/api/health, /api/ready, not /api/v1/*) and are the only routes that skip
tenant + RBAC auth. Each is per-IP rate limited to 100 requests / minute (returns 429 with a
Retry-After header when exceeded).
GET /api/health
Liveness check. Probes the database, the Redis/cache layer, and the circuit breakers. Status logic:- Database down →
status: "degraded", HTTP 503. - Cache down or any circuit breaker open →
status: "degraded", HTTP 200 (serving, degraded). - Otherwise →
status: "ok", HTTP 200.
Response 200
status: "degraded",
database: "error", and HTTP 503. uptime is the process uptime in seconds.
GET /api/ready
Readiness probe. Checks database and cache connectivity and reports each dependency individually.- Database disconnected → not ready (
503). - Cache disconnected (ping returned falsy) → not ready (
503). - Cache unavailable (probe threw) → not fatal; readiness still passes on the database alone.
Response 200
status: "degraded" with HTTP 503 and the
failing check marked "disconnected" (or "unavailable" if the cache probe threw).