mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2026-05-09 07:25:01 -04:00
5291c8ad3a
* Refactor AdventureLog Bot workflow to improve issue validation handling and encapsulate comment and close logic * feat: add API key management to settings page - Implemented API key creation, deletion, and display functionality. - Updated the settings page to fetch and show existing API keys. - Added UI elements for creating new API keys and copying them to clipboard. - Enhanced request handling to ensure proper trailing slashes for API endpoints. * feat: add API Keys documentation and update contributing guidelines * fix: update appVersion to reflect the latest build * fix: update @tailwindcss/typography to version 0.5.19 * fix: update @tailwindcss/typography to version 0.5.19 * chore: update dependencies in pnpm-lock.yaml - dompurify: upgraded from 3.3.1 to 3.3.3 - emoji-picker-element: upgraded from 1.29.0 to 1.29.1 - @sveltejs/adapter-node: updated to use @sveltejs/kit@2.55.0 - @sveltejs/adapter-vercel: updated to use @sveltejs/kit@2.55.0 - @sveltejs/kit: upgraded from 2.53.3 to 2.55.0 - @types/node: upgraded from 22.19.13 to 22.19.15 - autoprefixer: updated postcss version from 8.5.6 to 8.5.8 - baseline-browser-mapping: upgraded from 2.10.0 to 2.10.8 - daisyui: updated postcss version from 8.5.6 to 8.5.8 - prettier-plugin-svelte: upgraded from 3.5.0 to 3.5.1 - svelte-check: updated postcss version from 8.5.6 to 8.5.8 - devalue: upgraded from 5.6.3 to 5.6.4 - electron-to-chromium: upgraded from 1.5.302 to 1.5.313 - caniuse-lite: upgraded from 1.0.30001774 to 1.0.30001780 - mlly: upgraded from 1.8.0 to 1.8.1 - node-releases: upgraded from 2.0.27 to 2.0.36 - tar: upgraded from 7.5.9 to 7.5.11 - tinyexec: upgraded from 1.0.2 to 1.0.4 * fix: update appVersion to include the latest build identifier * fix: enhance authentication fallback for protected media access * feat(auth): add 'mobile-qr' to trailing slash list for URL handling * Translated using Weblate (French) Currently translated at 99.9% (1091 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/fr/ * Translated using Weblate (Korean) Currently translated at 100.0% (1092 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/ko/ * Translated using Weblate (German) Currently translated at 100.0% (1092 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * Translated using Weblate (Swedish) Currently translated at 100.0% (1092 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/sv/ * Added translation using Weblate (Catalan) * Translated using Weblate (Catalan) Currently translated at 1.2% (14 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/ca/ * Docs: Reorder immich API permissions to natural order (#1086) * Refactor AdventureLog Bot workflow to improve issue validation handling and encapsulate comment and close logic (#1068) * Reorder immich API permissions to natural order --------- Co-authored-by: Sean Morley <git@seanmorley.com> * Translated using Weblate (Turkish) Currently translated at 100.0% (1093 of 1093 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/tr/ * Translated using Weblate (Swedish) Currently translated at 100.0% (1093 of 1093 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/sv/ * Translated using Weblate (German) Currently translated at 100.0% (1093 of 1093 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * Add ENABLE_RATE_LIMITS configuration for backend rate limiting * Set tabindex to -1 for dropdown menus to improve accessibility * Refactor settings page: Simplify HTML structure and improve date formatting for API keys * Update DEFAULT_SCHEMA_CLASS to use OpenAPI schema in REST framework settings * fix: update error message for key copying and enhance usage instructions for API key * Implement feature X to enhance user experience and fix bug Y in module Z * feat: add .dockerignore and update Dockerfile for improved build process * fix: add missing svelte-i18n>esbuild override in pnpm-lock and pnpm-workspace files * refactor: update frontend CI workflow for improved quality checks and dependency management * Refactor code structure for improved readability and maintainability * fix: add vite>esbuild override in pnpm-lock and pnpm-workspace files * refactor: enhance accessibility and semantics of button elements across multiple components * feat: update API key deletion confirmation messages in multiple languages and improve server URL configuration * fix: update djangorestframework version constraint and drf-yasg version in requirements * fix: update appVersion to v0.12.0-main-040426 and refactor button elements to improve accessibility in CollectionCard and CollectionItineraryPlanner components * feat: implement developer unlock feature for mobile login in Avatar component --------- Co-authored-by: lesensei <alain-gh@lespeps.eu> Co-authored-by: Hosted Weblate user 141821 <clearstripe@users.noreply.hosted.weblate.org> Co-authored-by: Alex <div@alexe.at> Co-authored-by: AntonPalmqvist <apq@users.noreply.hosted.weblate.org> Co-authored-by: Marc Llopart <marc@medullar.com> Co-authored-by: Stephan Zwicknagl <64196842+stephanzwicknagl@users.noreply.github.com> Co-authored-by: Orhun <orhunavcu@gmail.com> Co-authored-by: bittin1ddc447d824349b2 <bittin@reimu.nl>
2.2 KiB
2.2 KiB
API Keys
API keys let you authenticate with AdventureLog's REST API without using a session cookie. This is useful for scripts, integrations, or any programmatic access to your data.
Creating an API Key
- Go to Settings → Security (or navigate to
/settings?tab=security) - Enter a descriptive name for the key (e.g.
home-automation,backup-script) - Click Create Key
The full key is displayed once immediately after creation. Copy it now — it cannot be retrieved again. Only a prefix (e.g. al_xxxxxxxx…) is stored and shown afterward for identification purposes.
Using an API Key
Include the key in every request using either of these headers:
Preferred:
X-API-Key: al_your_key_here
Alternative:
Authorization: Api-Key al_your_key_here
Example with curl
curl https://your-adventurelog-instance.com/api/adventures/ \
-H "X-API-Key: al_your_key_here"
Example with Python
import requests
headers = {"X-API-Key": "al_your_key_here"}
response = requests.get("https://your-adventurelog-instance.com/api/locations/", headers=headers)
print(response.json())
Managing Keys
All your keys are listed under Settings → Security. Each entry shows:
| Field | Description |
|---|---|
| Name | The label you gave the key |
| Prefix | Short identifier (e.g. al_xxxxxxxx…) |
| Created | When the key was generated |
| Last Used | The most recent request that used the key (or Never used) |
Revoking a Key
Click Revoke next to any key to permanently delete it. Revoked keys stop working immediately. There is no way to restore a revoked key.
Security Notes
- Raw key values are never stored — only a SHA-256 hash is kept on the server.
- API key requests bypass CSRF checks, so keep your keys secure and treat them like passwords.
- Create separate keys for separate use cases so you can revoke individual access without affecting others.
- If a key is ever exposed, revoke it immediately and generate a new one.