Admin Dashboard — Sync Contract

Status: populated Owner: Platform Engineering (Frontend) Last updated: 2026-04-18

1. Overview

All communication is synchronous REST over HTTPS through Kong admin routes. The dashboard also performs periodic polling (30s) for real-time metric updates.

2. Kong Admin Routes Consumed

All routes pass through Kong. Internal routes use the prefix /v1/internal/ and require the admin role claim in the JWT.

Auth Service

Method	Kong Route	Auth
GET	`/v1/internal/auth/me`	Firebase ID token (pre-login exchange)
POST	`/v1/auth/refresh`	Refresh token cookie
GET	`/v1/internal/users`	Bearer JWT (`admin`)
POST	`/v1/internal/users`	Bearer JWT (`admin`)
PUT	`/v1/internal/users/{userId}/status`	Bearer JWT (`admin`)
DELETE	`/v1/internal/users/{userId}`	Bearer JWT (`admin`)

Analytics Service

Method	Kong Route	Polled?
GET	`/v1/internal/analytics/summary`	Yes (30s)
GET	`/v1/internal/analytics/throughput`	Yes (30s)
GET	`/v1/internal/analytics/delivery-breakdown`	Yes (30s)
GET	`/v1/internal/analytics/top-operators`	Yes (30s)

Operator Management Service

Method	Kong Route	Auth
GET	`/v1/internal/operators`	Bearer JWT
GET	`/v1/internal/operators/{id}`	Bearer JWT
POST	`/v1/internal/operators`	Bearer JWT
PUT	`/v1/internal/operators/{id}`	Bearer JWT
DELETE	`/v1/internal/operators/{id}`	Bearer JWT
GET	`/v1/internal/operators/{id}/health`	Bearer JWT

Routing Engine

Method	Kong Route	Auth
GET	`/v1/internal/routing/rules`	Bearer JWT
POST	`/v1/internal/routing/rules`	Bearer JWT
PUT	`/v1/internal/routing/rules/{id}`	Bearer JWT
DELETE	`/v1/internal/routing/rules/{id}`	Bearer JWT
POST	`/v1/internal/routing/rules/reorder`	Bearer JWT

Message Store

Method	Kong Route	Auth
GET	`/v1/internal/messages`	Bearer JWT
GET	`/v1/internal/messages/{id}`	Bearer JWT

Billing Service

Method	Kong Route	Auth
GET	`/v1/internal/billing/invoices`	Bearer JWT
GET	`/v1/internal/billing/invoices/{id}`	Bearer JWT
GET	`/v1/internal/billing/pricing`	Bearer JWT
PUT	`/v1/internal/billing/pricing`	Bearer JWT

System Health

Method	Kong Route	Polled?
GET	`/v1/internal/health/services`	Yes (30s)
GET	`/v1/internal/health/services/{name}`	On demand

3. JWT Contract

Kong validates the admin JWT using JWKS from auth-service. Required claims:

Claim	Value
`roles`	Must contain `admin`
`sub`	Admin user ID
`email`	Admin email (for audit trail headers)
`exp`	Expiry (1h)
`iss`	`https://api.ghasi.io`

Kong injects X-Admin-User-Id and X-Admin-Email headers on internal routes for audit logging by downstream services.

4. Polling Contract

Endpoint group	Interval	Paused when
Analytics summary + throughput + breakdown + top-operators	30s	Tab hidden
Health services	30s	Tab hidden

All polling calls share a single AbortController signal; tabs becoming hidden abort in-flight requests.

5. Rate Limits

Route Group	Limit	Window
Internal admin routes	300 req	per minute per admin user
Operator mutation (POST/PUT/DELETE)	30 req	per minute
Billing pricing update	5 req	per minute

1. Overview​

2. Kong Admin Routes Consumed​

Auth Service​

Analytics Service​

Operator Management Service​

Routing Engine​

Message Store​

Billing Service​

System Health​

3. JWT Contract​

4. Polling Contract​

5. Rate Limits​