Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Gateway Overview

The stitchd-gateway is the single public entry point for all stitchd traffic. It is an Axum-based HTTP/gRPC server that authenticates requests, then proxies them to the appropriate internal gRPC service.

Ports

ProtocolDefault PortPurpose
HTTP/REST8080SDK evaluation, event ingestion, admin management
gRPC50050Definition-sync streaming (FlagSyncService) for SDK clients

Routing Rules

Incoming requests are dispatched by path prefix:

Path PrefixAuthUpstream Service
POST /v1/auth/loginnonestitchd-auth-service
/v1/admin/**Bearer JWT (system-org only)stitchd-auth-service
/v1/management/**Bearer JWTstitchd-auth-service / stitchd-flag-service
/v1/environments/{id}/evaluatex-sdk-keystitchd-flag-service
/v1/environments/{id}/eventsx-sdk-key or Bearer JWTstitchd-event-service
/v1/environments/{id}/segments/**x-sdk-key or Bearer JWTstitchd-segmentation-service
/v1/environments/{id}/flags/**Bearer JWTstitchd-flag-service
/v1/environments/{id}/experiments/**Bearer JWTstitchd-experimentation-service
/v1/environments/{id}/event-definitions/**Bearer JWTstitchd-event-service

Auth Header Matrix

Route groupHeader requiredValue
SDK routes (evaluate, ingest events, list-check)x-sdk-keyEnvironment SDK key
Admin & management routesAuthorizationBearer <jwt>
Flag / segment / event / experiment CRUDAuthorizationBearer <jwt>
Loginnone

The gateway validates JWT tokens by calling stitchd-auth-service.ValidateToken. SDK keys are verified against the environment record in stitchd-flag-service.

Error Envelope

All REST error responses use a JSON envelope:

{
  "error": "human-readable message",
  "code": "GRPC_STATUS_NAME"
}

HTTP status codes map from gRPC status codes:

gRPC StatusHTTP Status
NOT_FOUND404
UNAUTHENTICATED401
PERMISSION_DENIED403
INVALID_ARGUMENT400
UNAVAILABLE502
INTERNAL500

What’s New Since the Monolith

The gateway adds the following endpoints that did not exist in stitchd-server:

EndpointDescription
POST /v1/environments/{id}/events/batchBulk event ingestion in a single request
POST /v1/environments/{id}/segments/batch-list-checkBulk segment membership check
GET/POST/PUT/DELETE /v1/environments/{id}/experiments/**Full experimentation CRUD
GET/POST/PUT/DELETE /v1/environments/{id}/event-definitions/**Event definition management
PUT /v1/environments/{id}/flags/{key}/hashingPer-flag hashing configuration