Hydra
API Reference

API-key-protected endpoints on the Hydra Node.

Authenticated Endpoints

These endpoints require an API key passed via the x-api-key header or ?apiKey= query parameter. API keys are managed through the Control Plane.

GET /v1/signals

Returns full signal data with optional filters. Up to 200 results.

curl http://localhost:4001/v1/signals \
  -H "x-api-key: hyd_a1b2c3d4..."

Query Parameters:

Param Type Description
category string Filter by signal category (e.g., CYBER, NAVAL)
severity string Filter by severity (e.g., HIGH, CRITICAL)
source string Filter by data source (e.g., ADSB, AIS)

Example — cyber signals only:

curl "http://localhost:4001/v1/signals?category=CYBER" \
  -H "x-api-key: hyd_a1b2c3d4..."

Response: 200 OK

[
  {
    "title": "OTX Pulse: APT29 campaign targeting NATO infrastructure",
    "description": "Multiple indicators of compromise...",
    "severity": "HIGH",
    "category": "CYBER",
    "source": "SYSTEM",
    "sourceRef": "otx-pulse-abc123",
    "region": null,
    "countries": ["RU", "US", "DE"],
    "latitude": null,
    "longitude": null,
    "metadata": {
      "provider": "otx",
      "pulseId": "abc123",
      "attackType": "ESPIONAGE",
      "malwareFamilies": ["CozyBear"],
      "indicatorCount": 47,
      "tlp": "white"
    },
    "expiresAt": "2026-03-22T08:15:00Z",
    "collectedAt": "2026-03-21T08:15:00Z"
  }
]

Response: 401 Unauthorized

{
  "error": "unauthorized"
}

GET /v1/aircraft

Returns all aircraft positions — no thinning applied.

curl http://localhost:4001/v1/aircraft \
  -H "x-api-key: hyd_a1b2c3d4..."

Response: 200 OK

[
  {
    "hex": "AE1234",
    "callsign": "FORTE12",
    "type": "GLXE",
    "registration": "10-2045",
    "operator": "US Air Force",
    "category": "ISR",
    "lat": 36.12,
    "lng": -5.35,
    "altitude": 55000,
    "speed": 310,
    "track": 92.4,
    "verticalRate": 0,
    "squawk": "3615",
    "emergency": "none",
    "flag": "US"
  }
]

Unlike /public/aircraft, this returns every tracked aircraft without decimation.

GET /v1/vessels

Returns all vessel positions — full data.

curl http://localhost:4001/v1/vessels \
  -H "x-api-key: hyd_a1b2c3d4..."

Response: 200 OK

[
  {
    "mmsi": "211234567",
    "name": "NORTHERN SPIRIT",
    "callSign": "DABC",
    "imo": "9876543",
    "shipType": 80,
    "category": "TANKER",
    "flag": "DE",
    "destination": "ROTTERDAM",
    "lat": 57.68,
    "lng": 11.94,
    "speed": 12.3,
    "course": 245.0,
    "heading": 243,
    "navStatus": 0
  }
]

GET /v1/markets

Returns all market data — full data.

curl http://localhost:4001/v1/markets \
  -H "x-api-key: hyd_a1b2c3d4..."

Response: 200 OK

[
  {
    "marketId": "polymarket-abc123",
    "question": "Will Russia and Ukraine reach a ceasefire by July 2026?",
    "description": "Resolves Yes if a formal ceasefire...",
    "outcomes": ["Yes", "No"],
    "prices": [0.23, 0.77],
    "volume": 4250000,
    "liquidity": 890000,
    "endDate": "2026-07-01T00:00:00Z",
    "tags": ["ukraine", "russia", "ceasefire"]
  }
]

Authentication Errors

All /v1/* endpoints return 401 if the API key is missing, invalid, or revoked:

{
  "error": "unauthorized"
}

API keys are validated against the node's local SQLite database. Keys created via the Control Plane are stored as SHA-256 hashes.