> For the complete documentation index, see [llms.txt](https://docs.opendatadiscovery.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.opendatadiscovery.org/developer-guides/api-reference/genai.md). # GenAI The GenAI surface exposes a single endpoint defined by `GenAIController.java`. It is gated by the `genai.enabled` configuration flag; the route is mounted unconditionally, but the underlying service rejects every request with `BadUserRequestException` ("Gen AI is disabled", HTTP 400) when the flag is off. For the configuration keys (`genai.enabled`, `genai.url`, `genai.request_timeout`) and the external AI service contract, see [Configure ODD Platform → GenAI Configuration](/configuration-and-deployment/odd-platform.md#genai-configuration); for the feature description, the external-service request shape, and the operator caveats around enabling GenAI, see [Active platform features → GenAI assistant](/features/active-platform-features/genai.md). | Method | Path | Operation ID | Purpose | | ------ | ---------------- | --------------- | ------------------------------------------------------------------------------------------------ | | `POST` | `/api/genai/ask` | `genAiQuestion` | Forward a natural-language question to the configured external AI service and return its answer. | **Request body** (`application/json` — `GenAIRequest`): ```json { "body": "" } ``` **Response body** (`application/json` — `GenAIResponse`): ```json { "body": "" } ``` **Status codes:** * `200 OK` — the external AI service returned an answer. * `400 Bad Request` (`BadUserRequestException` body `"Gen AI is disabled"`) — `genai.enabled=false`. Enable the flag and restart the platform to use the endpoint. * `500 Internal Server Error` (`GenAIException`) — the external AI service timed out (message `"Gen AI request take longer that {minutes} min"`, where `{minutes}` is the configured `genai.request_timeout`) or returned a non-2xx response. The platform does **not** retry; a single attempt per request. `genai.request_timeout` is the **outbound wait-for-model-response timeout, in minutes** — the time the platform waits for the external AI service to reply before raising the 500 above. It is wired into the `genAiWebClient` as `responseTimeout = Duration.ofMinutes(genai.request_timeout)` and read **once at startup**, so changing it requires a Platform restart. Because the underlying value is a Java `int` with no default, leaving it unset makes it `0` — `Duration.ofMinutes(0)` is a **zero timeout**, so every request fails immediately before the external service can answer. Always set an explicit non-zero `genai.request_timeout` when enabling GenAI; see [Configure ODD Platform → GenAI Configuration](/configuration-and-deployment/odd-platform.md#genai-configuration). **Authentication and authorisation today.** The route is not enumerated in the platform's authorization rules — `SecurityConstants` has no `/api/genai/**` entry. Under `LOGIN_FORM` / `OAUTH2` / `LDAP`, the endpoint falls through to the catch-all "any authenticated user" rule; under `auth.type=DISABLED`, it is reachable anonymously. There is no per-user quota, no rate limit, and no in-platform audit of who asked what. **Any caller who reaches the endpoint can drive arbitrary cost on the operator's external LLM account.** Operators enabling GenAI should treat the platform as a permissive proxy and protect the upstream cost surface at the network perimeter (rate-limiting reverse proxy, API gateway, restrictive auth mode). The full platform-to-user posture caveat list is on the [feature page's Platform-to-user security posture section](/features/active-platform-features/genai.md#platform-to-user-security-posture). ## See also * [API Reference hub](/developer-guides/api-reference.md) — the full per-feature index. * [Active platform features → GenAI assistant](/features/active-platform-features/genai.md) — feature description, the platform → external AI service contract, the known limitations, and the platform-to-user security caveats. * [Configure ODD Platform → GenAI Configuration](/configuration-and-deployment/odd-platform.md#genai-configuration) — `genai.*` configuration keys plus the silent-misconfiguration warning when `enabled=true` is set without `url` and `request_timeout`. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opendatadiscovery.org/developer-guides/api-reference/genai.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.