suggestion: use share key for api authentication #3
Replies: 2 comments 3 replies
-
|
I think you're thinking of the endpoints to get asset info, like But if there's another way to find out what assets are associated with a given share link (share |
Beta Was this translation helpful? Give feedback.
-
|
I'm not sure why it's called this, but |
Beta Was this translation helpful? Give feedback.
-
|
You LEGEND!!! I have no idea why it's called that either, but that is exactly what I was looking for! I will refactor to use that and remove API key completely. Thank you!! ❤️ |
Beta Was this translation helpful? Give feedback.
-
|
API key has now been removed - thank you very much @bo0tzz |
Beta Was this translation helpful? Give feedback.
-
|
Awesome! :D |
Beta Was this translation helpful? Give feedback.
-
The last part of a share link (
/share/<key>) can be used for API auth by appending it to the url (immich.local/api/foo?key=j3lij2w34892etc). It's probably not a straight swap (I don't know what endpoints you use right now, and the share key is limited) but in theory this should let you remove the need for an API key entirely, reducing the attack surface even more.Beta Was this translation helpful? Give feedback.
All reactions