System¶
System endpoints provide health checks, authentication configuration, and current user information. Health and Auth Config endpoints do not require authentication, making them suitable for monitoring and client bootstrapping.
| Endpoint | Auth Required | Description |
|---|---|---|
| Health | No | Basic health check |
| Readiness | No | Database and service readiness |
| Liveness | No | Process liveness probe |
| Version | No | Application version |
| Auth Config | No | OIDC client discovery configuration |
| User Info | Yes | Current authenticated user details |
Health¶
Returns a basic health status indicating the application is running.
Examples¶
Response¶
Readiness¶
Checks whether JIM is ready to accept requests. Verifies database connectivity and checks maintenance mode status.
Tip
Use this endpoint as a Kubernetes readiness probe or load balancer health check.
Examples¶
Response¶
When not ready:
Liveness¶
Simple liveness check confirming the process is running.
Tip
Use this endpoint as a Kubernetes liveness probe.
Examples¶
Response¶
Version¶
Returns the JIM application version.
Examples¶
Response¶
Auth Config¶
Returns the OIDC/OAuth configuration needed for client applications to initiate authentication. This is used by the JIM web UI and can be used by custom integrations.
Examples¶
Response¶
{
"authority": "https://login.example.com",
"clientId": "jim-client-id",
"scopes": ["openid", "profile", "email"],
"responseType": "code",
"usePkce": true,
"codeChallengeMethod": "S256"
}
| Field | Type | Description |
|---|---|---|
authority |
string | OIDC authority URL |
clientId |
string | OAuth client ID |
scopes |
array | OAuth scopes to request |
responseType |
string | OAuth response type (always code) |
usePkce |
boolean | Whether PKCE is required (always true) |
codeChallengeMethod |
string | PKCE challenge method (always S256) |
User Info¶
Returns information about the currently authenticated user, including their roles and authorisation status.
Note
This endpoint requires authentication but does not require the Administrator role. Any authenticated user or API key can call it.
Examples¶
Response¶
Authorised user:
{
"authorised": true,
"isAdministrator": true,
"name": "Jane Smith",
"authMethod": "oauth",
"metaverseObjectId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"roles": ["Administrator"]
}
Authenticated but not authorised (no JIM identity):
{
"authorised": false,
"isAdministrator": false,
"name": "Unknown User",
"authMethod": "oauth",
"metaverseObjectId": null,
"roles": [],
"message": "Authenticated but no matching JIM identity found. Contact your administrator."
}
| Field | Type | Description |
|---|---|---|
authorised |
boolean | Whether the user has a JIM identity and can access the system |
isAdministrator |
boolean | Whether the user has the Administrator role |
name |
string | Display name |
authMethod |
string | oauth or api_key |
metaverseObjectId |
guid, nullable | The user's metaverse object ID (null if not authorised) |
roles |
array | Role names assigned to the user |
message |
string, nullable | Additional context (present when not authorised) |
Errors¶
| Status | Code | Description |
|---|---|---|
401 |
UNAUTHORISED |
Authentication required |