API Reference
Status: Current
Last reviewed: 2026-05-10
This page reflects routes registered in nexus-backend/src/main.rs.
Base URLs
Default local endpoints:
text
REST: http://localhost:8081/api
gRPC: http://localhost:50051The backend Docker Compose file currently maps gRPC port 50051. If REST is run only inside the backend container, expose 8081 explicitly or run the backend locally.
Authentication
Public:
| Method | Path | Handler |
|---|---|---|
| POST | /api/auth/login | api::auth::login |
Protected routes require the backend auth middleware.
REST Routes
Auth
| Method | Path | Handler |
|---|---|---|
| GET | /api/auth/users | api::auth::list_users |
| POST | /api/auth/users | api::auth::create_user |
Nodes
| Method | Path | Handler |
|---|---|---|
| GET | /api/nodes | api::nodes::list_nodes |
| POST | /api/nodes | api::nodes::create_node |
| GET | /api/nodes/links | api::nodes::list_node_links |
| GET | /api/nodes/{id} | api::nodes::get_node |
| PUT | /api/nodes/{id} | api::nodes::update_node |
| DELETE | /api/nodes/{id} | api::nodes::delete_node |
| POST | /api/nodes/{name}/config | api::config_push::push_node_config |
Routes
Legacy route APIs still exist for compatibility.
| Method | Path | Handler |
|---|---|---|
| GET | /api/routes | api::routes::list_routes |
| POST | /api/routes | api::routes::create_route |
| GET | /api/routes/{id} | api::routes::get_route |
| PUT | /api/routes/{id} | api::routes::update_route |
| DELETE | /api/routes/{id} | api::routes::delete_route |
| GET | /api/routes/{id}/hops | api::routes::get_route_hops |
L4 Chains
L4 chains are the current primary gateway workflow.
| Method | Path | Handler |
|---|---|---|
| GET | /api/l4-chains | api::tunnel_chains::list_chains |
| POST | /api/l4-chains | api::tunnel_chains::create_chain |
| GET | /api/l4-chains/{id} | api::tunnel_chains::get_chain |
| PUT | /api/l4-chains/{id} | api::tunnel_chains::update_chain |
| DELETE | /api/l4-chains/{id} | api::tunnel_chains::delete_chain |
| POST | /api/l4-chains/{id}/deploy | api::tunnel_chains::deploy_chain_handler |
L4 Upstreams
| Method | Path | Handler |
|---|---|---|
| GET | /api/l4-upstreams | api::upstreams::list_upstreams |
| POST | /api/l4-upstreams | api::upstreams::create_upstream |
| GET | /api/l4-upstreams/{id} | api::upstreams::get_upstream |
| PUT | /api/l4-upstreams/{id} | api::upstreams::update_upstream |
| DELETE | /api/l4-upstreams/{id} | api::upstreams::delete_upstream |
TLS Certificates
| Method | Path | Handler |
|---|---|---|
| GET | /api/certs | api::tls::list_certs |
| POST | /api/certs | api::tls::create_cert |
| POST | /api/certs/generate | api::tls::generate_cert |
| GET | /api/certs/{id} | api::tls::get_cert |
| DELETE | /api/certs/{id} | api::tls::delete_cert |
Encryption Credentials
| Method | Path | Handler |
|---|---|---|
| GET | /api/enc-keys | api::enc_keys::list_enc_keys |
| POST | /api/enc-keys | api::enc_keys::create_enc_key |
| DELETE | /api/enc-keys/{id} | api::enc_keys::delete_enc_key |
Credential types are unified under enc_keys.key_type and metadata:
udp_noisetls_certreality
Audit
| Method | Path | Handler |
|---|---|---|
| GET | /api/audit | api::audit::list_audit_logs |
| POST | /api/audit/{id}/revert | api::audit::revert_audit_entry |
Dashboard
| Method | Path | Handler |
|---|---|---|
| GET | /api/dashboard/stats | api::dashboard::get_dashboard_stats |
gRPC Services
Current agent service is defined in common/proto/agent.proto.
| RPC | Direction | Purpose |
|---|---|---|
Register | unary | Agent registration. |
Heartbeat | bidirectional stream | Keepalive, health metrics, and commands. |
StreamConfig | server stream | Backend pushes config updates to an agent. |
ReportMetrics | unary | Agent reports metrics snapshots. |