All POST/PUT/DELETE requests to /api/ (except /api/auth/) require the header:
X-Requested-With: XMLHttpRequest
Session-based authentication using cookies (SameSite=Lax, HttpOnly).
- Body:
{username, password, email?, full_name?} - Returns:
{status, user_id}or error
- Body:
{username, password} - Returns:
{status, user_id}or error (generic "Invalid username or password") - Rate limited: 10/min, blocked accounts return 403
- Returns:
{status}
- Returns:
{user_id, username, email, full_name, role, profile_pic}
- Data:
{prompt, model, session_id?, temperature?, options?, images?, system_prompt?, file_context?} - Streams response via
stream_chunkevents, finalizes withstream_done
- Data:
{session_id, model, temperature?, options?}
- Stops current stream
- Query:
?archived=1 - Returns: Array of sessions with tags
- Returns: Array of messages
- Body:
{system_prompt} - Sets per-chat system prompt
- Returns: Branch tree for session
- Body:
{message_id} - Forks conversation at given message
- Deletes session
- Toggles pin on session
- Toggles archive on session
- Body:
{title} - Renames session
- Returns:
{model, system_prompt}
- Body:
{system_prompt, model?, temperature?}
- Returns: Markdown file of single message
- Returns:
{provider, api_key, ollama_url} - Reads per-user first, falls back to global
- Body:
{provider, api_key, ollama_url} - Saves per-user (if logged in) or global
- Returns: Array of available models for current provider
- Returns:
{models: [{name}]}for current provider
- Returns:
{model, provider, api_key, system_prompt, temperature}
- Body: any of
{model, provider, api_key, system_prompt, temperature} - Stores per-user values
- Body:
{password} - Permanently deletes account (requires password confirmation)
- Returns: Array of all users
- Admin only
- Deletes user and all data
- Admin only
- Body:
{role: "user" | "admin"} - Admin only
- Returns:
{user, stats: {session_count, message_count, total_tokens}, sessions: [...]} - Admin only
- Body:
{password} - Admin resets user password (min 8 chars)
- Body:
{blocked: true | false} - Blocks/unblocks user account
- Returns:
{system_prompt, allow_registration}
- Body:
{system_prompt?, allow_registration?, provider?, model?}
- Returns: Array of tools (global + user's own)
- Body:
{name, description, definition, is_global?} - Creates a tool
- Body:
{name?, description?, definition?, enabled?}
- Upload document to project knowledge base
- Exports entire session in requested format
- Downloads database backup
- Uploads database backup (admin only)