The TrinaxAI RAG API uses a two-tier authentication model that balances local usability with security. Chat and read-only endpoints are intentionally open to trusted LAN origins — so the PWA on your phone works without configuration — while all mutating system endpoints are protected and require either localhost access or an explicit admin token.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/TrinaxCode/TrinaxAI/llms.txt
Use this file to discover all available pages before exploring further.
Open Endpoints (No Auth Required)
These endpoints are accessible from any origin that passes the CORS filter (private IPs on ports 3334 and 3335 by default):| Endpoint | Notes |
|---|---|
POST /v1/chat/completions | RAG chat; rate-limited to 30 req/min per IP |
GET /health | Service status overview |
GET /resources | RAM / VRAM telemetry |
GET /app-state | Read shared PWA configuration |
GET /collections | List all RAG collections |
GET /v1/memory | Read persistent memory entries |
GET /v1/memory/summary | Read the memory auto-summary |
GET /v1/watch/status | Check watcher state |
POST /documents/extract | Extract text from uploaded documents |
Protected Endpoints (Auth Required)
The following endpoints require the caller to be on localhost, a trusted LAN IP (whenTRINAXAI_ALLOW_LAN_SYSTEM=1), or to supply a valid admin token:
| Group | Endpoints |
|---|---|
| System control | All /system/* routes |
| App state | PUT /app-state, DELETE /app-state |
| Memory writes | POST /v1/memory, DELETE /v1/memory/{memory_id}, POST /v1/memory/refresh |
| Collection management | POST /collections, PATCH /collections/{collection_id}, DELETE /collections/{collection_id} |
| Research | POST /v1/research |
| Knowledge Browser | GET /v1/sources, GET /v1/sources/{collection}/{file:path}/chunks |
| Usage recording | POST /v1/usage, GET /v1/stats |
| File watcher | POST /v1/watch/start, POST /v1/watch/stop |
Authorization Mechanisms
1. Localhost Access (Always Allowed)
Requests originating from127.0.0.1, ::1, or localhost are trusted for all system endpoints without any token. This is the default for the CLI and for direct API calls on the host machine.
2. LAN Access
By default, system endpoints are not accessible from other devices on your network. Enable LAN system control by settingTRINAXAI_ALLOW_LAN_SYSTEM=1 in your .env:
TRINAXAI_ALLOW_LAN_SYSTEM=1 is set, requests from any private or link-local IP (RFC 1918 ranges: 10.x.x.x, 172.16–31.x.x, 192.168.x.x) are considered trusted. The --lan-system install flag enables this automatically and generates a strong admin token.
3. Admin Token
SetTRINAXAI_ADMIN_TOKEN in .env to require a token for all protected endpoints. Pass it in the X-Admin-Token request header:
HTTP 403 Forbidden immediately — it does not fall through to the localhost check.
Generating an Admin Token
Option 1 — OpenSSL (recommended):.env automatically. Retrieve it with:
.env:
CORS
The CORS middleware is configured with an explicit allowlist — not a wildcard* — to restrict which browser origins can make cross-origin requests.
Default allowed origins:
TRINAXAI_CORS_ORIGINS:
* only for development — this disables origin checking entirely:
Example Requests
The
--insecure flag (or -k) is required when using curl against https://localhost:3333 because TrinaxAI uses a self-signed certificate. In Python, the equivalent is verify=False in requests, or setting TRINAXAI_TLS_VERIFY=0 to use the built-in create_ssl_context() helper in config.py.Summary
| Caller | Localhost | LAN (ALLOW_LAN_SYSTEM=1) | Remote |
|---|---|---|---|
| Open endpoints | ✅ Allowed | ✅ Allowed (CORS filter) | ✅ Allowed (CORS filter) |
| System endpoints (no token set) | ✅ Allowed | ✅ Allowed | ❌ Blocked |
| System endpoints (token set, correct) | ✅ Allowed | ✅ Allowed | ✅ Allowed |
| System endpoints (token set, wrong) | ❌ 403 | ❌ 403 | ❌ 403 |