Is your feature request related to a problem? Please describe.
Paperless isn’t supposed to be exposed to the web without authentication. A popular choice is authelia or authentik, which send a user to a login page, possibly with MFA, and then sends a user through. This is called ForwardAuth.
Describe the solution you'd like
A common workaround is to have a header, X-Api-Key, which bypasses the authentication if it is known. It is a long string which is known only to the client program. Ideally I’d like all http requests to include this header.
Describe alternatives you've considered
Opening IPs, using it locally, using a VPN. This is a popular solution.
mTLS is also a good alternative and is supported by Paperless Mobile (the competing app currently in TestFlight). I’d also support that addition.
Additional context
As an example, a similar approach: https://www.reddit.com/r/LunaSeaApp/comments/uogs1u/radarr_behind_authelia/i8gedxk/
Is your feature request related to a problem? Please describe.
Paperless isn’t supposed to be exposed to the web without authentication. A popular choice is authelia or authentik, which send a user to a login page, possibly with MFA, and then sends a user through. This is called ForwardAuth.
Describe the solution you'd like
A common workaround is to have a header, X-Api-Key, which bypasses the authentication if it is known. It is a long string which is known only to the client program. Ideally I’d like all http requests to include this header.
Describe alternatives you've considered
Opening IPs, using it locally, using a VPN. This is a popular solution.
mTLS is also a good alternative and is supported by Paperless Mobile (the competing app currently in TestFlight). I’d also support that addition.
Additional context
As an example, a similar approach: https://www.reddit.com/r/LunaSeaApp/comments/uogs1u/radarr_behind_authelia/i8gedxk/