ores.http.api

ores.http.api is the primary HTTP infrastructure library for ORE Studio. It provides an asynchronous HTTP/1.1 server built on Boost.Beast and Boost.Asio, JWT authentication middleware (parsing, validation, and claims extraction), path-based routing, an OpenAPI endpoint registry, and all domain types for HTTP request/response and JWT claims. This is the foundation for the REST-API surface exposed to external clients (web, mobile) alongside the NATS-based internal API.

• Incoming HTTP requests on the configured TCP port.
• JWT tokens in the Authorization: Bearer header for authenticated routes.
• Configuration: bind address, port, JWT public key.

• HTTP responses to clients.
• Parsed JWT claims injected into request context for downstream handlers.
• OpenAPI endpoint registry used to generate openapi.json at runtime.

• include/ores.http.api/net/http_server.hpp — server lifecycle management.
• include/ores.http.api/net/router.hpp — route registration and dispatch.
• include/ores.http.api/domain/ — HTTP and JWT domain types.
• include/ores.http.api/openapi/ — OpenAPI endpoint registry.
• include/ores.http.api/messaging/ — any NATS protocol schemas for HTTP bridge.

• Boost.Beast, Boost.Asio — async HTTP server.
• nlohmann/json or rfl — JWT claim serialisation.
• ores.iam.api — JWT claims types aligned with IAM sessions.

• ores.http.core — concrete route implementations (IAM, assets, risk, etc.).
• ores.http.server — server entrypoint.