Try the API
Every endpoint under Specifications has a Try it panel on the right-hand side that sends a real HTTP request from your browser to a configurable target. This page walks through the one-time setup so the panel talks to your own DVARA Flightdeck instead of the placeholder URL.
Point the Try-it panel at your DVARA Flightdeck
Each operation page exposes a Base URL picker at the top of the Try-it panel with three variables:
| Variable | Default | What to set |
|---|---|---|
protocol | http | https if your DVARA Flightdeck sits behind TLS termination |
host | localhost | The hostname or IP of your DVARA Flightdeck |
port | 8090 | The DVARA Flightdeck port — usually 8090 unless you mapped it differently |
Set the three fields once — the browser persists them across pages, so you configure them on any operation and every other operation picks up the same values. For a local Docker Compose deployment the defaults work as-is; for a remote DVARA Flightdeck behind a reverse proxy, set protocol=https, host=dvara-admin.internal.example.com, and port=443.
Paste in your personal access token
Under the URL picker, the Try-it panel shows an Authorization field. Paste your personal access token as a Bearer token:
Authorization: Bearer dvara_pat_<your-token>
The token never leaves your browser's local storage — requests are sent directly from your browser to the DVARA Flightdeck, with no intermediate DVARA server or docs-site backend involved. See Authentication for how to create a PAT from Settings → Tokens in the DVARA Flightdeck.
CORS and network requirements
The Try-it panel makes real cross-origin requests from the docs site to your DVARA Flightdeck, so your DVARA Flightdeck deployment needs to allow CORS from the docs origin:
- Local dev. The default CORS configuration accepts requests from
http://localhost:*and the published docs domain, so the Try-it panel works out of the box against a localdocker compose upstack. - Production. If you've tightened CORS via your reverse proxy or Spring Security's CORS configuration, add the docs site's origin to the allowlist or run the docs locally (
npm run start) and point it at your DVARA Flightdeck via the Base URL picker. - VPN-only DVARA Flightdecks. If your DVARA Flightdeck is only reachable over a corporate VPN, connect to the VPN before clicking Execute. The browser is the client — the docs site never proxies requests.
A quick smoke test
The List tenants operation is a safe first call — it's a GET with no body and lists tenants that the caller's role can see.
- Open the List tenants page.
- Click Edit Base URL and set
hostto your DVARA Flightdeck. - Paste your PAT into the Authorization field.
- Click Send API Request.
- You should see a
200response with a JSON array of tenants, or a401if the token is wrong / missing.
If you get a 403 instead, the PAT is valid but the user behind it doesn't have a role that can list tenants — create a new token from a platform owner or policy-admin user, or ask your platform team to widen your role set.
From the Try-it panel to a real pipeline
The Try-it panel is for exploration and smoke tests — it's not a replacement for version-controlled automation. Once you're happy with the shape of a request:
- Copy the generated
curlsnippet from the Try-it panel's Code tab (bottom of the response area) — it includes the full URL, headers, and body with your values substituted in. - Paste it into your Terraform, Pulumi, GitHub Actions, or Jenkins pipeline — parameterize the PAT via your secrets manager so it never ends up in the repo.
- For large changes (new tenants, new routes, new policies), prefer the config export/import workflow: export the current state, edit the JSON, and replay it with
mode=mergeon every pull request.
Related
- Overview — what the Admin API covers and the minimal end-to-end example
- Authentication — how to create and rotate PATs
- GitOps: Config Export / Import — version-controlled workflow for large config changes