Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 2. Interacting with the API

Secure your interaction with the OpenShift Lightspeed API by obtaining authentication tokens, configuring request headers for Model Context Protocol (MCP) servers, and troubleshooting common authentication errors.

2.1. Authenticate API requests
Copiar enlace

Authenticate every request to a protected OpenShift Lightspeed endpoint by including a bearer token in the Authorization header to ensure secure access to the API.

Procedure

  1. Set the Authorization header using the following format: 

    Authorization: Bearer <token>

  2. Submit the request. The following example demonstrates a query sent through curl: 

    curl -H "Authorization: Bearer ${TOKEN}" \
     -H "Content-Type: application/json" \
     https://<ols_host>/v1/query \
     -d '{"query": "How do I create a deployment?"}'

2.2. Provide authentication for MCP servers
Copiar enlace

Authenticate proxy calls to Model Context Protocol (MCP) servers by identifying required headers and including credentials in your API request body.

Procedure

  1. Identify required headers by calling the following endpoint:

    GET /v1/mcp/client-auth-headers

  2. Include the required credentials in the mcp_headers field of your JSON request body: 

    {
  "query": "Show GitHub issues",
  "mcp_headers": {
    "github-mcp": {"Authorization": "Bearer <github_token>"}
  }
}

2.3. OpenShift Lightspeed API authentication requirements
Copiar enlace

The following table lists the OpenShift Lightspeed endpoints and their authentication requirements.

Expand
EndpointMethodAuthentication RequiredVirtual Path

/v1/query

POST

Yes

/ols-access

/v1/streaming_query

POST

Yes

/ols-access

/v1/conversations

GET, PUT, DELETE

Yes

/ols-access

/v1/feedback

POST

Yes

/ols-access

/v1/mcp-apps/resources

POST

Yes

/ols-access

/v1/mcp-apps/tools/call

POST

Yes

/ols-access

/authorized

POST

Yes

/ols-access

/metrics

GET

No

/readiness

GET

No

/liveness

GET

No

2.4. Access the OpenShift Lightspeed REST API directly
Copiar enlace

You can integrate Red Hat OpenShift Lightspeed with external tools and scripts by using the OpenShift Lightspeed REST API. Use the versioned endpoints to programmatically interact with the service and extend its capabilities into your existing workflows.

All versioned API endpoints use the /v1 path, such as, https://<route-host>/v1/<endpoint>.

Important

Direct API access supports up to 100 concurrent connections. Behavior beyond this limit is currently unsupported.

Prerequisites

  • OpenShift Lightspeed is installed and running thorugh the OpenShift Lightspeed Operator.
  • You have oc or kubectl CLI access to the cluster.
  • You have exposed the lightspeed-app-server service by using an OpenShift route.
  • You have the ols-user ClusterRole.

2.4.1. Authenticate with the API
Copiar enlace

To interact with the OpenShift Lightspeed API, you must use token-based authentication. The Service validates your identity through a Kubernetes TokenReview and SubjectAccessReview (SAR) against the /ols-access URL. Every request must include a valid OpenShift bearer token in the Authorization header.

Procedure

  1. Grant the ols-user role by using any of the following code:

    • To the user: 

      oc adm policy add-cluster-role-to-user ols-user _<username>_

    • To the Service account: 

      oc adm policy add-cluster-role-to-user ols-user \
  system:serviceaccount:_<namespace>_:_<service_account_name>_

  2. Obtain a bearer token for your authentication method by any of the following ways:

    • For your own user: 

      TOKEN=$(oc whoami -t)

    • For a Service account: 

      TOKEN=$(oc create token <service_account_name> -n <namespace>)

Verification

  • Confirm the token is valid by querying the /authorized endpoint: 

    curl -k -X POST "https://${OLS_HOST}/authorized" \
  -H "Authorization: Bearer ${TOKEN}"

2.4.2. OpenShift Lightspeed API endpoints reference
Copiar enlace

The following versioned endpoints allow you to interact with the Service, manage conversation history, and submit user feedback.

Expand
EndpointDescription

POST /v1/query

Sends a prompt to the LLM. Required field: query. Optional fields: conversation_id, provider, model, attachments.

POST /v1/streaming_query

Delivers responses as a server-sent events (SSE) stream. Supports types: text, tool_call, tool_result, approval_required, reasoning, and end.

GET /v1/conversations

Lists conversation IDs, summaries, and message counts for the user.

GET /v1/conversations/{id}

Retrieves history for a specific conversation.

DELETE /v1/conversations/{id}

Deletes a specific conversation history.

POST /v1/feedback

Submits sentiment (1 or -1) or text feedback. Feedback must be enabled in the OLS configuration.

2.4.3. Supported attachment formats
Copiar enlace

To provide extra context such as logs or configurations, you must include an attachments array in the POST /v1/query request body.

Expand
Attachment typeDetails

Logs

Use the text/plain content type.

Configurations

Use the application/yaml content type. If the YAML includes a kind and metadata.name, the large language model (LLM) treats it as a named Kubernetes resource.

2.4.4. OpenShift Lightspeed API error handling
Copiar enlace

The OpenShift Lightspeed API returns JSON objects that contain a detail field with a response and a cause.

Expand
Status codeDescription

401

Unauthorized. The request is missing a token or the token is invalid.

403

Forbidden. The user lacks the ols-user cluster role.

413

Payload too large. The prompt exceeds the large language model (LLM) context window.

503

Service unavailable. The Service or LLM is still initializing.

Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Legal Notice

Theme

© 2026 Red HatVolver arriba