API Reference Overview#

../_images/ovas_api_banner.png

The Omniverse Application Streaming API exposes API endpoints for the Application & Profile and Streaming Session services. These endpoints are intended for developers creating applications that need to interface with an Omniverse Application Streaming API instance, typically to embed Omniverse Kit Application streams into their client applications.

These APIs are not designed for managing the instance itself, as it is assumed that cluster administrators will use standard Kubernetes and Helm methods for that purpose.

Application & Profile endpoints#

Only GET methods of the Application service are exposed allowing developers to query an instance for its available Application, Application Version and Application Profile, which are required when requesting Kit Application streams.

View API Reference Documentation

“Editing” endpoints#

POST, PATCH and DELETE methods do exist for managing Applications and Application Versions through the Application service, but these are not exposed for security reasons. However, these methods can be enabled by following instructions in the Managing Applications and Versions via Endpoints guide.

At this time, there are no editing endpoints for Profiles. These must be managed by cluster administrators using the steps outlined in Creating an Application Profile.

Why not expose POST, PATCH and DELETE methods?

An Omniverse Application Streaming API instance does not provide its own mechanism for securing the endpoints. If these methods were exposed, a malicious actor could potentially add their own Application or Application Profile to run on the cluster, which would pose a security risk. Additionally, they could execute a denial-of-service attack by deleting Applications, Application Versions, or Application Profiles, rendering the entire cluster unusable.

The defacto method of Application management through standard cluster administrative access is assumed to be highly secure, following industry best practices. However, ensuring this security is the responsibility of those deploying the Omniverse Application Streaming API instance.

Streaming Session endpoints#

The Streaming Session service exposes all of the necessary endpoints for the Application Streaming API. These endpoints are required to support on-demand Kit streaming, including the ability to terminate streams.

View API Reference Documentation

Accessing the live API documentation#

While we provide reference documentation for the APIs in this section, you can also use the live documentation feature of your Omniverse Application Streaming API instance. This allows you to review the API and submit live queries against the services. They are enabled by default and can be found at the following urls:

The URL for the Application & Profile documentation endpoint#
https://api.<your_cluster>/applications/docs
The URL for the Streaming Session documentation endpoint#
https://api.<your_cluster>/streaming/docs

Confirm the exact urls with your cluster administrator as they may have changed for your instance.

API Gateways#

We strongly recommend deploying the APIs behind an API Gateway as it offers numerous benefits, most importantly, the ability to secure the API end-points by integrating with your chosen IAM solution.

Warning

The Application Streaming API does not implement its own authentication and authorization mechanisms. Instead, customers are expected to bring their own implementations to manage access to the API endpoints.

We encourage using standard methods to secure your instance and have created guides to help you do so.

Additional information#