HTTP API
The convenience layer: curl-able queries, authenticated ILP writes, checkpoint trigger. Enable with -http :9000. All endpoints (except /health) use basic auth against the same user store; a user reaches only its own database.
CORS is open (Access-Control-Allow-Origin: *) so browser apps on other origins can call the API — authentication still happens per request.
GET/POST /query
SQL via ?q= or the POST body; ; separates statements.
{"results":[{"columns":["entity","ts","speed"],
"rows":[["veh-1",1700000000000,52.5]],
"tag":"SELECT 1"}]}
Errors return 400 with a plain-text message. null cells are JSON null.
POST /write
ILP lines in the body — the authenticated twin of the TCP listener:
curl -u firm1:secret --data-binary $'telemetry,entity=veh-1 speed=53 1700000060000000000\n' \
http://host:9000/write
204 on success; the first bad line aborts with 400.
POST /checkpoint
Runs CHECKPOINT on the user's database.
GET /health
Unauthenticated liveness probe; returns ok.