Skip to content

API Authentication Updates (2.0 edition)#32

Merged
0xGingi merged 3 commits intonanogpt-community:mainfrom
thejudge22:api-updates
Jan 9, 2026
Merged

API Authentication Updates (2.0 edition)#32
0xGingi merged 3 commits intonanogpt-community:mainfrom
thejudge22:api-updates

Conversation

@thejudge22
Copy link
Copy Markdown

@thejudge22 thejudge22 commented Jan 9, 2026

Add Dual Authentication (Session + API Key) to All API Endpoints

Summary

This PR adds dual authentication support to all API endpoints, allowing users to authenticate using either session cookies (existing web UI behavior) or API keys via Bearer tokens (Authorization: Bearer nc_...).

Changes

New File

  • src/lib/backend/auth-utils.ts - Shared authentication utilities
    • getAuthenticatedUserId(request) - Tries API key first, falls back to session cookie
    • tryGetAuthenticatedUserId(request) - Returns undefined instead of throwing for optional auth
    • getUserIdFromApiKey(authHeader) - Validates Bearer token and returns userId

Updated Endpoints (28 files)

Category Endpoints
Assistants GET, POST /api/assistants • PATCH, DELETE, POST /api/assistants/[id]
Projects CRUD on /api/projects, /api/projects/[id], /api/projects/[id]/files, /api/projects/[id]/members
Database conversations, messages, message-interactions, message-ratings, user-settings, user-keys, user-rules, user-models, model-performance
Storage POST, DELETE /api/storage
Utilities cancel-generation, enhance-prompt, cleanup-temp-conversations, generate-follow-up-questions
NanoGPT balance, subscription-usage, model-providers, provider-preferences
User upload-avatar, karakeep/save-chat, api-keys

Documentation

  • Updated api-docs.md - Changed 46+ endpoint authentication labels to "Session or API Key"

Excluded Endpoints (Intentional)

Endpoint Reason
/api/tts, /api/stt, /api/video/* Use x-api-key for NanoGPT API, optional session for analytics
/api/storage/[id] Public file serving (no auth required)
/api/artificial-analysis/benchmarks Public endpoint
/api/generate-message Already had dual auth (reference implementation)
/api/auth/* Auth handler (login/signup)

Testing

# Test with API key
curl -X GET "http://localhost:3432/api/assistants" \
  -H "Authorization: Bearer nc_your_api_key"

# Test with session cookie (existing behavior)
curl -X GET "http://localhost:3432/api/assistants" \
  -b "session_cookie=your_session"

Verification

  • npm run build passes
  • ✅ All existing session-based authentication continues to work
  • ✅ API key authentication works for all updated endpoints

Antigravity added 3 commits January 8, 2026 22:04
docs: update API documentation with connection info, CURL examples, a…
e6f6184 
…nd missing endpoints
feat: add dual authentication (Session + API Key) to all API endpoints
8c2b87e 
- Create src/lib/backend/auth-utils.ts with shared authentication helpers:
  - getAuthenticatedUserId(request): Tries API key first, falls back to session
  - tryGetAuthenticatedUserId(request): Same but returns undefined instead of throwing
  - getUserIdFromApiKey(authHeader): Validates Bearer token and returns userId

- Update 28 endpoint files to use dual authentication:
  - Assistants: GET, POST, PATCH, DELETE, set-default
  - Projects: GET, POST, PATCH, DELETE, files, members endpoints
  - DB endpoints: conversations, messages, message-interactions, message-ratings,
    user-settings, user-keys, user-rules, user-models, model-performance
  - Storage: POST, DELETE
  - Utilities: cancel-generation, enhance-prompt, cleanup-temp-conversations,
    generate-follow-up-questions
  - NanoGPT: balance, subscription-usage, model-providers, provider-preferences
  - User: upload-avatar, karakeep/save-chat, api-keys

- Update api-docs.md to reflect dual auth support for all updated endpoints

Excluded endpoints (intentionally):
- TTS/STT/Video: Use x-api-key header for NanoGPT, optional session for analytics
- /api/storage/[id]: Public file serving
- /api/auth/*: Auth handler
- /api/artificial-analysis/benchmarks: Public endpoint
- /api/generate-message: Already had dual auth (reference implementation)
Create gemini.md
99aee06
@0xGingi 0xGingi merged commit 3b80535 into nanogpt-community:main Jan 9, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thejudge22 @0xGingi