DCI API server infrastructure for receiving and processing Digital Convergence Initiative (DCI) requests. Provides FastAPI endpoints for registry search, subscriptions, and event notifications with HTTP signature verification, asynchronous processing via queue_job, and JWKS-based public key distribution.
- FastAPI Endpoints: Exposes DCI-compliant REST API at
/dci_api/v1with automatic OpenAPI documentation - HTTP Signature Verification: Validates inbound requests using Ed25519/RSA signatures against sender public keys
- Async Transaction Processing: Queues search, subscribe, and unsubscribe operations for background processing with automatic callbacks
- Event Subscriptions: Manages external system subscriptions to registry events (registration, update, delete) with notification delivery
- JWKS Distribution: Publishes server public keys at
/.well-known/jwks.jsonfor signature verification by clients - Rate Limiting: Enforces per-sender request limits (per-minute and per-day) with automatic counter resets
- Callback Retry: Retries failed callbacks with exponential backoff (3 attempts) and SSRF protection
| Model | Description |
|---|---|
spp.dci.sender.registry |
External DCI senders with public keys for signature verification |
spp.dci.transaction |
Async DCI request tracking (search, subscribe, unsubscribe) |
spp.dci.subscription |
Event subscriptions with callback URIs and filter expressions |
spp.dci.notification.log |
Audit trail of sent notifications with receipt tracking |
spp.dci.server.key |
Server signing keys for outbound responses and notifications |
After installing:
- Navigate to Settings > DCI > Configuration > Sender Registry
- Create external sender records with their DCI sender IDs
- Fetch sender public keys from their JWKS endpoints using the "Fetch Public Key" button
- Verify the scheduled action DCI: Reset Daily Rate Limit Counters is active
Server signing keys are automatically generated and activated on
installation. To manage keys manually, use the technical interface for
spp.dci.server.key.
- Menu: Settings > DCI > Configuration > Sender Registry
- Menu: Settings > DCI > Configuration > Transactions
- Menu: Settings > DCI > Configuration > Subscriptions
- API:
/dci_api/v1(OpenAPI docs at/dci_api/v1/docs) - JWKS:
/dci_api/v1/.well-known/jwks.json
| Group | Access |
|---|---|
base.group_system |
Full CRUD on all models |
base.group_user |
Read-only on all models |
API authentication uses HTTP signatures verified against sender registry public keys.
- Override
DCIErrorResponseMiddleware.dispatch()to customize error response formatting - Inherit
fastapi.endpointwithapp='dci_api'to add custom routers via_get_fastapi_routers() - Override
spp.dci.transaction.process_async_*()methods to customize async processing logic - Inherit
spp.dci.subscription._build_notification()to add custom notification fields
base, fastapi, queue_job, spp_dci, spp_dci_client,
spp_api_v2
Important
This is an alpha version, the data model and design can change at any time without warning. Only for development or testing purpose, do not use in production.
Table of contents
- Initial migration to OpenSPP2
Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.
Do not contact contributors directly about support or help with technical issues.
- OpenSPP.org
Current maintainers:
This module is part of the OpenSPP/OpenSPP2 project on GitHub.
You are welcome to contribute.