Security

UI & API protection

Authorization

API can be protected by setting the API key in the config. You will be required to enter a key each time you visit UI.

When using API, you will also need to provide Authorization header:

Authorization: Bearer <api key>

Env variable

The easiest way to set API key is via ENV variable:

API_KEY="my password"

Configuration file

You can also add apiKey to configuration file:

{
    "security": {
        "apiKey": "my password"
    }
}

To use the config file you will need to pass JSON config file to any run command with -c option (e.g. npm run start -c config.json).

Steam API

When API key is provided, stream API is protected using JSON Web Token.

You can also have different key for streaming API using security.streamApi.key config parameter.

Example usage:

import { sign } from 'jsonwebtoken'

const key = 'my secure API key'
const url = `/stream/${encodeURIComponent(
    sign(
        {
            torrent: '08ada5a7a6183aae1e09d831df6748d566095a10',
            fileType: 'video',
        },
        key
    )
)}`

This API will have encoded parameters, so it's safe to share it publicly. It will automatically expire (configurable via security.streamApi.maxAge).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

UI & API protection

Env variable

Configuration file

Steam API

Clone this wiki locally