Authentication
How to authenticate with the Status Service API. Covers public, admin, AI, and GDPR endpoints.
Overview
The Status Service has four authentication tiers depending on the endpoint category. Public status endpoints require no authentication, while admin, AI, and GDPR endpoints require a Bearer JWT token with specific roles.
Endpoint Categories
| Category | Prefix | Auth Required | Role |
|---|---|---|---|
| Public | /status/v1 | No | None (rate-limited) |
| Admin | /status/v1/_admin/* | Yes (JWT) | PLATFORM_OPS |
| AI | /status/v1/ai/* | Yes (JWT) | PRO / PROMAX / ENTERPRISE |
| GDPR | /status/v1/_admin/gdpr/* | Yes (JWT) | PLATFORM_OPS or DATA_PROTECTION_OFFICER |
Public Endpoints (No Auth)
Rate-Limited
Public endpoints are rate-limited to prevent abuse. Status endpoints allow 50-200 requests per minute depending on the route. Subscription endpoints allow 3-10 requests per minute.
The following public endpoints require no authentication and return system status information:
| Endpoint | Rate Limit | Description |
|---|---|---|
GET / | 100/min | Global system status |
GET /services | 100/min | All services health |
GET /summary | 200/min | Compact summary for widgets |
GET /incidents | 100/min | Public incidents list |
GET /history | 50/min | 90-day status history |
POST /subscriptions | 10/min | Subscribe to notifications |
Obtaining a JWT Token
For admin, AI, and GDPR endpoints, you must obtain a JWT token from auth-svc via the login endpoint.
curl -X POST https://535ubezkse.execute-api.us-east-1.amazonaws.com/auth/v1/login \
-H "Content-Type: application/json" \
-d '{
"email": "platform-ops@eventzr.test",
"password": "TestPlatformOps123!"
}'
# Response:
# {
# "data": {
# "accessToken": "eyJhbGciOiJSUzI1NiIs...",
# "refreshToken": "eyJhbGciOiJSUzI1NiIs...",
# "expiresIn": 3600
# }
# }export TOKEN="<access-token-from-response>"
curl -X GET https://535ubezkse.execute-api.us-east-1.amazonaws.com/status/v1/_admin/incidents \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json"curl -X POST https://535ubezkse.execute-api.us-east-1.amazonaws.com/auth/v1/refresh \
-H "Content-Type: application/json" \
-d '{ "refreshToken": "eyJhbGciOiJSUzI1NiIs..." }'AI Endpoints (Subscription Gating)
Subscription Tier Required
AI-powered endpoints (incident summaries, root cause analysis, impact predictions) require a minimum subscription tier of PRO. The tier is extracted from the JWT claims automatically.
| Tier | AI Summary | Root Cause Analysis | Impact Prediction |
|---|---|---|---|
| BASE / STUDENT / STARTUP | No | No | No |
| PRO | Yes | Yes | No |
| PROMAX | Yes | Yes | Yes |
| ENTERPRISE | Yes | Yes | Yes |
JWT Claims Structure
{
"sub": "user-uuid",
"tenantId": "tenant-uuid",
"email": "platform-ops@eventzr.test",
"roles": ["PLATFORM_OPS"],
"planTier": "enterprise",
"iat": 1740000000,
"exp": 1740003600
}Standard Headers
| Header | Required | Description |
|---|---|---|
Authorization | Admin/AI/GDPR | Bearer JWT token |
Content-Type | POST/PUT/PATCH | application/json |
X-Idempotency-Key | Write operations | Unique UUID for duplicate request prevention (24h TTL) |
X-Tenant-ID | Recommended | Tenant UUID for multi-tenant context |
x-request-id | No | Request trace ID (UUID), auto-generated if absent |
Rate Limiting
All endpoints are rate-limited using a sliding window algorithm. Exceeding the limit returns a 429 response with a Retry-After header.
| Category | Window | Max Requests |
|---|---|---|
| Public status endpoints | 1 minute | 100-200 |
| Public uptime/history | 1 minute | 50 |
| Subscription endpoints | 1 minute | 3-10 |
| Admin endpoints | 1 minute | 60 |
| AI endpoints | 1 minute | 10-20 |
Response Envelope
{
"data": { ... },
"error": null,
"page": {
"next_cursor": "eyJwYWdlIjoyLCJsaW1pdCI6MjB9",
"has_more": true,
"limit": 20
},
"meta": {
"request_id": "550e8400-e29b-41d4-a716-446655440000",
"service": "status-svc",
"timestamp": "2026-02-24T12:00:00.000Z"
}
}