# Options for Radicle APIs
There are three public connections that the radicle server (node + all other related services working with the same repositories) has to expose:
1. HTTP/TLS, required for the web interface (optional, useful only in seeding nodes);
2. Git API, either over HTTP/TLS, or via SSH;
3. P2P API, which has to be encrypted.
Also, any node must expose RPC API, which can be implemented over unencrypted socket and designed to work with just a single connecting peer.
| HTTP | Git | P2P
------ | ---- | --- | ---
Clients | Browser | `git`, `rad`, `radicle-node` | `radicle-node`
Encryption | TLS | SSH, TLS, NXK^[Noise_XK] | SSH, NXK
Transports | TCP | HTTP, SSH, NETL^[Noise_XK encrypted transport layer], GIT | HTTP, SSH, NETL
Can write to a repo | No | No^[write operations must be filtered out] | Yes
Inboud connections [^repo] | Non-blocking | Non-blocking | Blocking
Outbound connections [^repo] | None | One | ?
[^repo]: per repo
Radicle node has to maintain persisting state machine - one per git repository - which should work in a locking way inside a multi-process environment (with multiple processes - or threads - trying to access/write to git repository simultaneusly).
## Possible options for combined Git+P2P connectivity
1. **uniHTTPs**: everything (both P2P and Git) muliplexed over HTTP (REST-style).
:::success
- exposes just a single port; allows combination with WebUI
:::
:::danger
- With TLS makes node keys unusable, but allows combination with Web UI
- With NXK makes traditional git connection unusable
:::
2. **uniSSH**: everything muliplexed over SSH.
:::success
- efficiently reuses node keys
- allows to avoid transport protocol implementation
:::
:::danger
- not combinable with Web UI
- poor state of rust SSH library
:::
3. **P2P+Git**: Git and P2P connections are maintained separatedly in a native way.
:::danger
- unsecure
- requires all three interfaces exposed via different ports
- complexity of managing race conditions and multiple client connections
:::
4. **NETL**^[Noise_XK encrypted transport layer]: we do a new transporting protocol tunneling both Git and P2P in a multiplexed way.
:::success
- efficiently reuses node keys
:::
:::danger
- not combinable with Web UI
- potentially will not work with normal git clients
:::
## Service providers
| uniHTTPs | uniSSH | P2P+Git | NETL
--- | --- | --- | --- | ---
P2P | Caddy + `radicle-node` | `radicle-node` | `radicle-node` | `radicle-node`
WebUI | Caddy + `radicle-node` | Caddy + `radicle-http-api` | Caddy + `radicle-http-api` | Caddy + `radicle-http-api`
Git | Caddy + `radicle-node` | `radicle-node` | `radicle-git-server` | `radicle-git-server`
Overall | Caddy, `radicle-node` | Caddy, `radicle-node`, `radicle-http-api` | Caddy, `radicle-node`, `radicle-http-api`, `radicle-git-server` | Caddy, `radicle-node`, `radicle-http-api`, `radicle-git-server`
Sign in with Wallet
Connect another wallet