Health check endpoints, responses, and security
Available endpoints
New endpoints replace deprecated and removed endpoint
Airlock IAM 7.4 introduced a limited set of health checks to allow Airlock Gateway to check the liveness of the Loginapp. As a result, the health endpoint located at /{instance}-login/rest/health has been deprecated and removed as of Airlock IAM 8.0.
The new health check endpoints are /health/live and /health/ready. If you have not already done so, we recommend that you migrate all installations to the new health check endpoints as soon as possible.
The following table shows the endpoints available for health checks:
Check | Endpoint |
|---|---|
Liveness |
|
Readiness |
|
The health check endpoint consists of a list of different checks:
- Liveness endpoint: has a fixed list of checks, which is currently not configurable. The configurationActivation check is not included in this list. Liveness checks will therefore report Airlock IAM to be UP, even if the configuration was not loaded yet.
- Readiness endpoint: health checks can be configured in the Config Editor for the Loginapp and the Transaction Approval modules. The configurationActivation check is always part of the checks and cannot be removed.
Health check responses
The response to a health check request can be UP or DOWN. This is also indicated by the HTTP response status code:
Status | HTTP status code |
|---|---|
UP | 200 OK |
DOWN | Any non-200 status, typically 503, or a connection error. |
Health check endpoints also provide a JSON response body, which is intended to be human-readable and indicate which check failed.
Edge cases
The health check endpoints have been designed for the following usage:
- If an IAM module (adminapp, loginapp, ...) is configured in the instance properties file, it automatically provides the liveness endpoint.
- The Loginapp and the Transaction Approval automatically check whether the configuration can be activated in the readiness endpoint.
- Even if an IAM module has no configuration, it is considered to be in a correct state regarding the liveness endpoint.
- The liveness endpoint reports all modules as UP during configuration activation.
- If there is no configuration for an IAM module or if the activation fails, the readiness endpoint reports status DOWN.
Health check endpoint security
Feature | Description |
|---|---|
Port number | It is possible to configure the health checks on a separate port. This can be used as a security measure to prevent health check traffic from passing through firewalls and being accessible from the outside as part of regular Airlock IAM traffic. This feature is configured in the If the port configured for the health checks is already in use, Airlock IAM fails to start. |
IP filtering | The health check endpoint provides an IP address filter that only allows access from This behavior is configured in the |
HTTPS | Health checks are only accessible over HTTPS if these conditions are met:
|