Model and Secret Services
Last validated: 2026-05-20
ModelService
ModelService exposes public-model inference APIs with OpenAI/Cohere-style patterns.
RPC Surface
| RPC | HTTP annotation | Purpose |
|---|---|---|
ChatCompletion | POST /v1/chat/completions | Unary chat completion |
StreamChatCompletion | POST /v1/chat/completions/stream | Streaming chat completion |
ListModels | GET /v1/models | List available models |
GetModel | GET /v1/models/{model} | Model metadata |
Embed | POST /v1/embeddings | Embedding generation |
Rerank | POST /v1/rerank | Document reranking |
StreamRerank | POST /v1/rerank/stream | Streaming rerank results |
Infer | POST /v1/infer | Generic model inference |
StreamInfer | POST /v1/infer/stream | Streaming infer results |
Transcribe | POST /v1/audio/transcriptions | Audio transcription |
Notes
- The service is modeled around global/public model names.
- Some list/get style endpoints in proto do not carry explicit method scope annotations, but deployment ingress policies may still enforce auth.
- Streaming variants are preferred for low-latency progressive delivery in interactive workloads.
ModelService examples
Chat completion (HTTP)
curl -sS -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
"https://api.dev.dodil.io/v1/chat/completions" \
-d '{
"model":"kimi-k2-5",
"messages":[{"role":"user","content":"Summarize this incident in 3 bullets."}]
}'Embeddings (gRPC)
grpcurl \
-H "authorization: Bearer $TOKEN" \
-d '{"model":"embeddinggemma-300m","input":"hello world"}' \
rpc.dev.dodil.io:443 dodil.ignite.v1.ModelService/EmbedRerank (HTTP)
curl -sS -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
"https://api.dev.dodil.io/v1/rerank" \
-d '{
"model":"bge-reranker-v2",
"query":"ignite gateway active cache",
"documents":["doc-a","doc-b","doc-c"]
}'SecretService
SecretService provides tenant-owned typed secret management.
RPC Surface
| RPC | HTTP annotation | Purpose |
|---|---|---|
CreateSecret | POST /v1/ignite/secrets | Create/update named secret |
GetSecret | GET /v1/ignite/secrets/{name} | Read secret value |
ListSecrets | GET /v1/ignite/secrets | List secret metadata |
DeleteSecret | DELETE /v1/ignite/secrets/{name} | Delete secret |
Secret Types
GitSecret(username,token)RegistrySecret(username,password, optionalserver_address)
Scoping and Safety
- Secret namespace is org-scoped; cross-org secret reads are blocked by path and auth model.
GetSecretreturns values; avoid logging raw responses in shared logs.- Prefer
ListSecretsmetadata for inventory use cases where value retrieval is not needed.
SecretService examples
Create git secret (gRPC)
grpcurl \
-H "authorization: Bearer $TOKEN" \
-d '{
"name":"github-pat",
"value":{
"git_secret":{
"username":"alice",
"token":"<pat>"
}
}
}' \
rpc.dev.dodil.io:443 dodil.ignite.v1.SecretService/CreateSecretCreate registry secret (HTTP)
curl -sS -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
"https://api.dev.dodil.io/v1/ignite/secrets" \
-d '{
"name":"ghcr-creds",
"value":{
"registry_secret":{
"username":"bot",
"password":"<token>",
"server_address":"ghcr.io"
}
}
}'List secrets (HTTP)
curl -sS \
-H "Authorization: Bearer $TOKEN" \
"https://api.dev.dodil.io/v1/ignite/secrets"