Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Triton inference server Server RestrictedFeatures

From Leeroopedia
Knowledge Sources
Domains Security, Access_Control
Last Updated 2026-02-13 17:00 GMT

Overview

Concrete tool for defining and enforcing API access restrictions across Triton server endpoint categories using header-based authentication.

Description

The RestrictedFeatures class stores per-category restrictions as HTTP header key-value pairs. It defines nine RestrictedCategory values (health, metadata, inference, shared-memory, model-config, model-repository, statistics, trace, logging), each configurable with a required HTTP header and expected value. The implementation uses fixed-size arrays for O(1) lookup by category enum and linear search for string-to-category mapping.

Usage

Used when Triton is started with the --http-restricted-api or --grpc-restricted-api flags. Enables operators to restrict access to specific API groups by requiring matching HTTP headers on requests.

Code Reference

Source Location

Signature

namespace triton { namespace server {

enum class RestrictedCategory {
  HEALTH, METADATA, INFERENCE, SHARED_MEMORY,
  MODEL_CONFIG, MODEL_REPOSITORY, STATISTICS,
  TRACE, LOGGING
};

class RestrictedFeatures {
 public:
  RestrictedFeatures() = default;

  void SetRestriction(
      RestrictedCategory category,
      const std::string& header,
      const std::string& value);

  bool IsRestricted(RestrictedCategory category) const;

  bool VerifyAccess(
      RestrictedCategory category,
      const std::string& header_value) const;

  static bool GetCategory(
      const std::string& name, RestrictedCategory* category);

 private:
  struct Restriction {
    bool active = false;
    std::string header;
    std::string value;
  };
  std::array<Restriction, 9> restrictions_;
};

}} // namespace triton::server

Import

#include "restricted_features.h"

I/O Contract

Inputs

Name Type Required Description
category RestrictedCategory Yes API category to check/set restriction
header string Yes (set) HTTP header name required for access
value string Yes (set) Expected header value for access

Outputs

Name Type Description
IsRestricted bool Whether the category has an active restriction
VerifyAccess bool Whether the provided header value matches

Usage Examples

Configuring API Restrictions

# Restrict model repository API with a secret key
tritonserver --model-repository=/models \
  --http-restricted-api=model-repository:X-API-Key=my-secret-key

# Restrict inference and statistics APIs
tritonserver --model-repository=/models \
  --http-restricted-api=inference:Authorization=Bearer-token123 \
  --http-restricted-api=statistics:X-Admin-Key=admin-secret

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Triton_inference_server_Server_RestrictedFeatures&oldid=10502"