": 25
}
}Prometheus-format metrics endpoint (no authentication required).
GET /metricsResponse: Text format metrics following Prometheus exposition format.
Comprehensive EntityDB system metrics (no authentication required).
GET /api/v1/system/metricsResponse:
{
"system": {
"version": "2.19.0",
"uptime": 132.651279965,
"go_version": "go1.24.2",
"num_cpu": 8,
"num_goroutines": 24
},
"memory": {
"alloc_bytes": 10031960,
"heap_alloc_bytes": 10031960,
"heap_sys_bytes": 16121856,
"total_alloc_bytes": 10685192
},
"database": {
"total_entities": 1000,
"entities_by_type": {
"user": 10,
"document": 500,
"metric": 490
},
"tags_total": 5000,
"tags_unique": 250,
"avg_tags_per_entity": 5.0
},
"storage": {
"database_size_bytes": 52428800,
"wal_size_bytes": 1048576,
"index_size_bytes": 524288,
"compression_ratio": 0.75
},
"performance": {
"query_cache_hits": 150,
"query_cache_miss": 50,
"index_lookups": 1000,
"gc_runs": 3,
"last_gc_pause_ns": 140707
},
"temporal": {
"temporal_tags_count": 4500,
"non_temporal_tags_count": 500,
"temporal_tags_ratio": 0.9,
"time_range_start": "2025-01-01T00:00:00Z",
"time_range_end": "2025-01-01T10:00:00Z"
}
}Get historical values for a specific metric.
GET /api/v1/metrics/history?metric_name=<name>&hours=<hours>&limit=<limit>
Authorization: Bearer <token>Query Parameters:
metric_name(string, required): Metric name (e.g., "memory_alloc", "entity_count_total")hours(integer, optional): Number of hours to look back (default: 24)limit(integer, optional): Maximum data points (default: 100)
Response:
{
"metric_name": "memory_alloc",
"unit": "bytes",
"start_time": "2025-01-01T00:00:00Z",
"end_time": "2025-01-02T00:00:00Z",
"count": 96,
"data_points": [
{
"timestamp": "2025-01-01T00:00:00Z",
"value": 10485760
}
]
}List all available metrics being collected.
GET /api/v1/metrics/available
Authorization: Bearer <token>Response:
[
"memory_alloc",
"memory_heap_alloc",
"memory_sys",
"entity_count_total",
"entity_count_by_type",
"database_size",
"wal_size",
"goroutines",
"gc_runs"
]Get RBAC and session metrics (requires admin).
GET /api/v1/rbac/metrics
Authorization: Bearer <token>Response:
{
"timestamp": "2025-01-01T10:00:00Z",
"users": {
"total_users": 10,
"admin_count": 2
},
"sessions": {
"active_count": 5,
"total_today": 25,
"avg_duration_ms": 3600000
},
"auth": {
"successful_logins": 23,
"failed_logins": 2,
"success_rate": 0.92
},
"permissions": {
"total_checks": 10000,
"checks_per_second": 2.5,
"cache_hit_rate": 0.85
},
"security_events": [
{
"id": "event_123",
"type": "failed_login",
"username": "unknown",
"timestamp": "2025-01-01T09:00:00Z",
"status": "blocked",
"details": "Invalid credentials"
}
]
}Basic RBAC metrics (no authentication required).
GET /api/v1/rbac/metrics/publicResponse:
{
"timestamp": "2025-01-01T10:00:00Z",
"sessions": {
"active_count": 5
},
"auth": {
"successful_logins": 23,
"failed_logins": 2,
"success_rate": 0.92
}
}Workforce orchestrator specific metrics.
GET /api/v1/worca/metrics
Authorization: Bearer <token>Get dashboard statistics and recent activity.
GET /api/v1/dashboard/stats
Authorization: Bearer <token>Response:
{
"user_count": 10,
"workspace_count": 5,
"issue_stats": {
"total": 100,
"by_status": {
"open": 45,
"in_progress": 30,
"closed": 25
},
"by_priority": {
"critical": 5,
"high": 20,
"medium": 50,
"low": 25
}
},
"recent_activity": [
{
"type": "entity_created",
"timestamp": "2025-01-01T09:55:00Z",
"description": "User 'john' created document 'API Guide'"
}
]
}Simple API status check.
GET /api/v1/statusResponse:
{
"status": "ok",
"timestamp": "2025-01-01T10:00:00Z",
"api_status": "connected"
}Detailed health check (requires admin).
GET /api/v1/admin/health
Authorization: Bearer <token>Trigger index rebuild (requires admin).
POST /api/v1/admin/reindex
Authorization: Bearer <token>EntityDB uses tag-based RBAC with the following permission format:
rbac:perm:<resource>:<action>
rbac:perm:*- All permissionsrbac:perm:entity:*- All entity operationsrbac:perm:entity:view- View entitiesrbac:perm:entity:create- Create entitiesrbac:perm:entity:update- Update entitiesrbac:perm:entity:delete- Delete entitiesrbac:perm:user:*- All user operationsrbac:perm:user:create- Create usersrbac:perm:user:update- Update usersrbac:perm:user:delete- Delete usersrbac:perm:relation:*- All relationship operationsrbac:perm:system:*- All system operationsrbac:perm:config:*- All configuration operations
rbac:role:admin- Administrator role (includesrbac:perm:*)rbac:role:user- Regular user role
All errors follow this format:
{
"error": "Error message",
"code": "ERROR_CODE",
"details": {
"field": "Additional context"
}
}400 Bad Request- Invalid request format or parameters401 Unauthorized- Missing or invalid authentication403 Forbidden- Insufficient permissions404 Not Found- Resource not found409 Conflict- Resource conflict (e.g., duplicate ID)500 Internal Server Error- Server error
# 1. Login
TOKEN=$(curl -s -X POST http://localhost:8085/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin"}' \
| jq -r .token)
# 2. Create an entity
curl -X POST http://localhost:8085/api/v1/entities/create \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"tags": ["type:document", "status:draft", "author:admin"],
"content": {
"title": "API Documentation",
"body": "Complete API reference for EntityDB"
}
}'
# 3. Query entities by tag
curl -X GET "http://localhost:8085/api/v1/entities/list?tag=type:document" \
-H "Authorization: Bearer $TOKEN"
# 4. Get temporal history
curl -X GET "http://localhost:8085/api/v1/entities/history?id=<entity_id>&from=2025-01-01T00:00:00Z" \
-H "Authorization: Bearer $TOKEN"
# 5. Create a relationship
curl -X POST http://localhost:8085/api/v1/entity-relationships \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"source_id": "<parent_id>",
"target_id": "<child_id>",
"relationship_type": "contains"
}'
# 6. Logout
curl -X POST http://localhost:8085/api/v1/auth/logout \
-H "Authorization: Bearer $TOKEN"# Upload a large file (auto-chunking enabled)
curl -X POST http://localhost:8085/api/v1/entities/create \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"tags": ["type:file", "filename:large-dataset.csv"],
"content": "'$(base64 -w 0 large-dataset.csv)'"
}'
# Stream the file content
curl -X GET "http://localhost:8085/api/v1/entities/stream?id=<entity_id>" \
-H "Authorization: Bearer $TOKEN" \
--output retrieved-file.csv
# Download with proper headers
curl -X GET "http://localhost:8085/api/v1/entities/download?id=<entity_id>" \
-H "Authorization: Bearer $TOKEN" \
-O -J# Get entity state from yesterday
curl -X GET "http://localhost:8085/api/v1/entities/as-of?id=<entity_id>&as_of=2025-01-01T00:00:00Z" \
-H "Authorization: Bearer $TOKEN"
# Get all changes in the last hour
curl -X GET "http://localhost:8085/api/v1/entities/changes?since=2025-01-01T09:00:00Z" \
-H "Authorization: Bearer $TOKEN"
# Compare entity at two points
curl -X GET "http://localhost:8085/api/v1/entities/diff?id=<entity_id>&t1=2025-01-01T00:00:00Z&t2=2025-01-01T12:00:00Z" \
-H "Authorization: Bearer $TOKEN"# Query with filtering and sorting
curl -X GET "http://localhost:8085/api/v1/entities/query?filter=created_at&operator=gte&value=2025-01-01T00:00:00Z&sort=created_at&order=desc&limit=10" \
-H "Authorization: Bearer $TOKEN"
# Query by tag value
curl -X GET "http://localhost:8085/api/v1/entities/query?filter=tag:type&operator=eq&value=document&sort=updated_at&order=desc" \
-H "Authorization: Bearer $TOKEN"-
Temporal Storage: All tags are stored with nanosecond precision timestamps in the format
TIMESTAMP|tag. The API transparently handles this unlessinclude_timestamps=trueis specified. -
Autochunking: Files larger than 4MB are automatically chunked for efficient storage and retrieval.
-
Binary Format: EntityDB uses a custom binary format (EBF) for storage with Write-Ahead Logging for durability.
-
Performance: The system is optimized for high-performance temporal queries with memory-mapped files and various indexing strategies.
-
Security: All endpoints (except health/metrics) require authentication. RBAC is enforced at the tag level.
- v2.19.0 (2025-05-30): Current version with complete API documentation
- v2.18.0: Added logging standards and code cleanup
- v2.17.0: Fixed metrics endpoints and background collection
- v2.16.0: UUID storage fix for authentication
- v2.13.0: Configuration system overhaul
For more information, see the EntityDB Documentation.