Flowise icon indicating copy to clipboard operation
Flowise copied to clipboard
Published 1 month ago verified publisher icon FlowiseAI

[BUG] API authentication insecure

Open 4rr0wx opened this issue 1 year ago • 0 comments

Currently, there is no secure way to authenticate with the Flowise API. Anyone who knows the endpoint and the Chatflow ID can theoretically access all the data. The option to use API keys as headers for requests only marginally improves security.

Expected Behavior

We need the ability to create and manage users within FlowiseAI. Furthermore, there should be functionality that allows users to authenticate with the API using email/username and password. After authentication, a token should be returned, which will be used for further communication.

Improvement Suggestions

1.	Implement user management within FlowiseAI.
2.	Add an authentication option using email/username and password for API access.
3.	Return a token after successful authentication, which will be used for subsequent communication.
4.	Provide the ability to restrict access to specific chats for certain users.

These changes would significantly enhance the security and control over access to the Flowise API.

Thank you for considering these suggestions.

4rr0wx avatar Jul 18 '24 07:07 4rr0wx