Skip to main content

Service registry overrides

Admin endpoints for managing service configuration overrides. Overrides are stored in the service_registry_overrides database table and take precedence over hardcoded service configurations. An in-memory cache refreshes every 30 seconds for zero-latency lookups at runtime.
These endpoints require admin authentication. Non-admin users receive a 403 Forbidden response.

List service overrides

Retrieve all service registry overrides. By default, includes both active and inactive (soft-deleted) entries for the admin view. 
GET /api/admin/services/registry
Authentication: Required (admin) Rate limit: 30 requests per 60 seconds per IP Query parameters:
ParameterTypeDefaultDescription
searchstringFilter by domain or name (case-insensitive substring match)
categorystringFilter by category (exact match)
active_onlystring"false"Set to "true" to exclude inactive overrides
Response 200 OK: 
{
  "overrides": [
    {
      "domain": "example.com",
      "name": "Example Service",
      "logo_url": "https://example.com/logo.png",
      "category": "productivity",
      "login_url": "https://example.com/login",
      "reset_url": "https://example.com/reset",
      "passkey_setup_url": "https://example.com/settings/passkeys",
      "passkey_support_type": "sign-in",
      "login_type": "password_reset",
      "browser_type": "chromium",
      "sender_patterns": ["noreply@example.com"],
      "gmail_search_queries": ["from:example.com subject:password newer_than:5h"],
      "otp_patterns": ["\\b(\\d{6})\\b"],
      "link_patterns": ["https://example\\.com/reset/[a-zA-Z0-9]+"],
      "success_indicators": ["check your email", "reset link sent"],
      "forgot_password_selectors": ["a[href*='forgot']"],
      "email_input_selectors": ["input[type='email']"],
      "submit_selectors": ["button[type='submit']"],
      "submit_button_text": ["Continue", "Reset password"],
      "skip_submit_patterns": ["Sign up", "Create account"],
      "password_requirements": {
        "minLength": 8,
        "maxLength": 64,
        "requireUppercase": true,
        "requireNumbers": true
      },
      "recovery_method": { "primary": "email_link", "secondary": "otp" },
      "notes": "Requires stealth mode during peak hours",
      "is_verified": true,
      "is_active": true,
      "created_by": "usr_admin",
      "updated_by": "usr_admin",
      "created_at": "2026-02-15T10:00:00Z",
      "updated_at": "2026-03-01T14:30:00Z"
    }
  ],
  "count": 12
}

Create service override

Create a new service registry override. If an inactive (soft-deleted) override exists for the same domain, it is reactivated with the new data. 
POST /api/admin/services/registry
Authentication: Required (admin) Rate limit: 10 requests per 60 seconds per IP Request body: 
{
  "domain": "newservice.com",
  "name": "New Service",
  "logo_url": "https://newservice.com/logo.png",
  "category": "social",
  "login_url": "https://newservice.com/login",
  "reset_url": "https://newservice.com/forgot-password",
  "login_type": "password_reset",
  "browser_type": "chromium",
  "sender_patterns": ["no-reply@newservice.com"],
  "success_indicators": ["check your inbox"],
  "password_requirements": {
    "minLength": 10,
    "requireUppercase": true,
    "requireNumbers": true,
    "requireSymbols": true
  },
  "is_verified": false
}

Required fields

FieldTypeDescription
domainstringService domain (e.g., newservice.com). 3-253 characters. Normalized to lowercase with www. stripped. Validated as a proper hostname.
namestringDisplay name. 1-200 characters.

Optional fields

FieldTypeDescription
logo_urlstring (URL)Service logo URL. Must be http or https.
login_urlstring (URL)Login page URL.
reset_urlstring (URL)Direct password reset page URL.
passkey_setup_urlstring (URL)Passkey setup/enrollment URL.
FieldTypeAllowed values
categorystringbig-tech, social, finance, productivity, shopping, gaming, developer, email, other
passkey_support_typestringsign-in, sign-in-and-sign-up, mfa-only
login_typestringpassword_reset, magic_link, otp, sso_only
browser_typestringchromium, stealth
recovery_methodobject{ primary: string, secondary?: string }
FieldTypeDescription
sender_patternsstring[]Email sender addresses or patterns for reset emails
gmail_search_queriesstring[]Gmail API search queries to find reset emails
otp_patternsstring[]Regex patterns (as strings) to extract OTP codes from email bodies
link_patternsstring[]Regex patterns (as strings) to extract reset links from emails
success_indicatorsstring[]Text patterns indicating a successful reset request (max 20 entries, 200 chars each)
FieldTypeDescription
forgot_password_selectorsstring[]CSS selectors for “forgot password” links. Max 20 selectors, 500 chars each. Validated against script injection.
email_input_selectorsstring[]CSS selectors for email input fields
submit_selectorsstring[]CSS selectors for submit buttons (highest priority in smart-submit)
submit_button_textstring[]Button text to match for submit (case-insensitive). Max 10 entries.
skip_submit_patternsstring[]Text patterns for buttons to never click. Max 10 entries.
FieldTypeDescription
password_requirementsobjectService-specific password rules. See below.
notesstringAdmin notes. Max 5000 characters.
is_verifiedbooleanWhether the configuration has been verified by an admin.

Password requirements object

FieldTypeDescription
minLengthintegerMinimum password length (1-128)
maxLengthintegerMaximum password length (1-256)
requireUppercasebooleanMust contain uppercase letters
requireLowercasebooleanMust contain lowercase letters
requireNumbersbooleanMust contain digits
requireSymbolsbooleanMust contain symbols
disallowedCharsstringCharacters that the service rejects (max 50)
specificSymbolsstringService-allowed symbols (replaces the default set, max 50)
Response 201 Created: 
{
  "override": {
    "domain": "newservice.com",
    "name": "New Service",
    "is_active": true,
    "created_by": "usr_admin",
    "created_at": "2026-03-05T12:00:00Z"
  },
  "created": true
}
Errors:
StatusCodeDescription
400validation_failedInvalid or missing fields
409conflictAn active override already exists for this domain
429rate_limitedRate limit exceeded
500internal_errorDatabase insert failed
Creating or updating an override invalidates the in-memory cache for that domain. The next lookup fetches fresh data from the database and the full cache is refreshed.

Unified registry architecture

The service registry uses a three-tier architecture to resolve service configurations:
1

In-memory cache lookup

A warm Map<string, ServiceRegistryOverride> is refreshed from the database every 30 seconds. Synchronous lookups return results in microseconds.
2

Database override

If a database override exists for the domain, its non-null fields are merged onto the hardcoded configuration. Database values always take precedence.
3

Hardcoded fallback

If no database override exists, the hardcoded configuration from the service registry is used directly. 103 services have hardcoded configs.

Merge behavior

When a database override is merged with a hardcoded configuration:
BehaviorDetail
Non-null DB fieldsOverride the hardcoded value
Null DB fieldsHardcoded value is preserved
extractLinks functionNever overridden (functions cannot be stored in the database)
String regex patternsCompiled to RegExp objects with safeRegExp(). Invalid patterns are silently dropped.
Domain normalizationLowercase, www. prefix stripped

Cache lifecycle

EventAction
First lookupCache is loaded from the database (async)
Every 30 secondsBackground refresh from the database
After create/update/deleteImmediate cache invalidation and refresh
Process restartCache starts empty and loads on first access