API Endpoints

Glove exposes a REST API on the configured port (default: 8080). All endpoints return JSON.

Endpoint Summary

MethodPathDescription
GET/api/journeys/public_transportPublic transit journey planning (RAPTOR)
GET/api/journeys/walkWalking directions (Valhalla)
GET/api/journeys/bikeCycling directions (Valhalla, 3 profiles)
GET/api/journeys/carDriving directions (Valhalla)
GET/api/placesStop and address autocomplete
GET/api/statusGTFS stats and server status
GET/api/gtfs/validateGTFS data quality validation (19 checks)
POST/api/gtfs/reloadHot-reload GTFS data
GET/api/metricsPrometheus-format metrics
GET/api/tiles/{z}/{x}/{y}.pngMap tile proxy with local disk cache
GET/api-docs/openapi.jsonOpenAPI specification

The journey planning endpoints use query parameters compatible with the Navitia API:

  • from — Origin coordinates (lon;lat)
  • to — Destination coordinates (lon;lat)
  • datetime — Departure time (ISO 8601)

This allows Glove to serve as a drop-in replacement for Navitia in existing applications.

All journey endpoints accept an optional maneuvers=true query parameter. When enabled, responses include a maneuver_type field (Valhalla type number) in maneuver objects, enabling clients to display turn-by-turn navigation with indoor maneuver support. Maneuvers are disabled by default to reduce response size and skip transfer Valhalla enrichment.

Authentication

Most endpoints are public. The POST /api/gtfs/reload endpoint requires an API key configured in config.yaml:

server:
  api_key: "your-secret-key"

Pass the key in the Authorization header:

curl -X POST http://localhost:8080/api/gtfs/reload \
  -H "Authorization: Bearer your-secret-key"

Warning

If api_key is empty in the config, the reload and validate endpoints are disabled.

Rate Limiting

All endpoints except the tile proxy are rate-limited per IP address. The default is 20 requests/second, configurable via:

server:
  rate_limit: 20    # 0 = disabled

CORS

CORS is configured via config.yaml:

server:
  cors_origins: []              # Default: restrictive
  cors_origins: ["*"]           # Permissive (not for production)
  cors_origins: ["https://example.com"]  # Specific origins

OpenAPI Documentation

The full API specification is auto-generated and available at:

GET /api-docs/openapi.json

The frontend includes a Swagger UI viewer for interactive API exploration.