Skip to content

Multi user and APIs

Jump to bottom
Josh Gunderson edited this page Jun 20, 2026 · 1 revision

Multi-user, API compatibility & integrations

API compatibility

  • GReader API — Google Reader-compatible API at /greader; works with Capy, Readrops, Aggregator, Read You, and other Android/desktop clients. Authenticate with your Lectio username and LECTIO_FEVER_PASSWORD (single mode) or your per-user API token from /account (multi mode).
  • Fever API — Fever-compatible API at /fever; works with Reeder, FeedMe, NetNewsWire, etc. Set LECTIO_FEVER_PASSWORD in .env to enable (single mode), or use your per-user API token from /account (multi mode). Uses a dedicated credential (not your main login) because Fever transmits credentials as MD5.

Multi-user (optional)

  • Security modesLECTIO_SECURITY_MODE=single (default) is the classic single-user setup. multi enables per-user accounts: each user gets isolated databases under data/users/<username>/, while thumbnails and image caches stay shared. Set the bootstrap admin with LECTIO_ADMIN_USERNAME / LECTIO_ADMIN_PASSWORD (created on first start), and pick a password hashing scheme with LECTIO_PASSWORD_HASH_SCHEME (scrypt default, pbkdf2_sha256, or argon2 with argon2-cffi installed).
  • Account page — visit /account to change your password and view/regenerate your API token; admins can create, disable, rename, and permanently delete users (deletion removes the account and its isolated data directory — feeds, folders, and saved articles — but leaves the shared image/thumbnail caches) and reset passwords. You cannot delete your own account or the last remaining admin. In multi mode each user authenticates to the GReader/Fever APIs with their own username + API token (shown on /account).
  • Outbound-fetch hardening — feed discovery, the source/Readability proxy, and image proxies refuse private/loopback/link-local targets (SSRF); only http(s) feed URLs can be subscribed (Add Feed / OPML reject file:// etc.); proxied page HTML is sanitized against XSS. Set LECTIO_DEBUG=1 only for local development — it disables the SSRF guard so LAN feeds work.
  • Migrating an existing instance — converting a single-user install to multi-user is a one-time copy of your data into the per-user layout; see docs/multiuser-migration.md (scripts/migrate_to_multiuser.py, dry-run by default).

Integrations

  • Instapaper — "Save to Instapaper" button in the entry toolbar
  • Email — Resend API for Email Article and Email Article rules
  • Settings UI — all API keys and options configurable in-app (env vars still accepted as fallback)

Clone this wiki locally