github/OpenArchiver
1
1
Fork 0
mirror of https://github.com/LogicLabs-OU/OpenArchiver.git synced 2026-04-06 08:41:57 +02:00
Code Issues 161 Packages Projects Releases Wiki Activity
Files
v0.5.1-dev
OpenArchiver/docs/api/authentication.md
Wei S. e5e119528f V0.5.0 release (#335) 
* adding exports to backend package, page icons update

* Integrity report PDF generation

* Fixed inline attachment images not displaying in the email preview by modifying `EmailPreview.svelte`.
The email HTML references embedded images via `cid:` URIs (e.g., `src="cid:ii_19c6d5f8d5eee7bd6d91"`), but the component never resolved those `cid:` references to actual image data, even though `postal-mime` already parses inline attachments with their `contentId` and binary `content`.
The `emailHtml` derived value now calls `resolveContentIdReferences()` before rendering, so inline/embedded images display correctly in the iframe preview.

* feat: strip non-inline attachments from EML before storage

Add nodemailer dependency and emlUtils helper to remove non-inline
attachments from .eml buffers during ingestion. This avoids
double-storing attachment data since attachments are already stored
separately.

* upload error handing for file based ingestion

* Use Postgres for sync session management

* Google workspace / MS 365 duplicate check, avoid extra API call when previous ingestion fails

* OpenAPI specs for API docs

* code formatting

* ran duplicate check for IMAP import, optimize message listing

* Version update
2026-03-20 13:14:41 +01:00

1.1 KiB
Raw Permalink Blame History

aside
aside
false

API Authentication

The API supports two authentication methods. Use whichever fits your use case.

Method 1: JWT (User Login)

Obtain a short-lived JWT by calling POST /v1/auth/login with your email and password, then pass it as a Bearer token in the Authorization header.

Example:

GET /api/v1/dashboard/stats
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Method 2: API Key

Long-lived API keys are suited for automated scripts and integrations. Create one in Settings > API Keys, then pass it in the X-API-KEY header.

Example:

GET /api/v1/dashboard/stats
X-API-KEY: a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2

Creating an API Key

  1. Navigate to Settings > API Keys in the dashboard.
  2. Click "Generate API Key".
  3. Provide a descriptive name and select an expiration period (max 2 years).
  4. Copy the key immediately — it will not be shown again.

If the token or API key is missing, expired, or invalid, the API responds with 401 Unauthorized.

Reference in New Issue View Git Blame Copy Permalink