The EchoMark API is distributed as a Docker container. Docker is a platform that allows developers to package applications and their dependencies into lightweight, portable containers that run consistently across different environments. It simplifies deployment by using isolated containers that share the host OS kernel, ensuring efficient resource usage and reproducibility.
As a customer of the EchoMark’s API you will receive a container in a tar file format, e.g.,
echomark-apiserver-v2.0.0.tar
Your EchoMark account manager will work with you to find the best way to deliver this file securely.
Versioning
Each container file will be tagged with a version identifier, e.g., v2.0.0. There are some key developer guarantees around these versions and backwards compatibility.
Minor Version (0) Minor version changes are guaranteed to be fully backwards compatible. We will increment the minor version for changes that will not functionally affect the end-user such as security updates to dependencies.
Semi-Minor Version (0) Semi-minor version changes are guaranteed to be fully backwards compatible from a data processing perspective. All watermarked copies are inter-operable between semi-minor versions.
Major Version (2) Major version changes have no guarantees of backward compatibility.
Loading
To load an EchoMark container, you can run the following command on any target system. Make sure that you have Docker installed. You should change the text in green to ensure your local docker images have the same version tags as the container given to you.
echomark-apiserver-v2.0.0.tar | docker import – echomark-apiserver:v2.0.0
Configuring and Running
Configurations for this container are expressed as UNIX environment variables. You will receive an example configuration file apiserver.conf:
# Role of the container (e.g., "admin", "mark", “detect”) # Default: admin CONTAINER_ROLE=admin # Port to run the application on # Default: 5344 PORT=5344 # CORS domains allowed (e.g., echomark.acme.org) # Default: allow all CORS_ALLOWED_ORIGINS= # Path to the TLS certificate file (if using HTTPS) # Default: not set CERTIFICATE= # Whether to skip authentication (use with caution) # Accepts: True or False # Default: False SKIP_AUTH=False # Path to the private key for the TLS certificate # Default: not set PRIVATE_KEY= # Type of metadata storage to use (e.g., "none", "sqlite", "postgres") # Default: none METADATA_STORAGE_TYPE=none # Path to the SQLite database file (only used if METADATA_STORAGE_TYPE=sqlite) # Default: /data/storage/metadata/sqlite.db SQLITE_DATABASE_FILE=/data/storage/metadata/sqlite.db # Hostname or IP address of the database server (used for non-SQLite databases) # Default: not set DATABASE_HOST= # Port number for the database server # Default: not set DATABASE_PORT= # Username for connecting to the database # Default: not set DATABASE_USER= # Password for the database user # Default: not set DATABASE_PASSWORD= # Number of threads to use for investigations # Default: 2 INVESTIGATION_THREADS=2 # Path to store investigation results # Default: /data/storage/results/ INVESTIGATION_RESULT_STORAGE=/data/storage/results/ # Enable verbose logging # Accepts: True or False # Default: False VERBOSE=False
The main thing to configure is the database service. The EchoMark apiserver requires some form of persistent metadata storage. For debugging and testing you can use a local sqlite file. However, in production, we recommend using a relational database such as mysql or postgres sql. This database should have a database named apiserver and a user account that has write access to all tables in that database.
Production Deployment
It is advisable to run multiple apiserver containers to scale up to the needs of your organization and host them behind a load balancer. Accordingly, each container can be assigned a "role" through environment variable configuration. Roles limit the functionality of the container so they can be aligned with your organizations security policies.
- "mark" The container will only perform watermarking tasks
- "detect" The container will only perform watermarking tasks and watermarking investigations
- "admin" The container can perform both mark and detect tasks, but also administrative tasks on the metadata server