The interop server for the Python API allows you to use the Python API remotely.
This feature is only available on Linux.
Interop Server Security
Note: Prior to the 2025 R2.4 release, the interop server does not authenticate connecting clients.
Remote API commands from the connecting client will have the same permissions as the user that started the interop server process on the host. This could expose the host’s local user space to the remote operator.
To mitigate potential security risks, the following precautions should be taken when setting up the interop server:
- The interop server should only be deployed on a restricted internal network.
- When possible, the interop server should be deployed in a container. Instructions on building the container using the Dockerfile provided in the installation package can be found in the Dockerfile support article.
- If deployment in a container is not possible, a restricted user or user group should be used when starting the interop server to avoid impacting existing users. The interop server should not be run as a user with sudo or root permissions.
Authentication and certificates
Instructions for 2025 R2.4 and newer
Starting in 2025 R2.4, authentication is provided by TLS mutual authentication using SSL certificates. You will need to generate your own SSL certificates.
After generating the SSL certificates, ensure that the client has access to the client key, client certificate, and the certificate authority (CA) that is shared between the server and the client. The client does not need access to the server key and certificate.
Legacy instructions
Prior to 2025 R2.4, you either need to provide your own certificates, or generate self-signed certificates by running the generate_certificate.sh script file provided with Lumerical products. This script file is in the following directory:
[path to Lumerical]/api/interop-server/scripts/linux
To run the script, move to the folder and run generate_certificate.sh. For example, if Lumerical 2023 R1.2 is installed in the default location:
cd /opt/Lumerical/v231/api/interop-server/script/linux ./generate_certificate.sh
After obtaining the certificates, place them in the user’s home folder, in
$HOME/.config/Lumerical/interop_server_certs/
Start and stop the interop server
To start and stop the interop server, use scripts provided with Lumerical products. There are two provided scripts:
- interop_server_start.sh
- interop_server_stop.sh
These scripts are in the following directory:
[path to Lumerical]/api/interop-server/scripts/linux
Starting the interop server
To start the interop server, run interop_server_start.sh. This script takes the following arguments:
- Hostname or IP address. This argument is optional, and the default is 127.0.0.1
- Port. This argument is optional, and the default is 8989.
- Path to the server key. This argument is required.
- Path to the server’s certificate. This argument is required.
- Path to the server’s certificate CA. This argument is required.
Note: In versions prior to 2025 R2.4, the path to the server’s certificate CA does not apply and there are only four arguments to interop_server_start.sh.
For clients to connect to the server, the interop server must be able to receive incoming connection on the specified port, sometimes requiring the ports to be opened or requiring disabling the firewall. Please refer to your system documentation for instructions on these procedures.
To handle multiple connections, open a range of ports above the port specified in interop_server_start.sh.
Stopping the interop server
To stop the server, run interop_server_stop.sh.