Routes (or endpoints) allow access to the various XYZ backend services. Routes can be public or private. Private routes require a signed access token. Admin routes require a signed token for an admin user account.
The client interface is served from the root / endpoint. The root / path can be set with the "DIR" host environment setting.
The majority of XYZ endpoints are get requests. Post requests are used where it is necessary to transfer JSON from the client to the backend.


Private endpoints require a token. By default a token will expire after 120 seconds. The client code will request to renew its token every 60 seconds. The client will stop the renewal cycle if a request to renew the current token fails.
API token can be used for API endpoints instead of the client token. An API token will not timeout and must not be renewed.

Login views

Login views hold forms which are used to securely post user credentials between the client and XYZ backend.


The login view is used to sent a /login post request to the backend. A successful /login post request will resolve in a signed access token for the user which will be used to decorate a redirect to the application root /.


The registration view holds a form which is used to compose a /register post request to the backend. A successful /register post request will store a new user account in the ACL and redirect the client back to the login view.

Admin views

Additional view paths exist to open specific admin interfaces.


The admin user interface which allows administrator to approve and delete user accounts.


Allows administrator to upload workspace files or modify the workspace which is currently loaded in the process memory. The workspace is presented in a jsoneditor tree view.


This view presents the workspace as formated JSON. Administrator may upload workspace files or modify the JSON of the workspace currently loaded in the XYZ process memory.
It is envisioned to incorporate all views into the root application view post v1 release.
Last modified 3yr ago