Skip to main content
The admin endpoints give you operational control over a running InferenceWall instance: hot-reload configuration without downtime, view request statistics, and inspect the active runtime settings.
All admin endpoints require the admin API key (iwk_admin_ prefix). Requests made with a scan key return 401 Unauthorized.

POST /v1/admin/reload

Hot-reload signatures and policies from disk without restarting the server. Use this after adding custom signatures or changing your policy file — changes take effect immediately.

Example

curl -X POST http://localhost:8000/v1/admin/reload \
  -H "Authorization: Bearer iwk_admin_YOUR_KEY"

{
  "status": "ok",
  "signature_count": 102,
  "message": "Signatures and policies reloaded successfully."
}
After calling /v1/admin/reload, confirm the changes by calling GET /v1/signatures to verify your new signatures appear, or GET /v1/policies to verify threshold changes.

GET /v1/admin/stats

Retrieve system statistics for the running instance, including request counts, decision distribution, and block rates.

Example

curl http://localhost:8000/v1/admin/stats \
  -H "Authorization: Bearer iwk_admin_YOUR_KEY"

{
  "requests_total": 48210,
  "decisions": {
    "allow": 46503,
    "flag": 1291,
    "block": 416
  },
  "block_rate": 0.0086,
  "uptime_secs": 86400
}

Response fields

requests_total
number
Total number of scan requests processed since the server started.
decisions
object
Breakdown of decisions by verdict.
block_rate
number
Fraction of all requests that resulted in a block decision (0.0–1.0).
uptime_secs
number
Server uptime in seconds since the last start.

GET /v1/config

Read the active runtime configuration, including environment variable values and resolved settings.

Example

curl http://localhost:8000/v1/config \
  -H "Authorization: Bearer iwk_admin_YOUR_KEY"

{
  "host": "0.0.0.0",
  "port": 8000,
  "profile": "standard",
  "log_level": "info",
  "tls": "off",
  "signatures_dir": "/home/user/.inferwall/signatures",
  "policy_path": "/home/user/.inferwall/policies/my-policy.yaml",
  "redis_url": null
}

Response fields

host
string
The host address InferenceWall is bound to (IW_HOST).
port
number
The port InferenceWall is listening on (IW_PORT).
profile
string
The active deployment profile: lite, standard, or full (IW_PROFILE).
log_level
string
The active log level (IW_LOG_LEVEL).
tls
string
TLS mode: auto, off, or a path to a certificate (IW_TLS).
signatures_dir
string
Resolved path to the custom signatures directory (IW_SIGNATURES_DIR).
policy_path
string
Resolved path to the active policy file (IW_POLICY_PATH).
redis_url
string
Redis URL for distributed sessions, or null if not configured (IW_REDIS_URL).