API Routes
All backend API calls go through nginx at http://localhost (or your production domain). The UI uses these paths internally.
| Prefix | Module | Example |
|---|---|---|
/authsec/uflow/ | Auth, OIDC, JWT, TOTP, WebAuthn | POST /authsec/uflow/auth/login |
/authsec/authmgr/ | RBAC, token validation | GET /authsec/authmgr/roles |
/authsec/clientms/ | OAuth client management | POST /authsec/clientms/clients |
/authsec/hmgr/ | Hydra login/consent proxy | GET /authsec/hmgr/login |
/authsec/oocmgr/ | OIDC provider config | GET /authsec/oocmgr/providers |
/authsec/sdkmgr/ | AI agent SDK management | POST /authsec/sdkmgr/agents |
/authsec/exsvc/ | External integrations | - |
/authsec/webauthn/ | Passkey flows | POST /authsec/webauthn/register/begin |
/authsec/spire/ | SPIFFE workload identity | - |
/authsec/migration/ | DB migration management | POST /authsec/migration/migrations/master/run |
/.well-known/openid-configuration | OIDC discovery | RFC 8414 |
/.well-known/jwks.json | Public key set | RFC 7517 |
/oauth2/* | Hydra OAuth2 | RFC 6749 |
/userinfo | Hydra OIDC userinfo | RFC 9068 |
/metrics | Prometheus endpoint | - |