starred/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00
Code Issues 754 Projects Packages Wiki Activity

API keys and creating a monitor #2503

New issue
Closed
opened 2026-02-28 02:57:04 -05:00 by deekerman · 5 comments
deekerman commented 2026-02-28 02:57:04 -05:00
Owner
Copy link

Originally created by @anthonyra on GitHub (Aug 21, 2023).

⚠️ Please verify that this bug has NOT been raised before.

  • I checked and didn't find similar issue

🛡️ Security Policy

📝 Describe your problem

It appears that the socket.io API can be used to create monitors. Based on the wrapper here https://github.com/lucasheld/uptime-kuma-api/tree/master however I'm not sure if this falls under the scope of what the API keys can authorize?

Since I'm not sure if the socket.io API is considered one of the "secured HTTP APIs" as described in https://github.com/louislam/uptime-kuma/wiki/API-Keys or not...

I'm currently trying to install monitors with ansible-pull so the credentials could in theory be accessible on local storage of the host. I'd much rather it be the API key vs the admin user:password or JWT representing that same user.

📝 Error Message(s) or Log

No response

🐻 Uptime-Kuma Version

1.23.0

💻 Operating System and Arch

Ubuntu 22.04.2 LTS

🌐 Browser

Mozilla Firefox 116.0.3 (64-bit)

🐋 Docker Version

not using docker

🟩 NodeJS Version

18.17.1

Originally created by @anthonyra on GitHub (Aug 21, 2023). ### ⚠️ Please verify that this bug has NOT been raised before. - [X] I checked and didn't find similar issue ### 🛡️ Security Policy - [X] I agree to have read this project [Security Policy](https://github.com/louislam/uptime-kuma/security/policy) ### 📝 Describe your problem It appears that the socket.io API can be used to create monitors. Based on the wrapper here <https://github.com/lucasheld/uptime-kuma-api/tree/master> however I'm not sure if this falls under the scope of what the API keys can authorize? Since I'm not sure if the socket.io API is considered one of the "secured HTTP APIs" as described in <https://github.com/louislam/uptime-kuma/wiki/API-Keys> or not... I'm currently trying to install monitors with `ansible-pull` so the credentials could in theory be accessible on local storage of the host. I'd much rather it be the API key vs the admin user:password or JWT representing that same user. ### 📝 Error Message(s) or Log _No response_ ### 🐻 Uptime-Kuma Version 1.23.0 ### 💻 Operating System and Arch Ubuntu 22.04.2 LTS ### 🌐 Browser Mozilla Firefox 116.0.3 (64-bit) ### 🐋 Docker Version not using docker ### 🟩 NodeJS Version 18.17.1
deekerman 2026-02-28 02:57:04 -05:00
  • closed this issue
  • added the
    Stale
    help
         labels
deekerman commented 2026-02-28 02:57:10 -05:00
Author
Owner
Copy link

@Computroniks commented on GitHub (Aug 21, 2023):

API keys currently only cover the Prometheus /metrics endpoint

@Computroniks commented on GitHub (Aug 21, 2023): API keys currently only cover the Prometheus /metrics endpoint
deekerman commented 2026-02-28 02:57:10 -05:00
Author
Owner
Copy link

@anthonyra commented on GitHub (Aug 21, 2023):

Ahh is there a chance for there to be support on the socket.io side?

@anthonyra commented on GitHub (Aug 21, 2023): Ahh is there a chance for there to be support on the socket.io side?
deekerman commented 2026-02-28 02:57:10 -05:00
Author
Owner
Copy link

@CommanderStorm commented on GitHub (Aug 21, 2023):

No, not in the immediate term, because this would invalidate

The API key cannot be used to access the web interface

=> Allowing more access to api keys requires a permission system.
=> see #128 and #118 for plans to get there.

If you want to help with this feature, here is our contribution guide:
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md

@CommanderStorm commented on GitHub (Aug 21, 2023): No, not in the immediate term, because this would invalidate > The API key cannot be used to access the web interface => Allowing more access to api keys requires a permission system. => see #128 and #118 for plans to get there. If you want to help with this feature, here is our contribution guide: https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md
deekerman commented 2026-02-28 02:57:10 -05:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Nov 19, 2023):

We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.

@github-actions[bot] commented on GitHub (Nov 19, 2023): We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.
deekerman commented 2026-02-28 02:57:10 -05:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Nov 21, 2023):

This issue was closed because it has been stalled for 2 days with no activity.

@github-actions[bot] commented on GitHub (Nov 21, 2023): This issue was closed because it has been stalled for 2 days with no activity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
npm-update
3.0.X
dev-better-auth
copilot/remove-password-complexity-requirements
2.2.X
copilot/sub-pr-6355
1.23.X
api-via-socketio-client
2.1.3
2.1.2
2.1.1
2.1.0
2.1.0-beta.3
2.1.0-beta.2
2.1.0-beta.1
2.1.0-beta.0
2.0.2
2.0.1
1.23.17
2.0.0
2.0.0-beta.4
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.2-temp
2.0.0-beta.1
1.23.16
2.0.0-beta.0
1.23.15
1.23.14
1.23.13
1.23.12
1.23.11
1.23.10
1.23.9
1.23.8
1.23.7
1.23.6
1.23.5
1.23.5-beta.0
1.23.4
1.23.3
1.23.2
1.23.1
1.23.0
1.23.0-beta.1
1.23.0-beta.0
1.22.1
1.22.0
1.22.0-beta.0
1.21.3
1.21.2
1.21.2-beta.0
1.21.1
1.21.0
1.21.0-beta.1
1.21.0-beta.0
1.20.2
1.20.1
1.20.0
1.20.0-beta.0
1.19.6
1.19.5
1.19.4
1.19.3
1.19.2
1.19.1
1.19.0
1.19.0-beta.2
1.19.0-beta.1
1.19.0-beta.0
1.18.5
1.18.4
1.18.3
1.18.2
1.18.1
1.18.0
1.18.0-beta.0
1.17.1
1.17.0
1.17.0-beta.1
1.17.0-beta.0
1.16.1
1.16.0
1.16.0-beta.0
1.15.1
1.15.0
1.15.0-beta.1
1.14.1
1.15.0-beta.0
1.14.0
1.14.0-beta.2
1.13.2
1.14.0-beta.1
1.14.0-beta.0
1.13.1
1.13.0
1.13.0-beta.2
1.13.0-beta.1
1.13.0-beta.0
1.12.1
1.12.0
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.2
1.10.1
1.10.0
1.9.2
1.9.1
1.9.0
1.8.0
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.3.2
1.3.1
1.3.0
1.2.0
1.1.0
1.0.10
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
Labels
Clear labels   
A:accessibility

   
A:api

   
A:cert-expiry

   
A:core

   
A:dashboard

   
A:deployment

   
A:documentation

   
A:domain expiry

   
A:incidents

   
A:maintenance

   
A:metrics

   
A:monitor

   
A:notifications

   
A:reports

   
A:settings

   
A:status-page

   
A:ui/ux

   
A:user-management

   
Stale

   
ai-slop

   
blocked

   
blocked-upstream

   
bug

   
cannot-reproduce

   
dependencies

   
discussion

   
duplicate

   
feature-request

   
feature-request

   
good first issue

   
hacktoberfest

   
help

   
help wanted

   
house keeping

   
invalid

   
invalid-format

   
invalid-format

   
question

   
releaseblocker 🚨

   
security

   
spam

   
type:enhance-existing

   
type:new

   
wontfix
No labels
A:accessibility
A:api
A:cert-expiry
A:core
A:dashboard
A:deployment
A:documentation
A:domain expiry
A:incidents
A:maintenance
A:metrics
A:monitor
A:notifications
A:reports
A:settings
A:status-page
A:ui/ux
A:user-management
Stale
ai-slop
blocked
blocked-upstream
bug
cannot-reproduce
dependencies
discussion
duplicate
feature-request
feature-request
good first issue
hacktoberfest
help
help wanted
house keeping
invalid
invalid-format
invalid-format
question
releaseblocker 🚨
security
spam
type:enhance-existing
type:new
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/uptime-kuma#2503
No description provided.