Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 2. Interacting with the API

Secure your interaction with the OpenShift Lightspeed API by obtaining authentication tokens, configuring request headers for Model Context Protocol (MCP) servers, and troubleshooting common authentication errors.

2.1. Authenticate API requests
Copia collegamento

Authenticate every request to a protected OpenShift Lightspeed endpoint by including a bearer token in the Authorization header to ensure secure access to the API.

Procedure

  1. Set the Authorization header using the following format: 

    Authorization: Bearer <token>

  2. Submit the request. The following example demonstrates a query sent through curl: 

    curl -H "Authorization: Bearer ${TOKEN}" \
     -H "Content-Type: application/json" \
     https://<ols_host>/v1/query \
     -d '{"query": "How do I create a deployment?"}'

2.2. Provide authentication for MCP servers
Copia collegamento

Authenticate proxy calls to Model Context Protocol (MCP) servers by identifying required headers and including credentials in your API request body.

Procedure

  1. Identify required headers by calling the following endpoint:

    GET /v1/mcp/client-auth-headers

  2. Include the required credentials in the mcp_headers field of your JSON request body: 

    {
  "query": "Show GitHub issues",
  "mcp_headers": {
    "github-mcp": {"Authorization": "Bearer <github_token>"}
  }
}

2.3. OpenShift Lightspeed API authentication requirements
Copia collegamento

The following table lists the OpenShift Lightspeed endpoints and their authentication requirements.

Expand
EndpointMethodAuthentication RequiredVirtual Path

/v1/query

POST

Yes

/ols-access

/v1/streaming_query

POST

Yes

/ols-access

/v1/conversations

GET, PUT, DELETE

Yes

/ols-access

/v1/feedback

POST

Yes

/ols-access

/v1/mcp-apps/resources

POST

Yes

/ols-access

/v1/mcp-apps/tools/call

POST

Yes

/ols-access

/authorized

POST

Yes

/ols-access

/metrics

GET

No

/readiness

GET

No

/liveness

GET

No

2.4. Access the OpenShift Lightspeed REST API directly
Copia collegamento

You can integrate Red Hat OpenShift Lightspeed with external tools and scripts by using the OpenShift Lightspeed REST API. Use the versioned endpoints to programmatically interact with the service and extend its capabilities into your existing workflows.

All versioned API endpoints use the /v1 path, such as, https://<route-host>/v1/<endpoint>.

Important

Direct API access supports up to 100 concurrent connections. Behavior beyond this limit is currently unsupported.

Prerequisites

  • OpenShift Lightspeed is installed and running thorugh the OpenShift Lightspeed Operator.
  • You have oc or kubectl CLI access to the cluster.
  • You have exposed the lightspeed-app-server service by using an OpenShift route.
  • You have the ols-user ClusterRole.

2.4.1. Authenticate with the API
Copia collegamento

To interact with the OpenShift Lightspeed API, you must use token-based authentication. The Service validates your identity through a Kubernetes TokenReview and SubjectAccessReview (SAR) against the /ols-access URL. Every request must include a valid OpenShift bearer token in the Authorization header.

Procedure

  1. Grant the ols-user role by using any of the following code:

    • To the user: 

      oc adm policy add-cluster-role-to-user ols-user _<username>_

    • To the Service account: 

      oc adm policy add-cluster-role-to-user ols-user \
  system:serviceaccount:_<namespace>_:_<service_account_name>_

  2. Obtain a bearer token for your authentication method by any of the following ways:

    • For your own user: 

      TOKEN=$(oc whoami -t)

    • For a Service account: 

      TOKEN=$(oc create token <service_account_name> -n <namespace>)

Verification

  • Confirm the token is valid by querying the /authorized endpoint: 

    curl -k -X POST "https://${OLS_HOST}/authorized" \
  -H "Authorization: Bearer ${TOKEN}"

2.4.2. OpenShift Lightspeed API endpoints reference
Copia collegamento

The following versioned endpoints allow you to interact with the Service, manage conversation history, and submit user feedback.

Expand
EndpointDescription

POST /v1/query

Sends a prompt to the LLM. Required field: query. Optional fields: conversation_id, provider, model, attachments.

POST /v1/streaming_query

Delivers responses as a server-sent events (SSE) stream. Supports types: text, tool_call, tool_result, approval_required, reasoning, and end.

GET /v1/conversations

Lists conversation IDs, summaries, and message counts for the user.

GET /v1/conversations/{id}

Retrieves history for a specific conversation.

DELETE /v1/conversations/{id}

Deletes a specific conversation history.

POST /v1/feedback

Submits sentiment (1 or -1) or text feedback. Feedback must be enabled in the OLS configuration.

2.4.3. Supported attachment formats
Copia collegamento

To provide extra context such as logs or configurations, you must include an attachments array in the POST /v1/query request body.

Expand
Attachment typeDetails

Logs

Use the text/plain content type.

Configurations

Use the application/yaml content type. If the YAML includes a kind and metadata.name, the large language model (LLM) treats it as a named Kubernetes resource.

2.4.4. OpenShift Lightspeed API error handling
Copia collegamento

The OpenShift Lightspeed API returns JSON objects that contain a detail field with a response and a cause.

Expand
Status codeDescription

401

Unauthorized. The request is missing a token or the token is invalid.

403

Forbidden. The user lacks the ols-user cluster role.

413

Payload too large. The prompt exceeds the large language model (LLM) context window.

503

Service unavailable. The Service or LLM is still initializing.

Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Legal Notice

Theme

© 2026 Red HatTorna in cima