Clearly I'm missing some here and wanted to come back and see if you have any pointers to help me debug this further.
I debugged my previous system and could not get an API failed log in attempt error to appear in the logs at all so I created a completely new system based on stretch with Tiny Tiny RSS v17.4 (a6990df), php7.0 & postgres 9.6.
Logs are working fine for failed HTTP accesses - see log_image
API access works / doesn't work from both Reeder on iOS and OSX depending on the correct password or username entered but no matter what, I just can't pickup an error for a failed login attempt. I see the nginx access entry correctly but no failed response in error.log or the dashboard panel.
Would appreciate any guidance as to where to look deeper, tt-rss config, the fever code, my nginx config... Id even be happily directed to any more RTFM materials.
I'd call it a day and move on but given the report yours works fine it indicates some config error or lack of user knowledge on my part and Id be curious to resolve. Its not the end of the day, my API passwords are strong.