Applications API¶
Applications represent microservices, modules, or any system component that creates or receives events in Amebo. Each application must be registered before it can publish events or receive notifications.
Endpoints¶
| Method | Endpoint | Description |
|---|---|---|
GET | /v1/applications | List all applications |
POST | /v1/applications | Register a new application |
PUT | /v1/applications/:id | Update an application |
Application Schema¶
{
"type": "object",
"properties": {
"application": {
"type": "string",
"description": "Unique application identifier",
"pattern": "^[a-zA-Z0-9_-]+$",
"minLength": 1,
"maxLength": 100
},
"address": {
"type": "string",
"description": "Base URL or hostname for the application",
"format": "uri"
},
"secret": {
"type": "string",
"description": "Secret key for webhook authentication",
"minLength": 8,
"maxLength": 255
}
},
"required": ["application", "address", "secret"],
"additionalProperties": false
}
List Applications¶
Retrieve all registered applications.
{
"data": [
{
"rowid": 1,
"application": "user-service",
"address": "https://api.example.com",
"secret": "webhook-secret-key",
"timestamped": "2024-12-10T10:30:00Z"
},
{
"rowid": 2,
"application": "notification-service",
"address": "https://notifications.example.com",
"secret": "another-secret-key",
"timestamped": "2024-12-10T11:15:00Z"
}
],
"meta": {
"total": 2,
"page": 1,
"per_page": 20
}
}
Query Parameters¶
| Parameter | Type | Description | Default |
|---|---|---|---|
page | integer | Page number | 1 |
per_page | integer | Items per page (max 100) | 20 |
search | string | Search in application names | - |
sort | string | Sort field (application, timestamped) | timestamped |
order | string | Sort order (asc, desc) | desc |
Register Application¶
Register a new application in Amebo.
Validation Rules¶
- application: Must be unique, alphanumeric with hyphens/underscores
- address: Must be a valid URL (HTTP/HTTPS)
- secret: Minimum 8 characters, used for webhook authentication
Update Application¶
Update an existing application's details.
Partial Updates
You can update individual fields. The application name cannot be changed.
Examples¶
Microservices Registration¶
Bulk Registration¶
#!/bin/bash
# Register multiple applications
APPLICATIONS=(
"user-service:https://users.myapp.com:user-secret"
"order-service:https://orders.myapp.com:order-secret"
"inventory-service:https://inventory.myapp.com:inventory-secret"
"email-service:https://email.myapp.com:email-secret"
)
for app_data in "${APPLICATIONS[@]}"; do
IFS=':' read -r app address secret <<< "$app_data"
curl -X POST http://localhost/v1/applications \
-H "Content-Type: application/json" \
-d "{
\"application\": \"$app\",
\"address\": \"$address\",
\"secret\": \"$secret\"
}"
echo "Registered: $app"
done
Security Considerations¶
Secret Management¶
- Rotation: Regularly rotate webhook secrets
- Strength: Use strong, unique secrets for each application
- Storage: Store secrets securely in your application
Webhook Authentication¶
Applications should verify webhook authenticity:
import hmac
import hashlib
def verify_webhook(payload, signature, secret):
expected = hmac.new(
secret.encode(),
payload.encode(),
hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected}", signature)
# In your webhook handler
if verify_webhook(request.body, request.headers['X-Amebo-Signature'], webhook_secret):
# Process webhook
pass
else:
# Reject webhook
return 401
Error Handling¶
Common error scenarios and responses:
Best Practices¶
- Naming Convention: Use kebab-case for application names
- URL Format: Always use HTTPS in production
- Secret Rotation: Implement regular secret rotation
- Monitoring: Monitor application registration and updates
- Documentation: Document all registered applications
Related APIs¶
- Actions API - Define event types for applications
- Events API - Publish events from applications
- Subscriptions API - Subscribe to events from other applications