API Reference
The HomeBranch API is a NestJS REST API. All endpoints require a valid JWT access token
issued by the Authentication service, except where noted.
Authentication
Include the JWT access token in the Authorization header of every request:
Authorization: Bearer <access_token>
Tokens are issued by the Authentication service. The HomeBranch API
validates them using the shared JWT_ACCESS_SECRET.
Getting a token
Method POST
Path /auth/login
Description Authenticate and receive access + refresh tokens
Method POST
Path /auth/sign-up
Description Register a new user account
Method POST
Path /auth/refresh
Description Exchange a refresh token for a new access token
Method POST
Path /auth/refresh/invalidate
Description Invalidate the current refresh token (sign out)
Method GET
Path /auth/me
Description Return the current authenticated user's profile
| Method | Path | Description |
POST | /auth/login | Authenticate and receive access + refresh tokens |
POST | /auth/sign-up | Register a new user account |
POST | /auth/refresh | Exchange a refresh token for a new access token |
POST | /auth/refresh/invalidate | Invalidate the current refresh token (sign out) |
GET | /auth/me | Return the current authenticated user's profile |
OIDC single sign-on
Method GET
Path /auth/oidc/enabled
Description Returns whether OIDC SSO is configured (no auth required)
Method GET
Path /auth/login/oidc
Description Initiates the OIDC authorization flow — redirects to the provider
Method GET
Path /auth/login/oidc/callback
Description OIDC provider redirect callback — issues tokens on success
| Method | Path | Description |
GET | /auth/oidc/enabled | Returns whether OIDC SSO is configured (no auth required) |
GET | /auth/login/oidc | Initiates the OIDC authorization flow — redirects to the provider |
GET | /auth/login/oidc/callback | OIDC provider redirect callback — issues tokens on success |
Service configuration
Admin-only endpoints for managing the authentication configuration, including OIDC provider
settings and whether self-registration is enabled.
Method GET
Path /auth/config/public
Auth None
Description Retrieve public config: oidcEnabled, oidcProviderName, signupEnabled
Method GET
Path /auth/config
Auth Admin
Description Retrieve the full authentication configuration including OIDC credentials
Method PATCH
Path /auth/config
Auth Admin
Description Update authentication configuration (OIDC settings, signup toggle)
| Method | Path | Auth | Description |
GET | /auth/config/public | None | Retrieve public config: oidcEnabled, oidcProviderName, signupEnabled |
GET | /auth/config | Admin | Retrieve the full authentication configuration including OIDC credentials |
PATCH | /auth/config | Admin | Update authentication configuration (OIDC settings, signup toggle) |
Auth endpoints are served at /auth/* by the nginx proxy, routed to the
Authentication service. The HomeBranch API itself handles all /api/* routes.
Books
Manage your E-Book collection. Books are uploaded as multipart form data and stored
on the server filesystem. The maximum upload size is 50 MB.
Method GET
Path /api/books
Description List all books (paginated, supports search)
Method GET
Path /api/books/:id
Description Get a single book by ID
Method POST
Path /api/books
Description Upload a new E-Book file (multipart/form-data, field: file)
Method PATCH
Path /api/books/:id
Description Update book metadata
Method DELETE
Path /api/books/:id
Description Delete a book and its file
Method GET
Path /api/books/:id/file
Description Download the raw E-Book file
| Method | Path | Description |
GET | /api/books | List all books (paginated, supports search) |
GET | /api/books/:id | Get a single book by ID |
POST | /api/books | Upload a new E-Book file (multipart/form-data, field: file) |
PATCH | /api/books/:id | Update book metadata |
DELETE | /api/books/:id | Delete a book and its file |
GET | /api/books/:id/file | Download the raw E-Book file |
Pagination & search
List endpoints support pagination via ?page= and ?limit= query
parameters, and full-text search via ?search=.
Upload example
curl -X POST http://localhost/api/books \
-H "Authorization: Bearer <token>" \
-F "[email protected]"
Bookshelves
Bookshelves are user-defined collections. A book can belong to multiple bookshelves
(many-to-many relationship).
Method GET
Path /api/book-shelves
Description List all bookshelves for the current user
Method GET
Path /api/book-shelves/:id
Description Get a bookshelf and its books
Method POST
Path /api/book-shelves
Description Create a new bookshelf
Method PATCH
Path /api/book-shelves/:id
Description Rename a bookshelf
Method DELETE
Path /api/book-shelves/:id
Description Delete a bookshelf (books are not deleted)
Method POST
Path /api/book-shelves/:id/books
Description Add books to a bookshelf
Method DELETE
Path /api/book-shelves/:id/books/:bookId
Description Remove a book from a bookshelf
| Method | Path | Description |
GET | /api/book-shelves | List all bookshelves for the current user |
GET | /api/book-shelves/:id | Get a bookshelf and its books |
POST | /api/book-shelves | Create a new bookshelf |
PATCH | /api/book-shelves/:id | Rename a bookshelf |
DELETE | /api/book-shelves/:id | Delete a bookshelf (books are not deleted) |
POST | /api/book-shelves/:id/books | Add books to a bookshelf |
DELETE | /api/book-shelves/:id/books/:bookId | Remove a book from a bookshelf |
Favorites
Users can mark any book as a favorite. The toggle endpoint favorites the book on the first call
and removes it on a second call.
Method GET
Path /api/books/favorite
Description List the current user's favorite books (paginated, supports ?query=)
Method PUT
Path /api/books/:id/favorite
Description Toggle favorite status — favorites on first call, removes on second
| Method | Path | Description |
GET | /api/books/favorite | List the current user's favorite books (paginated, supports ?query=) |
PUT | /api/books/:id/favorite | Toggle favorite status — favorites on first call, removes on second |
Authors
Authors are created automatically when books are uploaded and can be browsed separately.
Method GET
Path /api/authors
Description List all authors (paginated)
Method GET
Path /api/authors/:id
Description Get an author and their books
| Method | Path | Description |
GET | /api/authors | List all authors (paginated) |
GET | /api/authors/:id | Get an author and their books |
Reading position sync
Saved positions store a CFI (Canonical Fragment Identifier) string and a percentage,
allowing the reader to resume exactly where it left off on any device.
// Save position
PUT /api/saved-positions
{
"bookId": "uuid-here",
"cfi": "epubcfi(/6/4[chap01]!/4/2/2/2:0)",
"percentage": 0.35
}
// Get position
GET /api/saved-positions/:bookId
Method GET
Path /api/saved-positions/:bookId
Description Get the saved reading position for a book
Method PUT
Path /api/saved-positions
Description Save or update a reading position
| Method | Path | Description |
GET | /api/saved-positions/:bookId | Get the saved reading position for a book |
PUT | /api/saved-positions | Save or update a reading position |
User management
User management endpoints are restricted to users with the admin role.
The first registered user is automatically assigned admin.
Method GET
Path /api/users
Description List all users (admin only)
Method GET
Path /api/users/me
Description Get the current authenticated user's profile
Method PATCH
Path /api/users/:id
Description Update a user's role or details (admin only)
Method DELETE
Path /api/users/:id
Description Delete a user account (admin only)
| Method | Path | Description |
GET | /api/users | List all users (admin only) |
GET | /api/users/me | Get the current authenticated user's profile |
PATCH | /api/users/:id | Update a user's role or details (admin only) |
DELETE | /api/users/:id | Delete a user account (admin only) |
Book deduplication
These endpoints are restricted to users with the admin role. Use them to
find and resolve duplicate EPUB files in the library.
Start by enqueuing a scan. Once the scan job completes, duplicates appear in the list
endpoint. Resolve each pair by posting a resolution action:
merge — keep the original, delete the duplicate and its filereplace — promote the duplicate as canonical, delete the originalkeep_both — mark as resolved without deleting either book
Method GET
Path /api/books/duplicates
Auth Admin
Description List unresolved duplicate pairs (paginated, supports ?limit= and ?offset=)
Method POST
Path /api/books/duplicates/scan
Auth Admin
Description Enqueue a duplicate scan job — returns 202 Accepted
Method POST
Path /api/books/duplicates/:id/resolve
Auth Admin
Description Resolve a duplicate pair with action: merge, replace, or keep_both
| Method | Path | Auth | Description |
GET | /api/books/duplicates | Admin | List unresolved duplicate pairs (paginated, supports ?limit= and ?offset=) |
POST | /api/books/duplicates/scan | Admin | Enqueue a duplicate scan job — returns 202 Accepted |
POST | /api/books/duplicates/:id/resolve | Admin | Resolve a duplicate pair with action: merge, replace, or keep_both |
OPDS catalog
HomeBranch exposes OPDS feeds for use with compatible e-reader apps (Kybook, Kavita-compatible
readers, Panels, etc.). Both OPDS 1.2 (Atom XML) and OPDS 2.0 (JSON) are supported.
OPDS endpoints require authentication. Point your e-reader app at
/api/opds/v1/catalog (or /api/opds/v2/catalog for OPDS 2.0) and
use your HomeBranch credentials. The AUTH_SERVICE_URL environment variable must
be set on the API service for OPDS authentication to work.
OPDS 1.2 (Atom XML)
Method GET
Path /api/opds/v1/catalog
Description OPDS 1.2 root catalog (Atom XML)
Method GET
Path /api/opds/v1/books
Description All books feed
Method GET
Path /api/opds/v1/books/new
Description New arrivals feed
Method GET
Path /api/opds/v1/bookshelves
Description List of bookshelves
Method GET
Path /api/opds/v1/bookshelves/:id
Description Books in a specific bookshelf
Method GET
Path /api/opds/v1/search
Description Search books (supports ?q=)
Method GET
Path /api/opds/v1/opensearch.xml
Description OpenSearch description document
Method GET
Path /api/opds/v1/auth
Description OPDS Authentication Document (no auth required)
Method GET
Path /api/opds/v1/download/:id
Description Download a book file
| Method | Path | Description |
GET | /api/opds/v1/catalog | OPDS 1.2 root catalog (Atom XML) |
GET | /api/opds/v1/books | All books feed |
GET | /api/opds/v1/books/new | New arrivals feed |
GET | /api/opds/v1/bookshelves | List of bookshelves |
GET | /api/opds/v1/bookshelves/:id | Books in a specific bookshelf |
GET | /api/opds/v1/search | Search books (supports ?q=) |
GET | /api/opds/v1/opensearch.xml | OpenSearch description document |
GET | /api/opds/v1/auth | OPDS Authentication Document (no auth required) |
GET | /api/opds/v1/download/:id | Download a book file |
OPDS 2.0 (JSON)
Method GET
Path /api/opds/v2/catalog
Description OPDS 2.0 root catalog (JSON)
Method GET
Path /api/opds/v2/books
Description All books feed
Method GET
Path /api/opds/v2/books/new
Description New arrivals feed
Method GET
Path /api/opds/v2/bookshelves
Description List of bookshelves
Method GET
Path /api/opds/v2/bookshelves/:id
Description Books in a specific bookshelf
Method GET
Path /api/opds/v2/search
Description Search books (supports ?q=)
| Method | Path | Description |
GET | /api/opds/v2/catalog | OPDS 2.0 root catalog (JSON) |
GET | /api/opds/v2/books | All books feed |
GET | /api/opds/v2/books/new | New arrivals feed |
GET | /api/opds/v2/bookshelves | List of bookshelves |
GET | /api/opds/v2/bookshelves/:id | Books in a specific bookshelf |
GET | /api/opds/v2/search | Search books (supports ?q=) |
Health check
Method GET
Path /api/health
Description Returns 200 OK when the API is running (no auth required)
| Method | Path | Description |
GET | /api/health | Returns 200 OK when the API is running (no auth required) |
