Skip to content

Capabilities

Northwatch advertises a set of capabilities at /api/v1/capabilities. The UI reads this list to decide which views and actions to show. Capabilities are additive — there are no exclusive operating modes — and there is no built-in authentication; access control belongs at the network / reverse-proxy layer (see The capability model).

The endpoint

bash
curl -s http://localhost:8080/api/v1/capabilities
json
{
  "capabilities": ["read", "debug", "correlate", "realtime", "topology",
                   "flows", "telemetry", "alerts", "history", "openapi"],
  "mode": "live"
}

Always-on capabilities

These are present on every live server:

CapabilityCovers
readBrowsing the NB/SB tables.
debugTrace, connectivity, port diagnostics, ACL audit, stale-entry detection, flow diff.
correlateThe correlated/* views joining NB↔SB.
realtimeThe WebSocket event stream.
topologyLogical, physical, gateway, NAT and load-balancer topology.
flowsLogical-flow views.
telemetryTelemetry endpoints.
alertsAlert rules and silences.
historyEvents, snapshots and timeline.
openapiThe self-served OpenAPI spec and Swagger UI.

Conditional capabilities

These appear only when the matching feature is configured:

CapabilityAppears when
enrichAn enrichment provider is configured (OpenStack or Kubernetes).
write--write-enabled is set.
multi-clusterMore than one cluster is configured.
ovsPer-chassis Open_vSwitch visibility is configured (--ovs-mgmt-addr-file).
snapshotThe server is serving an offline snapshot (--snapshot).

Mode

mode is live for a normal server and snapshot when serving an offline snapshot file. In snapshot mode the live-tracking capabilities still appear in the list but the underlying subsystems (alerts, telemetry, flow diff, websocket) are not active for the snapshot cluster — a snapshot is a frozen point in time. When the server is offline, the response also includes a snapshot object with the capture's createdAt and source addresses.