Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/brimblehq/rexec/llms.txt

Use this file to discover all available pages before exploring further.

The Security API allows users to protect their Rexec account with an additional passcode layer and configure screen lock behavior.

Overview

Rexec provides screen-level security features:
  • Screen Lock: Auto-lock after inactivity
  • Passcode Protection: 6-digit PIN for unlocking
  • Single Session Mode: Prevent concurrent logins
  • Terminal MFA Lock: Lock individual terminals with MFA
Screen lock is separate from MFA. It’s a lightweight protection for shared workstations.

Get security settings

GET /api/security Retrieve current security configuration.
curl
curl https://api.rexec.sh/api/security \
  -H "Authorization: Bearer YOUR_TOKEN"
enabled
boolean
Whether screen lock is enabled
lock_after_minutes
integer
Minutes of inactivity before auto-lock (default: 15)
single_session_mode
boolean
Whether single session mode is enabled
has_passcode
boolean
Whether a passcode is set

Set passcode

POST /api/security/passcode Set or change the screen lock passcode.
new_passcode
string
required
6-digit numeric passcode
current_passcode
string
Required when changing existing passcode
lock_after_minutes
integer
Auto-lock timeout (5-120 minutes)
curl
curl -X POST https://api.rexec.sh/api/security/passcode \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "new_passcode": "123456",
    "lock_after_minutes": 15
  }'
Store your passcode securely. If lost, you must contact support to reset.

Update settings

PATCH /api/security Update auto-lock timeout.
lock_after_minutes
integer
required
Minutes before auto-lock (5-120)
curl
curl -X PATCH https://api.rexec.sh/api/security \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"lock_after_minutes": 30}'

Lock account

POST /api/security/lock Manually lock the account immediately.
curl
curl -X POST https://api.rexec.sh/api/security/lock \
  -H "Authorization: Bearer YOUR_TOKEN"

Unlock account

POST /api/security/unlock Unlock with passcode. Returns a new JWT token.
passcode
string
required
6-digit passcode
curl
curl -X POST https://api.rexec.sh/api/security/unlock \
  -H "Content-Type: application/json" \
  -d '{"passcode": "123456"}'
token
string
New JWT token (previous token is invalidated)
user
object
Updated user object

Remove passcode

DELETE /api/security/passcode Disable screen lock by removing passcode.
current_passcode
string
required
Current passcode to confirm
curl
curl -X DELETE https://api.rexec.sh/api/security/passcode \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"current_passcode": "123456"}'

Single session mode

POST /api/security/single-session Enable or disable single session mode. When enabled, logging in from a new location revokes all other sessions.
enabled
boolean
required
Enable or disable single session mode
curl
curl -X POST https://api.rexec.sh/api/security/single-session \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"enabled": true}'

Terminal MFA lock

Lock individual terminals with MFA protection.

Get terminal MFA status

GET /api/security/terminal/:containerId/mfa-status
curl
curl https://api.rexec.sh/api/security/terminal/cont_123/mfa-status \
  -H "Authorization: Bearer YOUR_TOKEN"
locked
boolean
Whether terminal is MFA-locked
locked_at
string
ISO timestamp when locked

Lock terminal

POST /api/security/terminal/:containerId/mfa-lock Require MFA code to access this terminal.
curl
curl -X POST https://api.rexec.sh/api/security/terminal/cont_123/mfa-lock \
  -H "Authorization: Bearer YOUR_TOKEN"
MFA must be enabled on your account to use terminal locks.

Unlock terminal

POST /api/security/terminal/:containerId/mfa-unlock
code
string
required
6-digit MFA code
curl
curl -X POST https://api.rexec.sh/api/security/terminal/cont_123/mfa-unlock \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"code": "123456"}'

Verify MFA for temporary access

POST /api/security/terminal/:containerId/mfa-verify Verify MFA for temporary access without permanently unlocking.
code
string
required
6-digit MFA code
curl
curl -X POST https://api.rexec.sh/api/security/terminal/cont_123/mfa-verify \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"code": "123456"}'

Error codes

CodeMessageDescription
400Invalid passcode formatPasscode must be 6 digits
401Incorrect passcodeWrong passcode provided
403Account lockedMust unlock before access
404No passcode setCannot unlock without passcode
429Too many attemptsRate limited after failed unlocks

Best practices

  • Set auto-lock for shared workstations (5-15 minutes)
  • Use single session mode for high-security accounts
  • Lock sensitive terminals with MFA
  • Don’t share passcodes—they’re per-user
  • Test unlock before relying on screen lock

Build docs developers (and LLMs) love

Get started for freeTalk to us