API
Stump exposes an API that allows you to interact with your Stump server programmatically. The API is a fairly standard RESTful API backed by a few different authentication methods. The API is constantly being developed, and while it is generally stable at this point it is still subject to change.
Stump SDK
Stump provides a TypeScript SDK that you can use to create your own applications and integrations with Stump. If the demand is high enough, I will prioritize a proper NPM publish workflow. For the time being, you can load the dependency using something like gitpkg.
yarn add 'https://gitpkg.now.sh/stumpapp/stump/packages/sdk?main'
Then use the SDK in your application like so:
import { Api } from '@stump/sdk'
const sdk = new Api({
baseURL: 'http://localhost:10801',
// You may also use 'session' if you configure it properly
authMethod: 'token', // or 'session' or 'api-key'
// If you have an API key, you can immediately set it here too:
// apiKey: '*****'
})
// A token will be managed for you in-memory, but you can store it yourself
// using the returned `LoginResponse` object
await sdk.auth.login({
username: 'oromei',
password: 'password',
})
// Example query for a book by name
const favoriteBook = (
await sdk.media.get({
name: ['The Cybernetic Tea Shop'],
limit: 1,
})
).at(0)
// Example query for a series by ID
const favoriteSeries = await sdk.series.getByID(favoriteBook.series_id)
// Example query for a library by name
const ebooksLibrary = (
await sdk.library.get({
name: ['Ebooks'],
limit: 1,
})
).at(0)
// Example scan of a library
await sdk.library.scan(ebooksLibrary.id)
A full SDK guide will be available in the future to better support these integrations.
Authentication
Sessions
Stump uses server-side sessions to authenticate users. These sessions are stored in the database, and are automatically cleaned up within 60 seconds of expiring. You can change the expiry cleanup check interval by setting the SESSION_EXPIRY_CLEANUP_INTERVAL
environment variable. See the configuration guide for more information.
Basic Authentication
This functionality is only available on OPDS endpoints. You cannot authenticate with Basic Authentication on the REST API
Stump supports Basic Authentication in order to properly support OPDS clients. Authenticating using this method will still create a server-side session for you.
JWT Access Tokens
Short-lived JWT access tokens are available for API access, aimed at better enabling third-party applications and extensions to interact with Stump. While you can generate these tokens and use them to authenticate API requests, the API is still in development and subject to change.
API Keys
This functionality is gated behind the feature:api_keys
user permission. To learn more about
permissions, see the permissions guide.
You can generated user-scoped API keys to authenticate requests to the REST API. These keys are stored in the database and can be revoked at any time. API keys are not subject to the same expiry as sessions, and are intended for long-term use.
Special API Key Routes
There are instances where you can embed an API key in the URL directly. This will only be available for features/integrations where passing the key in the header is otherwise impossible. At the time of writing, there are two such routes:
/koreader/:api_key/*
- Used for the KoReader sync integration. See here for more information/opds/:api_key/v1.2/*
- An optional clone of the OPDS integration API for clients which don’t support auth headers
For more information on API keys, see the API keys guide.
Swagger UI
Stump’s REST API is documented using Swagger. You can access Swagger UI by visiting visiting http(s)://your-server(:10801)/swagger-ui
. If you aren’t familiar with Swagger, you can read more about it here. Under the hood, Stump uses utoipa for semi-automated Swagger generation. If you find any issues or inconsistencies with the API options available while using the Swagger UI, please open an issue outlining the problem.
Disabling Swagger UI
If you don’t want to expose Swagger UI, you can disable it by setting the ENABLE_SWAGGER_UI
environment variable to false
. See the configuration guide for more information.