Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nekohub.fengying.xin/llms.txt

Use this file to discover all available pages before exploring further.

NekoHub supports two authentication methods for management APIs.

JWT Bearer

Use JWT when the request acts on behalf of a logged-in user. First call POST /api/v1/auth/login, then send: 
Authorization: Bearer <access_token>
Example: 
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  http://localhost:5121/api/v1/assets
JWT is the only accepted method for:
  • POST /api/v1/auth/logout
  • GET /api/v1/auth/me

API key

Use API keys for scripts, automation, CI/CD, and MCP. API keys also use the Authorization header. Do not use the legacy custom header form: 
Authorization: Bearer <api_key>
Example: 
curl -H "Authorization: Bearer your-api-key" \
  http://localhost:5121/api/v1/assets
Enable it with: 
Auth__ApiKey__Enabled=true
Auth__ApiKey__Keys__0=your-strong-random-key
/mcp only accepts API keys.

Endpoint support matrix

Endpoint groupJWTAPI key
Public assetsNot requiredNot required
/content/{storageKey}Not requiredNot required
GET /api/v1/system/pingNot requiredNot required
GET /api/v1/system/bootstrapNot requiredNot required
POST /api/v1/auth/loginNot requiredNot required
POST /api/v1/auth/refreshNot requiredNot required
POST /api/v1/auth/logoutRequiredNot accepted
GET /api/v1/auth/meRequiredNot accepted
/api/v1/assetsAcceptedAccepted
/api/v1/usersAcceptedAccepted
/api/v1/system/storageAcceptedAccepted
/api/v1/system/ai/providersAcceptedAccepted
/mcpNot acceptedRequired

Common errors

HTTP statusError codeMeaning
401 Unauthorizedauth_unauthorizedMissing or invalid JWT
401 Unauthorizedapi_key_missingAPI key was not provided
401 Unauthorizedapi_key_invalidAPI key is invalid or the header format is wrong
401 Unauthorizedauth_token_expiredJWT expired
403 Forbiddenauth_forbiddenAuthenticated but not authorized