Skip to content

Add API key management system with support for multiple keys#212

Open
Rambomst wants to merge 1 commit into
dwot:mainfrom
Rambomst:feature/api-key-management
Open

Add API key management system with support for multiple keys#212
Rambomst wants to merge 1 commit into
dwot:mainfrom
Rambomst:feature/api-key-management

Conversation

@Rambomst

@Rambomst Rambomst commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Some of the recentish changes seem to have removed the ability to see the existing API keys, since I have baked them into firmware and wanted to add more devices I needed to either be able to see the existing key (not possible) or generate an additional one.

I don't really want to have to go and compile new firmware for my devices so...

This replaces the single API key with multiple named keys. You can add one per device, see when each was last used, and regenerate or revoke them individually. The existing key is migrated over and keeps working until you revoke it.

  • New api_keys table (migration 021, SQLite + Postgres)
  • Own API tab in Settings; key management is session-only
  • Unique names; keys included in backup/restore and SQLite→Postgres
  • Tests added and README updated

Disclaimer: All non-english translations are completely AI generated, and an AI coding assistant was used during development.

- Introduced new PostgreSQL and SQLite migrations to create `api_keys` table for managing multiple API keys per integration or device.
- Added handlers (`CreateAPIKeyHandler`, `RegenerateAPIKeyHandler`, `RevokeAPIKeyHandler`, and `GetAPIKeysHandler`) for API key CRUD operations.
- Replaced the legacy single `api_key` row in `settings` with the new table while ensuring backward compatibility for legacy keys.
- Implemented a prefix-based lookup and bcrypt hashing for secure and efficient API key verification.
- Updated UI to include API key management features: create, list, regenerate, and revoke API keys.
- Enhanced integration tests to cover API key CRUD operations, authentication, and legacy key migration.
- Refactored CSRF middleware to ensure session-based authentication for API key management operations.
- Added localization strings and updated templates for API key management UI elements.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant