This repository exposes a minimal Prometheus-compatible metrics surface focused on the critical auth lifecycle.
- login attempts by outcome
- refresh attempts by outcome
- refresh replay detections
- rate-limit hits by bucket and backend mode
- readiness failures by dependency
The metrics endpoint is disabled by default and must be enabled explicitly with METRICS_ENABLED=true.
For non-local environments, prefer one of these patterns:
- keep
/metricson a private network only - set
METRICS_AUTH_TOKENand require a bearer token from the scraper
Start the application locally with metrics exposed on /metrics:
METRICS_ENABLED=true npm run devIf you want to exercise the authenticated path locally, provide a token:
METRICS_ENABLED=true METRICS_AUTH_TOKEN=local-observability-token npm run devIf you are using the full local stack, ensure PostgreSQL and Redis are running first:
docker compose up -d postgres redisThe repository includes a ready-to-run Prometheus and Grafana stack:
docker compose -f deploy/observability/docker-compose.yml up -dService endpoints:
- Prometheus:
http://localhost:9090 - Grafana:
http://localhost:3001
Grafana provisions the Prometheus datasource automatically and loads the dashboard from:
deploy/observability/grafana/dashboards/auth-api-dashboard.json
- start the API with
METRICS_ENABLED=true - generate auth traffic locally or run the integration and load scenarios
- open Grafana at
http://localhost:3001 - review the
Auth API Operational Overviewdashboard
auth_api_login_attempts_totalauth_api_refresh_attempts_totalauth_api_refresh_replay_detections_totalauth_api_rate_limit_hits_totalauth_api_readiness_failures_total
The registry also exports a small set of default runtime metrics via prom-client when metrics are enabled.