The Rift CE web API uses a simple password-based authentication scheme. You configure the password in Settings → Web Server, then supply it with every request. Authentication is checked before any endpoint logic runs — a bad or missing credential short-circuits the request immediately.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/N3XT3R1337/RiftCE/llms.txt
Use this file to discover all available pages before exploring further.
Passing your password
There are two ways to authenticate:HTTP header (recommended)
Add the Prefer this method in scripts and automation — it keeps credentials out of URLs and server logs.
X-Rift-Password header to your request:X-Rift-Password is present it takes precedence; otherwise the password query parameter is read.
Disabling authentication
SettingWebServerRequirePassword to false in Settings disables the password check entirely. All requests are accepted without any credential.
401 Unauthorized
WhenWebServerRequirePassword is true and the supplied password does not match, the server returns:
Permission flags
Authentication grants access to the server — not necessarily to every endpoint. Each category of endpoint is independently gated by a permission flag in Settings → Web Server. Calling a disabled endpoint returns403 Forbidden even with a valid password.
| Flag | Default | Endpoints controlled |
|---|---|---|
WebServerAllowGetAccounts | true | GET /getaccounts |
WebServerAllowGetCookie | false | GET /getcookie |
WebServerAllowLaunch | true | GET /launchaccount |
WebServerAllowEditing | false | /setalias, /setdescription, /setgroup, /getfield, /setfield, /removefield |
WebServerAllowGetCookie and WebServerAllowEditing are off by default because they expose sensitive data or allow modifications to your vault. Enable them only when your automation genuinely requires them.