REST API
Stump exposes a REST API that allows you to interact with your Stump server.
Authentication
Sessions
Stump uses server-side sessions to authenticate users. These sessions are stored in the database, and are automatically cleaned up within 60 seconds of expiring. You can change the expiry cleanup check interval by setting the SESSION_EXPIRY_CLEANUP_INTERVAL environment variable. See the configuration guide for more information.
Basic Authentication
This functionality is only available on OPDS endpoints. You cannot authenticate with Basic Authentication on the REST API
Stump supports Basic Authentication (opens in a new tab) in order to properly support OPDS clients. Authenticating using this method will still create a server-side session for you.
JWT Access Tokens
This functionality is not fully implemented and subject to change. You can track the progress on this feature in this issue (opens in a new tab)
Short-lived JWT access tokens are available for API access, aimed at better enabling third-party applications and extensions to interact with Stump. While you can generate these tokens and use them to authenticate API requests, the API is still in development and subject to change. Once the API is more stable, we will provide more relevant documentation on how to generate and use these tokens.
Swagger UI
Stump's REST API is documented using Swagger. You can access Swagger UI by visiting visiting http(s)://your-server(:10801)/swagger-ui. If you aren't familiar with Swagger, you can read more about it here (opens in a new tab). Under the hood, Stump uses utoipa (opens in a new tab) for semi-automated Swagger generation. If you find any issues or inconsistencies with the API options available while using the Swagger UI, please open an issue (opens in a new tab) outlining the problem.
Disabling Swagger UI
If you don't want to expose Swagger UI, you can disable it by setting the ENABLE_SWAGGER_UI environment variable to false. See the configuration guide for more information.