SelfPrivacy API

API available as Swagger documentation, markdown version is below.

Version

1.2.0

Content negotiation

URI Scheme: http

Consumes: application/json

Produces: application/json

Access control

  • bearerAuth

All endpoints

backups

MethodURINameSummary
GET/services/restic/backup/listget services restic backup listGet all restic backups
GET/services/restic/backup/reloadget services restic backup reloadForce reload snapshots
GET/services/restic/backup/statusget services restic backup statusGet backup status
PUT/services/restic/backblaze/configput services restic backblaze configSet the new key for backblaze
PUT/services/restic/backup/createput services restic backup createInitiate a new restic backup
PUT/services/restic/backup/restoreput services restic backup restoreStart backup restoration

bitwarden

MethodURINameSummary
POST/services/bitwarden/disablepost services bitwarden disableDisable Bitwarden
POST/services/bitwarden/enablepost services bitwarden enableEnable Bitwarden

email

MethodURINameSummary
GET/services/mailserver/dkimget services mailserver dkimGet DKIM key from file

gitea

MethodURINameSummary
POST/services/gitea/disablepost services gitea disableDisable Gitea
POST/services/gitea/enablepost services gitea enableEnable Gitea

nextcloud

MethodURINameSummary
POST/services/nextcloud/disablepost services nextcloud disableDisable Nextcloud
POST/services/nextcloud/enablepost services nextcloud enableEnable Nextcloud

ocserv

MethodURINameSummary
POST/services/ocserv/disablepost services ocserv disableDisable OCserv
POST/services/ocserv/enablepost services ocserv enableEnable OCserv

pleroma

MethodURINameSummary
POST/services/pleroma/disablepost services pleroma disableDisable Pleroma
POST/services/pleroma/enablepost services pleroma enableEnable Pleroma

services

MethodURINameSummary
GET/services/statusget services statusGet service status

ssh

MethodURINameSummary
DELETE/services/ssh/keys/{username}delete services SSH keys usernameDelete SSH key
GET/services/sshget services SSHGet current SSH settings
GET/services/ssh/keys/{username}get services SSH keys usernameList SSH keys
POST/services/ssh/enablepost services SSH enableEnable SSH
POST/services/ssh/keys/{username}post services SSH keys usernameAdd SSH key to the user
PUT/services/sshput services SSHChange SSH settings
PUT/services/ssh/key/sendput services SSH key sendAdd a SSH root key

system

MethodURINameSummary
GET/api/versionget API versionGet API version
GET/system/configuration/applyget system configuration applyRebuild NixOS with nixos-rebuild switch
GET/system/configuration/autoUpgradeget system configuration auto upgradeGet current system autoupgrade settings
GET/system/configuration/pullget system configuration pullPull Repository Changes
GET/system/configuration/rollbackget system configuration rollbackRollback NixOS with nixos-rebuild switch --rollback
GET/system/configuration/timezoneget system configuration timezoneGet current system timezone
GET/system/configuration/upgradeget system configuration upgradeUpgrade NixOS with nixos-rebuild switch --upgrade
GET/system/pythonVersionget system python versionGet python version used by this API
GET/system/rebootget system rebootReboot the system
GET/system/versionget system versionGet system version from uname -a
PUT/system/configuration/autoUpgradeput system configuration auto upgradeChange system auto upgrade settings
PUT/system/configuration/timezoneput system configuration timezoneChange system timezone

tokens

MethodURINameSummary
DELETE/auth/tokensdelete auth tokensDelete token
GET/auth/recovery_tokenget auth recovery tokenGet recovery token status
GET/auth/tokensget auth tokensGet current device tokens
POST/auth/new_devicepost auth new deviceGet new device token
POST/auth/new_device/authorizepost auth new device authorizeAuthorize device
POST/auth/recovery_tokenpost auth recovery tokenGenerate recovery token
POST/auth/recovery_token/usepost auth recovery token useUse recovery token
POST/auth/tokenspost auth tokensRefresh token

users

MethodURINameSummary
DELETE/users/{username}delete users usernameDelete a user
GET/usersget usersGet a list of users
POST/userspost usersCreate a new user

Paths

Delete token (DeleteAuthTokens)

DELETE /auth/tokens

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeRequiredDefaultDescription
tokenbodyDeleteAuthTokensBodyToken's name to delete

All responses

CodeStatusDescription
200OKToken deleted
400Bad RequestBad request
404Not FoundToken not found
Inlined models

DeleteAuthTokensBody

Properties

NameTypeRequiredDefaultDescriptionExample
tokenstringToken name to delete

Delete SSH key (DeleteServicesSSHKeysUsername)

DELETE /services/ssh/keys/{username}

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeRequiredDefaultDescription
usernamepathstringUser to delete keys for
public_keybodyDeleteServicesSSHKeysUsernameBodyKey to delete

All responses

CodeStatusDescription
200OKSSH key deleted
401UnauthorizedUnauthorized
404Not FoundKey not found
Inlined models

DeleteServicesSSHKeysUsernameBody

Properties

NameTypeRequiredDefaultDescriptionExample
public_keystring

Delete a user (DeleteUsersUsername)

DELETE /users/{username}

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeRequiredDefaultDescription
usernamepathstringUser to delete

All responses

CodeStatusDescription
200OKDeleted user
400Bad RequestBad request
401UnauthorizedUnauthorized
404Not FoundUser not found

Get API version (GetAPIVersion)

GET /api/version

All responses

CodeStatusDescriptionSchema
200OKAPI versionschema
401UnauthorizedUnauthorized

Responses

200 - API version

Status: OK

Schema
NameTypeRequiredDefaultDescriptionExample
versionstringAPI version
401 - Unauthorized

Status: Unauthorized

Get recovery token status (GetAuthRecoveryToken)

GET /auth/recovery_token

Security Requirements

  • bearerAuth

All responses

CodeStatusDescriptionHas headersSchema
200OKRecovery token statusschema
400Bad RequestBad requestschema

Responses

200 - Recovery token status

Status: OK

Schema
NameTypeGo typeRequiredDefaultDescriptionExample
datestringstringRecovery token date
existsbooleanboolRecovery token exists
expirationstringstringRecovery token expiration date
uses_leftintegerint64Recovery token uses left
validbooleanboolRecovery token is valid
400 - Bad request

Status: Bad Request

Get current device tokens (GetAuthTokens)

GET /auth/tokens

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKList of tokens
400Bad RequestBad request

Get DKIM key from file (GetServicesMailserverDkim)

GET /services/mailserver/dkim

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKDKIM key encoded in base64
401UnauthorizedUnauthorized
404Not FoundDKIM key not found

Get all restic backups (GetServicesResticBackupList)

GET /services/restic/backup/list

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKA list of snapshots
400Bad RequestBad request
401UnauthorizedUnauthorized

Force reload snapshots (GetServicesResticBackupReload)

GET /services/restic/backup/reload

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSnapshots reloaded
400Bad RequestBad request
401UnauthorizedUnauthorized

Get backup status (GetServicesResticBackupStatus)

GET /services/restic/backup/status

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKBackup status
400Bad RequestBad request
401UnauthorizedUnauthorized

Get current SSH settings (GetServicesSSH)

GET /services/ssh

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSSH settings
400Bad RequestBad request

List SSH keys (GetServicesSSHKeysUsername)

GET /services/ssh/keys/{username}

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
usernamepathstringstringUser to list keys for

All responses

CodeStatusDescription
200OKSSH keys
401UnauthorizedUnauthorized

Get service status (GetServicesStatus)

GET /services/status

All responses

CodeStatusDescriptionSchema
200OKService statusschema
401UnauthorizedUnauthorizedschema

Responses

200 - Service status

Status: OK

Schema
NameTypeGo typeRequiredDefaultDescriptionExample
bitwardenintegerint64Bitwarden service status
giteaintegerint64Gitea service status
httpintegerint64Nginx service status
imapintegerint64Dovecot service status
nextcloudintegerint64Nextcloud service status
ocservintegerint64OpenConnect VPN service status
pleromaintegerint64Pleroma service status
smtpintegerint64Postfix service status
401 - Unauthorized

Status: Unauthorized

Rebuild NixOS with nixos-rebuild switch (GetSystemConfigurationApply)

GET /system/configuration/apply

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSystem rebuild has started
401UnauthorizedUnauthorized

Get current system autoupgrade settings (GetSystemConfigurationAutoUpgrade)

GET /system/configuration/autoUpgrade

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKAuto-upgrade settings
400Bad RequestBad request

Pull Repository Changes (GetSystemConfigurationPull)

GET /system/configuration/pull

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKGot update
201CreatedNothing to update
401UnauthorizedUnauthorized
500Internal Server ErrorSomething went wrong

Rollback NixOS with nixos-rebuild switch --rollback (GetSystemConfigurationRollback)

GET /system/configuration/rollback

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSystem rollback has started
401UnauthorizedUnauthorized

Get current system timezone (GetSystemConfigurationTimezone)

GET /system/configuration/timezone

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKTimezone
400Bad RequestBad request

Upgrade NixOS with nixos-rebuild switch --upgrade (GetSystemConfigurationUpgrade)

GET /system/configuration/upgrade

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSystem upgrade has started
401UnauthorizedUnauthorized

Get python version used by this API (GetSystemPythonVersion)

GET /system/pythonVersion

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKOK
401UnauthorizedUnauthorized

Reboot the system (GetSystemReboot)

GET /system/reboot

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSystem reboot has started
401UnauthorizedUnauthorized

Get system version from uname -a (GetSystemVersion)

GET /system/version

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKOK
401UnauthorizedUnauthorized

Get a list of users (GetUsers)

GET /users

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKA list of users
401UnauthorizedUnauthorized

Get new device token (PostAuthNewDevice)

POST /auth/new_device

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKNew device token
400Bad RequestBad request

Authorize device (PostAuthNewDeviceAuthorize)

POST /auth/new_device/authorize

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
databodyPostAuthNewDeviceAuthorizeBodyPostAuthNewDeviceAuthorizeBodyWho is authorizing

All responses

CodeStatusDescription
200OKDevice authorized
400Bad RequestBad request
404Not FoundToken not found
Inlined models

PostAuthNewDeviceAuthorizeBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
devicestringstringDevice to authorize
tokenstringstringMnemonic token to authorize

Generate recovery token (PostAuthRecoveryToken)

POST /auth/recovery_token

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
databodyPostAuthRecoveryTokenBodyPostAuthRecoveryTokenBodyToken data

All responses

CodeStatusDescriptionSchema
200OKRecovery token generatedschema
400Bad RequestBad request

Responses

200 - Recovery token generated

Status: OK

Schema
NameTypeGo typeRequiredDefaultDescriptionExample
tokenstringstringMnemonic recovery token
400 - Bad request

Status: Bad Request

Inlined models

PostAuthRecoveryTokenBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
expirationstringstringToken expiration date
usesintegerint64Token uses

Use recovery token (PostAuthRecoveryTokenUse)

POST /auth/recovery_token/use

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
databodyPostAuthRecoveryTokenUseBodyPostAuthRecoveryTokenUseBodyToken data

All responses

CodeStatusDescriptionSchema
200OKRecovery token usedschema
400Bad RequestBad request
404Not FoundToken not found

Responses

200 - Recovery token used

Status: OK

Schema
NameTypeGo typeRequiredDefaultDescriptionExample
tokenstringstringDevice authorization token
Inlined models

PostAuthRecoveryTokenUseBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
devicestringstringDevice to authorize
tokenstringstringMnemonic recovery token

Refresh token (PostAuthTokens)

POST /auth/tokens

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKToken refreshed
400Bad RequestBad request
404Not FoundToken not found

Disable Bitwarden (PostServicesBitwardenDisable)

POST /services/bitwarden/disable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKBitwarden disabled
401UnauthorizedUnauthorized

Enable Bitwarden (PostServicesBitwardenEnable)

POST /services/bitwarden/enable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKBitwarden enabled
401UnauthorizedUnauthorized

Disable Gitea (PostServicesGiteaDisable)

POST /services/gitea/disable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKGitea disabled
401UnauthorizedUnauthorized

Enable Gitea (PostServicesGiteaEnable)

POST /services/gitea/enable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKGitea enabled
401UnauthorizedUnauthorized

Disable Nextcloud (PostServicesNextcloudDisable)

POST /services/nextcloud/disable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKNextcloud disabled
401UnauthorizedUnauthorized

Enable Nextcloud (PostServicesNextcloudEnable)

POST /services/nextcloud/enable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKNextcloud enabled
401UnauthorizedUnauthorized

Disable OCserv (PostServicesOcservDisable)

POST /services/ocserv/disable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKOCserv disabled
401UnauthorizedUnauthorized

Enable OCserv (PostServicesOcservEnable)

POST /services/ocserv/enable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKOCserv enabled
401UnauthorizedUnauthorized

Disable Pleroma (PostServicesPleromaDisable)

POST /services/pleroma/disable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKPleroma disabled
401UnauthorizedUnauthorized

Enable Pleroma (PostServicesPleromaEnable)

POST /services/pleroma/enable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKPleroma enabled
401UnauthorizedUnauthorized

Enable SSH (PostServicesSSHEnable)

POST /services/ssh/enable

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKSSH enabled
401UnauthorizedUnauthorized

Add SSH key to the user (PostServicesSSHKeysUsername)

POST /services/ssh/keys/{username}

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
usernamepathstringstringUser to add keys for
public_keybodyPostServicesSSHKeysUsernameBodyPostServicesSSHKeysUsernameBody

All responses

CodeStatusDescription
201CreatedSSH key added
401UnauthorizedUnauthorized
404Not FoundUser not found
409ConflictKey already exists
Inlined models

PostServicesSSHKeysUsernameBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
public_keystringstring

Create a new user (PostUsers)

POST /users

Consumes

  • application/json

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
userbodyPostUsersBodyPostUsersBodyUser to create

All responses

CodeStatusDescription
201CreatedCreated user
400Bad RequestBad request
401UnauthorizedUnauthorized
409ConflictUser already exists
Inlined models

PostUsersBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
passwordstringstringUnix password.
usernamestringstringUnix username. Must be alphanumeric and less than 32 characters

Set the new key for backblaze (PutServicesResticBackblazeConfig)

PUT /services/restic/backblaze/config

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
backblazeSettingsbodyPutServicesResticBackblazeConfigBodyPutServicesResticBackblazeConfigBodyNew Backblaze settings

All responses

CodeStatusDescription
200OKNew Backblaze settings
400Bad RequestBad request
401UnauthorizedUnauthorized
Inlined models

PutServicesResticBackblazeConfigBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
accountIdstringstring
accountKeystringstring
bucketstringstring

Initiate a new restic backup (PutServicesResticBackupCreate)

PUT /services/restic/backup/create

Security Requirements

  • bearerAuth

All responses

CodeStatusDescription
200OKBackup creation has started
400Bad RequestBad request
401UnauthorizedUnauthorized
409ConflictBackup already in progress

Start backup restoration (PutServicesResticBackupRestore)

PUT /services/restic/backup/restore

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
backupbodyPutServicesResticBackupRestoreBodyPutServicesResticBackupRestoreBodyBackup to restore

All responses

CodeStatusDescription
200OKBackup restoration process started
400Bad RequestBad request
401UnauthorizedUnauthorized
Inlined models

PutServicesResticBackupRestoreBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
backupIdstringstring

Change SSH settings (PutServicesSSH)

PUT /services/ssh

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
sshSettingsbodyPutServicesSSHBodyPutServicesSSHBodySSH settings

All responses

CodeStatusDescription
200OKNew settings saved
400Bad RequestBad request
Inlined models

PutServicesSSHBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
enablebooleanbool
passwordAuthenticationbooleanbool

Add a SSH root key (PutServicesSSHKeySend)

PUT /services/ssh/key/send

Consumes

  • application/json

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
bodybodyPutServicesSSHKeySendBodyPutServicesSSHKeySendBodyPublic key to add

All responses

CodeStatusDescription
201CreatedKey added
400Bad RequestBad request
401UnauthorizedUnauthorized
409ConflictKey already exists
Inlined models

PutServicesSSHKeySendBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
public_keystringstringssh-ed25519 public key.

Change system auto upgrade settings (PutSystemConfigurationAutoUpgrade)

PUT /system/configuration/autoUpgrade

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
autoUpgradebodyPutSystemConfigurationAutoUpgradeBodyPutSystemConfigurationAutoUpgradeBodyAuto upgrade settings

All responses

CodeStatusDescription
200OKNew settings saved
400Bad RequestBad request
Inlined models

PutSystemConfigurationAutoUpgradeBody

Properties

NameTypeGo typeRequiredDefaultDescriptionExample
allowRebootbooleanbool
enablebooleanbool

Change system timezone (PutSystemConfigurationTimezone)

PUT /system/configuration/timezone

Security Requirements

  • bearerAuth

Parameters

NameSourceTypeGo typeSeparatorRequiredDefaultDescription
timezonebodyPutSystemConfigurationTimezoneBodyPutSystemConfigurationTimezoneBodyTimezone to set

All responses

CodeStatusDescription
200OKTimezone changed
400Bad RequestBad request
Inlined models

PutSystemConfigurationTimezoneBody Properties

NameTypeGo typeRequiredDefaultDescriptionExample
timezonestringstring