eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/compose/services/FreshRSS/API-AUTH-FIX.md
Eduardo Figueroa 93b9c883a1 docs(freshrss): Add API troubleshooting documentation 
Add comprehensive guides for debugging and resolving FreshRSS API
authentication issues with mobile apps.

Includes:
- API password setup instructions
- iOS app configuration (Reeder, NetNewsWire, etc.)
- Google Reader API vs Fever API comparison
- nginx Authorization header troubleshooting
- Debug logging locations and commands
- Common error patterns and solutions

Covers both successful resolution and known limitations.
2025-12-04 18:44:53 +00:00

189 lines
5.2 KiB
Markdown
Raw Permalink Blame History

# FreshRSS iOS App Authentication Fix
## The Problem
You're getting "login failed" on your iOS RSS app, but the same credentials work on the website.
**Why:** iOS RSS apps use FreshRSS's **API**, which requires a separate **API password** - NOT your regular web login password.
## The Solution: Generate an API Password
### Step 1: Log into FreshRSS Web Interface
Go to https://feeds.fig.systems and log in with your regular credentials.
### Step 2: Navigate to Profile Settings
1. Click your username (top right)
2. Select **"Configuration"** or **"Settings"**
3. Go to the **"Profile"** tab
### Step 3: Generate API Password
1. Scroll down to **"API management"** section
2. Find **"API password"** field
3. Click **"Generate"** or **"Regenerate"** button
4. Copy the generated API password (it will look like a random string)
Example: `hKm9xP3zQwRt2nLv8YbJ`
### Step 4: Use API Password in iOS App
When configuring your iOS RSS app:
**Username:** `eddie` (your FreshRSS username)
**Password:** `[THE GENERATED API PASSWORD]` ← NOT your web password!
**Server URL:** `https://feeds.fig.systems`
### Common iOS RSS Apps Configuration
#### **Reeder**
- Account Type: FreshRSS
- Server: `https://feeds.fig.systems`
- Username: `eddie`
- Password: [API password]
#### **NetNewsWire**
- Account Type: FreshRSS
- URL: `https://feeds.fig.systems`
- Username: `eddie`
- Password: [API password]
#### **Unread**
- Service: FreshRSS (Google Reader-compatible)
- Server: `https://feeds.fig.systems`
- Username: `eddie`
- Password: [API password]
#### **Fiery Feeds**
- Account Type: FreshRSS
- Server URL: `https://feeds.fig.systems`
- Username: `eddie`
- Password: [API password]
## Verify API is Enabled
If the API password doesn't work, verify API is enabled:
1. Log into FreshRSS web interface
2. Go to **Administration****Configuration****System**
3. Scroll to **"API (mobile access)"**
4. Ensure **"Enable API"** is checked ✓
5. Click **"Submit"** if you made changes
## Troubleshooting
### Error: "Invalid API password"
**Solution:** Regenerate the API password in FreshRSS web interface and try again.
### Error: "Connection failed" or "Cannot connect to server"
**Check:**
1. URL is exactly: `https://feeds.fig.systems` (no trailing slash)
2. Phone has internet connection
3. Try accessing the URL in Safari/Chrome on the same phone
4. Check if Tinyauth SSO is blocking API access
### SSO/Tinyauth Blocking API Access
FreshRSS has `tinyauth` middleware enabled. This might block API requests if they don't have proper authentication headers.
**Check logs:**
```bash
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log
```
Look for your iOS app's requests (they'll have User-Agent like "Reeder" or "NetNewsWire").
**If API is being blocked by SSO:**
Option 1: Create a bypass for API endpoint:
```yaml
# In compose.yaml, change:
traefik.http.routers.freshrss.middlewares: tinyauth
# To bypass API paths:
traefik.http.routers.freshrss.middlewares: freshrss-auth
# Add new middleware in Traefik config or labels:
traefik.http.middlewares.freshrss-auth.chain.middlewares: tinyauth-skip-api, tinyauth
```
Option 2: Temporarily disable SSO to test:
```bash
# Comment out in compose.yaml:
# traefik.http.routers.freshrss.middlewares: tinyauth
docker compose up -d
```
### Error: "SSL/Certificate error"
Your FreshRSS uses Let's Encrypt SSL. If iOS app shows certificate errors:
1. Update iOS to latest version
2. Try toggling "Allow self-signed certificates" OFF (you don't need it)
3. Check the URL doesn't have `http://` (must be `https://`)
## View API Logs
### Check what the iOS app is sending:
```bash
# Watch nginx access log
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log
# Filter for API requests
grep -i "api\|fever\|greader" /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log | tail -20
```
### Check for authentication errors:
```bash
# PHP errors
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/php_errors.log
# Nginx errors
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/error.log
```
### Real-time monitoring:
```bash
# Open 3 terminals and watch:
# Terminal 1:
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log
# Terminal 2:
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/error.log
# Terminal 3:
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/php_errors.log
# Now try connecting from iOS app
```
## Quick Test: API is Working
Test the API manually:
```bash
# Replace with your actual API password
API_PASSWORD="your-api-password-here"
# Test authentication
curl -s "https://feeds.fig.systems/api/greader.php/reader/api/0/token" \
-u "eddie:$API_PASSWORD" | head -20
# Should return a token, not an error
```
If this works, your API is functional and the issue is with how the iOS app is configured.
## Current Status
**Debug logging enabled** - PHP errors will show in logs
**API enabled** - Checked in config.php (line 20)
⚠️ **SSO might block API** - Tinyauth middleware is active
**Next step:** Generate API password and try it in your iOS app!
Reference in a new issue View git blame Copy permalink