REST API Reference

The QBITEL Bridge AI Engine exposes a FastAPI-powered REST API on port 8000. Interactive API documentation is available at /docs (Swagger UI).

Base URL

http://localhost:8000/api/v1

Authentication

All API endpoints require authentication via API key or JWT token:

# API Key
X-API-Key: your_api_key_here

# JWT Bearer Token
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Health Check

GET /health

Check the health status of the AI Engine and its dependencies.

curl http://localhost:8000/health

Response:

{
  "status": "healthy",
  "version": "1.0.0",
  "components": {
    "ai_engine": "ready",
    "database": "connected",
    "llm": "available"
  }
}

Protocol Discovery

POST /api/v1/discover

Discover protocols from base64-encoded network traffic data.

Request Body:

{
  "packet_data": [
    "R0VUIC9hcGkvdXNlcnMgSFRUUC8xLjE=",
    "UE9TVCAvYXBpL2xvZ2luIEhUVFAvMS4x"
  ],
  "metadata": {
    "source": "manual_capture",
    "confidence_threshold": 0.7
  }
}

Response:

{
  "success": true,
  "request_id": "req_12345",
  "processing_time_ms": 245,
  "discovered_protocols": [
    {
      "id": "proto_001",
      "name": "http_variant_1",
      "confidence": 0.94,
      "grammar": { ... },
      "parser": { ... },
      "validation_rules": [ ... ]
    }
  ]
}

POST /api/v1/detect-fields

Detect fields in a protocol message.

Request Body:

{
  "packet_data": "R0VUIC9hcGkvdXNlcnMgSFRUUC8xLjE="
}

Response:

{
  "fields": [
    {
      "name": "method",
      "type": "string",
      "value": "GET",
      "offset": 0,
      "length": 3
    },
    {
      "name": "path",
      "type": "string",
      "value": "/api/users",
      "offset": 4,
      "length": 10
    }
  ]
}

Protocol Copilot

POST /api/v1/copilot/query

Query the Protocol Copilot with natural language questions about protocols, grammars, or security.

{
  "query": "Explain the grammar rules for the discovered HTTP variant",
  "session_id": "session_abc123"
}

Zero-Touch Security

POST /api/v1/zero-touch/analyze

Submit a security event for autonomous threat analysis and response.

GET /api/v1/zero-touch/decisions

List recent security decisions with confidence scores and actions taken.

Compliance

POST /api/v1/compliance/reports/generate

Generate a compliance assessment report for a specified framework (SOC 2, GDPR, HIPAA, etc.).

GET /api/v1/compliance/frameworks

List all supported compliance frameworks.

Protocol Marketplace

GET /api/v1/marketplace/protocols/search

Search available protocol definitions in the marketplace.

POST /api/v1/marketplace/protocols

Submit a new protocol definition to the marketplace.

Error Handling

All errors follow a consistent format:

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid traffic data format",
    "details": { ... }
  }
}

HTTP Status	Meaning
400	Bad Request -- invalid input
401	Unauthorized -- invalid or missing credentials
403	Forbidden -- insufficient permissions
404	Not Found -- resource does not exist
429	Too Many Requests -- rate limit exceeded
500	Internal Server Error

Rate Limiting

API requests are rate-limited per API key. Rate limit headers are included in every response:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1700000000

Next Steps

• gRPC API Reference -- high-performance gRPC services
• Authentication -- JWT, API keys, and mTLS configuration
• First Discovery Tutorial -- hands-on API walkthrough