openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: API token authentication (PR #87 by rafaelfoster)

Browse Source 
Adds non-interactive API token authentication for external integrations:
- SHA-256-hashed tokens with prefix, expiry, revocation, and last-used tracking
- Bearer / X-API-Key header support; CSRF bypass for token-authenticated requests
- Admin UI in Settings to create and revoke tokens (one-time plaintext display)
- OpenAPI 3.0 spec served at /api/v1/openapi.json and /openapi.json
- Migration #17: api_tokens table
- Structured error logging in server/logger.js
- Removed CDN-backed Swagger UI (hard constraint), reverted CSP
- Translated all apiToken i18n keys to German

Co-Authored-By: rafaelfoster <rafaelfoster@users.noreply.github.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ulas Kalayci
2026-04-26 08:59:03 +02:00
parent 2e054a6cc4 cd68bbfae7
commit 127c774590
26 changed files with 1455 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/styles/settings.css
+7
View File
@@ -321,6 +321,13 @@
width: 100%;
}
.settings-token-output {
padding: var(--space-3);
border: 1px solid var(--color-border);
border-radius: var(--radius-sm);
background: var(--color-surface-2);
}
/* --------------------------------------------------------
Theme-Toggle
-------------------------------------------------------- */