eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/compose/services/FreshRSS/API-AUTH-FIX.md
Eduardo Figueroa 93b9c883a1 docs(freshrss): Add API troubleshooting documentation 
Add comprehensive guides for debugging and resolving FreshRSS API
authentication issues with mobile apps.

Includes:
- API password setup instructions
- iOS app configuration (Reeder, NetNewsWire, etc.)
- Google Reader API vs Fever API comparison
- nginx Authorization header troubleshooting
- Debug logging locations and commands
- Common error patterns and solutions

Covers both successful resolution and known limitations.
2025-12-04 18:44:53 +00:00

5.2 KiB
Raw Blame History

FreshRSS iOS App Authentication Fix

The Problem

You're getting "login failed" on your iOS RSS app, but the same credentials work on the website.

Why: iOS RSS apps use FreshRSS's API, which requires a separate API password - NOT your regular web login password.

The Solution: Generate an API Password

Step 1: Log into FreshRSS Web Interface

Go to https://feeds.fig.systems and log in with your regular credentials.

Step 2: Navigate to Profile Settings

  1. Click your username (top right)
  2. Select "Configuration" or "Settings"
  3. Go to the "Profile" tab

Step 3: Generate API Password

  1. Scroll down to "API management" section
  2. Find "API password" field
  3. Click "Generate" or "Regenerate" button
  4. Copy the generated API password (it will look like a random string)

Example: hKm9xP3zQwRt2nLv8YbJ

Step 4: Use API Password in iOS App

When configuring your iOS RSS app:

Username: eddie (your FreshRSS username) Password: [THE GENERATED API PASSWORD] ← NOT your web password! Server URL: https://feeds.fig.systems

Common iOS RSS Apps Configuration

Reeder

  • Account Type: FreshRSS
  • Server: https://feeds.fig.systems
  • Username: eddie
  • Password: [API password]

NetNewsWire

  • Account Type: FreshRSS
  • URL: https://feeds.fig.systems
  • Username: eddie
  • Password: [API password]

Unread

  • Service: FreshRSS (Google Reader-compatible)
  • Server: https://feeds.fig.systems
  • Username: eddie
  • Password: [API password]

Fiery Feeds

  • Account Type: FreshRSS
  • Server URL: https://feeds.fig.systems
  • Username: eddie
  • Password: [API password]

Verify API is Enabled

If the API password doesn't work, verify API is enabled:

  1. Log into FreshRSS web interface
  2. Go to AdministrationConfigurationSystem
  3. Scroll to "API (mobile access)"
  4. Ensure "Enable API" is checked ✓
  5. Click "Submit" if you made changes

Troubleshooting

Error: "Invalid API password"

Solution: Regenerate the API password in FreshRSS web interface and try again.

Error: "Connection failed" or "Cannot connect to server"

Check:

  1. URL is exactly: https://feeds.fig.systems (no trailing slash)
  2. Phone has internet connection
  3. Try accessing the URL in Safari/Chrome on the same phone
  4. Check if Tinyauth SSO is blocking API access

SSO/Tinyauth Blocking API Access

FreshRSS has tinyauth middleware enabled. This might block API requests if they don't have proper authentication headers.

Check logs:

tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log

Look for your iOS app's requests (they'll have User-Agent like "Reeder" or "NetNewsWire").

If API is being blocked by SSO:

Option 1: Create a bypass for API endpoint:

# In compose.yaml, change:
traefik.http.routers.freshrss.middlewares: tinyauth

# To bypass API paths:
traefik.http.routers.freshrss.middlewares: freshrss-auth

# Add new middleware in Traefik config or labels:
traefik.http.middlewares.freshrss-auth.chain.middlewares: tinyauth-skip-api, tinyauth

Option 2: Temporarily disable SSO to test:

# Comment out in compose.yaml:
# traefik.http.routers.freshrss.middlewares: tinyauth

docker compose up -d

Error: "SSL/Certificate error"

Your FreshRSS uses Let's Encrypt SSL. If iOS app shows certificate errors:

  1. Update iOS to latest version
  2. Try toggling "Allow self-signed certificates" OFF (you don't need it)
  3. Check the URL doesn't have http:// (must be https://)

View API Logs

Check what the iOS app is sending:

# Watch nginx access log
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log

# Filter for API requests
grep -i "api\|fever\|greader" /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log | tail -20

Check for authentication errors:

# PHP errors
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/php_errors.log

# Nginx errors
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/error.log

Real-time monitoring:

# Open 3 terminals and watch:
# Terminal 1:
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log

# Terminal 2:
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/error.log

# Terminal 3:
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/php_errors.log

# Now try connecting from iOS app

Quick Test: API is Working

Test the API manually:

# Replace with your actual API password
API_PASSWORD="your-api-password-here"

# Test authentication
curl -s "https://feeds.fig.systems/api/greader.php/reader/api/0/token" \
  -u "eddie:$API_PASSWORD" | head -20

# Should return a token, not an error

If this works, your API is functional and the issue is with how the iOS app is configured.

Current Status

Debug logging enabled - PHP errors will show in logs API enabled - Checked in config.php (line 20) ⚠️ SSO might block API - Tinyauth middleware is active

Next step: Generate API password and try it in your iOS app!