HTTP Endpoints¶
Generated by scripts/build_docs.py from the route modules.
| Group | Method | Path | Handler | Description |
|---|---|---|---|---|
| Auth | GET | /register |
get_register |
Serve the register page. |
| Auth | POST | /register |
post_register |
Register a new user. |
| Auth | GET | /loading |
get_loading |
|
| Auth | GET | /login |
get_login |
Serve the login page. |
| Auth | GET | /mfa |
get_mfa |
Serve the MFA page (verify or setup). Token and mode are in sessionStorage set b |
| Auth | POST | /login |
post_login |
|
| Auth | GET | /logout |
get_logout |
|
| Auth | GET | /mss-login/generate_token |
get_generate_token |
Serve the generate API token page (public). |
| Auth | POST | /mss-login/generate_token |
post_generate_token |
Create a long-lived API token. Requires credentials (or JWT) and can_have_api_to |
| Auth | POST | /generate_token |
post_generate_token_legacy |
Legacy endpoint: delegate to POST /mss-login/generate_token. |
| Auth | GET | /mss-login/api/tokens |
get_user_tokens |
Return the calling user's API tokens (labels, expiry, hash prefix). Session toke |
| Auth | DELETE | /mss-login/api/tokens |
delete_user_token |
Revoke one of the calling user's API tokens by its hash prefix. |
| Admin | GET | /mss-login/api/settings/guest-jwt |
api_get_guest_jwt |
Return allow_guest_jwt (authenticated; any user can read). |
| Admin | PUT | /mss-login/api/settings/guest-jwt |
api_put_guest_jwt |
Update allow_guest_jwt (Admin only). |
| Admin | GET | /mss-login/api/settings/ntfy |
api_get_ntfy_settings |
Return ntfy config (topic, enabled_events). Authenticated; read available to all |
| Admin | PUT | /mss-login/api/settings/ntfy |
api_put_ntfy_settings |
Update ntfy config (Admin only). |
| Admin | GET | /mss-login/api/admin/consoles |
api_admin_consoles_list |
Return list of usernames that have console log entries (Admin only). |
| Admin | GET | /mss-login/api/admin/consoles/{username} |
api_admin_consoles_user |
Return console log lines for the given user (Admin only). |
| Admin | GET | /mss-login/api/groups |
api_groups |
Return groups (admin only). |
| Admin | PUT | /mss-login/api/groups |
api_update_groups |
Update groups (admin only). |
| Admin | GET | /mss-login/api/users |
api_users |
Return users (admin only). |
| Admin | PUT | /mss-login/api/users/{target_user} |
api_update_user_route |
Update user (admin only). |
| Admin | DELETE | /mss-login/api/users/{target_user} |
api_delete_user_route |
Delete user (admin only). |
| Admin | GET | /mss-login/api/users-db-config |
api_get_users_db_config |
Return current users DB backend, paths, and encryption_level (admin only). Passw |
| Admin | PUT | /mss-login/api/users-db-config |
api_put_users_db_config |
Update users DB config (admin only). Restart required for new backend to take ef |
| Admin | GET | /mss-login/api/token-storage-config |
api_get_token_storage_config |
Return token storage config (admin only). Uses same DB as users unless backend i |
| Admin | PUT | /mss-login/api/token-storage-config |
api_put_token_storage_config |
Update token storage config (admin only). Backend: 'json' = legacy file; else us |
| Admin | GET | /mss-login/api/update-status |
api_get_update_status |
Return update status (current version, latest, update_available, mode). Admin on |
| Admin | GET | /mss-login/api/ip-lists |
api_ip_lists |
Return IP lists (admin only). |
| Admin | PUT | /mss-login/api/ip-lists |
api_update_ip_lists |
Update IP lists (admin only). |
| Admin | GET | /mss-login/api/available-model-folders |
api_available_model_folders |
List ComfyUI model folder names (for admin shared-items UI). Admin only. |
| Admin | GET | /mss-login/api/available-models/{folder} |
api_available_models_in_folder |
List model/item names in a folder (for admin shared-items UI). Admin only. |
| Admin | GET | /mss-login/api/model-cache/folders |
api_model_cache_folders |
List model folder names from cache (admin only). For admin Shared Models UI. |
| Admin | GET | /mss-login/api/model-cache/folders/{folder}/items |
api_model_cache_folder_items |
List model/item names in a folder from cache (admin only). |
| Admin | POST | /mss-login/api/model-cache/refresh |
api_model_cache_refresh |
Refresh model cache from ComfyUI folder_paths (admin only). |
| Admin | GET | /mss-login/api/users/{username}/shared-items |
api_get_shared_items |
List shared ComfyUI items (models, LoRAs, VAEs, embeddings) for a user (admin on |
| Admin | POST | /mss-login/api/users/{username}/shared-items |
api_add_shared_item |
Add one shared item for a user. Body: { "folder": "checkpoints", "item_name": "m |
| Admin | DELETE | /mss-login/api/users/{username}/shared-items |
api_remove_shared_item |
Remove one shared item for a user. Body: { "folder": "...", "item_name": "..." } |
| Admin | POST | /mss-login/api/nsfw-management |
api_nsfw_management |
Admin-only NSFW management endpoints. |
| User | GET | /mss-login/api/me |
api_me |
Basic identity info for the frontend. |
| User | POST | /mss-login/api/user-env |
api_user_env |
|
| User | POST | /mss-login-gallery/mark-nsfw |
mark_nsfw |
|
| MFA | POST | /mss-login/api/mfa/setup |
api_mfa_setup |
Start MFA setup. Requires JWT (logged-in user) or mfa_temp_token (from login whe |
| MFA | POST | /mss-login/api/mfa/verify-setup |
api_mfa_verify_setup |
Verify first TOTP code and enable MFA. Body: { code: "123456" } or { mfa_temp_to |
| MFA | POST | /mss-login/api/mfa/verify |
api_mfa_verify |
Complete login after password: verify TOTP or backup code, issue JWT. Body: mfa_ |
| Me | GET | /mss-login/api/is-https |
get_is_https |
Return whether the request was over HTTPS (for 'eye to reveal' check behind reve |
| Me | GET | /mss-login/me/console |
get_me_console |
Return the current user's console log lines. |
| Me | GET | /mss-login/me/sessions |
get_me_sessions |
Return list of session tokens for the current user (jti, created_at_iso, exp_at_ |
| Me | GET | /mss-login/me/current-token |
get_me_current_token |
Return the current request's token (for 'eye to reveal'). Auth required. |
| Me | POST | /mss-login/me/sessions/revoke |
post_me_sessions_revoke |
Revoke a session by jti. jti must belong to the current user. |
| Recovery | POST | /api/mss-login/recovery/reset-mfa |
post_recovery_reset_mfa |
Reset MFA for all users. Only allowed when RECOVERY_MODE is enabled |
Run python scripts/build_docs.py to regenerate.