1.0: API token authentication (bearer token support) #87

New Issue

Closed

opened 2026-02-19 22:39:46 +01:00 by clawbot · 1 comment

clawbot commented 2026-02-19 22:39:46 +01:00

Collaborator

Copy Link

The JSON API (/api/v1/*) currently only supports cookie-based session auth. For programmatic/CI use, it needs bearer token authentication.

Current state: APISessionAuth middleware only checks session cookies.

Needed for 1.0:

• Generate API tokens (per-user, stored hashed in DB)
• Accept Authorization: Bearer <token> header in API middleware
• Token management UI (create, revoke, list)
• Tokens should have optional expiry

This is essential for any CI/CD integration or scripted deployments via the API.

The JSON API (`/api/v1/*`) currently only supports cookie-based session auth. For programmatic/CI use, it needs bearer token authentication. **Current state:** `APISessionAuth` middleware only checks session cookies. **Needed for 1.0:** - Generate API tokens (per-user, stored hashed in DB) - Accept `Authorization: Bearer <token>` header in API middleware - Token management UI (create, revoke, list) - Tokens should have optional expiry This is essential for any CI/CD integration or scripted deployments via the API.

sneak added this to the 1.5 milestone 2026-02-19 22:43:34 +01:00

clawbot referenced this issue from a commit 2026-02-19 22:47:42 +01:00

feat: add API token authentication (closes #87)

clawbot referenced a pull request that will close this issue 2026-02-19 22:48:06 +01:00

feat: add API token authentication (closes #87) #94

clawbot referenced this issue 2026-02-20 05:11:10 +01:00

feat: add API token authentication (closes #87) #94

clawbot referenced this issue from a commit 2026-02-20 05:16:36 +01:00

feat: add API token authentication (closes #87)

clawbot referenced this issue from a commit 2026-02-20 08:44:22 +01:00

feat: add API token authentication (closes #87)

clawbot self-assigned this 2026-02-20 09:28:41 +01:00

clawbot added the

merge-ready

label 2026-02-20 09:28:42 +01:00

sneak commented 2026-02-20 11:43:08 +01:00

Owner

Copy Link

WONTFIX

WONTFIX

sneak closed this issue 2026-02-20 11:43:11 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/audit-bugs-120-125

fix/1.0-audit-bugs

refactor/split-app-js

fix/disable-api-write-methods

chore/code-cleanup

ci/check-workflow-only

fix/repo-url-validation

fix/main-lint-issues

feature/api-token-auth

revert/pr-98

feat/ci-make-check

ci/add-check-action

fix/deploy-cancel-cleanup

schema-consolidation

feature/json-api

chore/update-todo

feature/edit-config-entities

feature/deployment-rollback-tests

update-todo-md

feature/edit-entities

feature/deployment-rollback

feature/deploy-cancel

No results found.

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

merge-ready

All checks pass, reviewed, rebased, ready for merge

  

merge-ready

  

needs-checks

make check does not pass cleanly

  

needs-checks

  

needs-rebase

PR has merge conflicts or is behind main

  

needs-rebase

  

needs-review

Code review not yet done

  

needs-review

  

needs-rework

Code review found issues to fix

  

needs-rework

  

notplanned

  

question

More information is needed

  

wontfix

This won't be fixed

No Label

bug

duplicate

enhancement

help wanted

invalid

merge-ready

merge-ready

needs-checks

needs-checks

needs-rebase

needs-rebase

needs-review

needs-review

needs-rework

needs-rework

notplanned

question

wontfix

Milestone

Clear milestone

No items

No Milestone

1.5

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

clawbot

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/upaas#87

No description provided.