Health
Health Check
Public health endpoint for uptime monitors, host load balancers, and CI smoke tests.
GET
The health endpoint returns the runtime state of GetMCP and its dependencies. It’s public — no API key, nonce, or login required — so you can wire it into UptimeRobot, Pingdom, status pages, Kubernetes liveness probes, or whatever monitoring tool you use.
It’s rate-limited to 60 requests per minute per IP to discourage abuse, and emits
Pick the right HTTP-status interpretation based on your monitor:
The IP is resolved in this order:
Cache-Control: no-store so monitors always read fresh state.
Authentication
None. The endpoint deliberately exposes only non-sensitive runtime data — no license keys, no API tokens, no server credentials.Response Body
Overall health:
ok, degraded, or fail. Aggregated from the per-check statuses below.GetMCP plugin version (matches
getmcp.php header).Internal schema version. Bumped on each migration.
Per-dependency status. Each check has its own
status (ok | warn | fail) plus check-specific extras like latency_ms or count.Seconds since the plugin was first activated on this site (or since the install was first observed by the health endpoint, whichever is earlier).
ISO 8601 timestamp when the response was generated.
Status Aggregation
The top-levelstatus rolls up from the per-check statuses:
| Per-check states | Top-level status | HTTP status |
|---|---|---|
All ok | ok | 200 OK |
At least one warn | degraded | 200 OK |
At least one fail | fail | 503 |
| Rate limit exceeded | (no body) | 429 |
- Strict probes (Kubernetes, AWS ALB) — treat
200as healthy, anything else as down.degradedwill still show as up, which is usually correct because the API works but something deserves attention. - Status pages (Statuspage, Better Uptime) — parse the JSON body and surface
statusdirectly so you can show “degraded” without flipping to red.
Status Codes
| Code | Meaning |
|---|---|
| 200 | All checks passed (ok) or the system is up but degraded (degraded). |
| 429 | Rate limit exceeded for this IP — wait one minute. |
| 503 | At least one check failed. The body still includes the check details. |
Built-in Checks
| Check | What it verifies | Pass when |
|---|---|---|
db | DB is reachable and responsive (SELECT 1 round-trip) | Query completes within ~100ms |
sodium | libsodium PHP extension is loaded | extension_loaded( 'sodium' ) |
rest | REST API is dispatching requests | Always — implicitly true if you got this response |
active_servers | At least one MCP server is set to Active | count > 0 |
license | License is in good standing (paid, trial, or unlicensed) | Not expired (paid). warn for expired trial. |
Rate Limiting
60 requests per minute per IP, evaluated against a sliding-window transient. Exceeded requests get:CF-Connecting-IP(set by Cloudflare)X-Forwarded-For(set by reverse proxies)X-Real-IPREMOTE_ADDR
This endpoint is intentionally lightweight — it does not run the deeper “is every active server’s MCP endpoint reachable” probe that lives behind
POST /wp-json/getmcp/v1/settings/health-check (which is admin-only and runs parallel pings). Use health for liveness / external monitoring, and settings/health-check from the admin UI for an in-depth diagnostic.
