[GH-ISSUE #8312] Add option to allow Admin API usage regardless of "enable api key" setting for users #15077

New Issue

Closed

opened 2026-04-19 21:22:21 -05:00 by GiteaMirror · 4 comments

GiteaMirror commented 2026-04-19 21:22:21 -05:00

Owner

Copy Link

Originally created by @tkg61 on GitHub (Jan 3, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/8312

Feature Request

Is your feature request related to a problem? Please describe.
When disabling api keys, this disables for admins as well which might be unhelpful if mgmt needs to occur from other systems but users shouldn't use the API

Describe the solution you'd like
Have a configurable setting to allow admins to bypass user api key restrictions (both disabling and specific endpoints). Essentially continue to allow admins to have optional "god mode" at this level.

I would like to be able to completely administrate openwebui via API while not allowing users to use the API.

Originally created by @tkg61 on GitHub (Jan 3, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/8312 # Feature Request **Is your feature request related to a problem? Please describe.** When disabling api keys, this disables for admins as well which might be unhelpful if mgmt needs to occur from other systems but users shouldn't use the API **Describe the solution you'd like** Have a configurable setting to allow admins to bypass user api key restrictions (both disabling and specific endpoints). Essentially continue to allow admins to have optional "god mode" at this level. I would like to be able to completely administrate openwebui via API while not allowing users to use the API.

GiteaMirror closed this issue 2026-04-19 21:22:23 -05:00

GiteaMirror commented 2026-04-19 21:22:24 -05:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Jan 3, 2025):

You should be able to use JWT for this instead! (drop-in replacement)

<!-- gh-comment-id:2569833627 --> @tjbck commented on GitHub (Jan 3, 2025): You should be able to use JWT for this instead! (drop-in replacement)

GiteaMirror commented 2026-04-19 21:22:26 -05:00

Author

Owner

Copy Link

@DmitriyAlergant commented on GitHub (Jan 7, 2025):

Just remember that JWTs are temporary session-level. They change on user login, on Open-WebUI restart, plus may have expiration time if enabled.

Proper usage of JWT requires two-phase interaction, first with /signin using login&password (unless you are using OAuth then things are somewhat more complicated) then API calls using this JWT as a drop-in replacement from API Key.

<!-- gh-comment-id:2574440845 --> @DmitriyAlergant commented on GitHub (Jan 7, 2025): Just remember that JWTs are temporary session-level. They change on user login, on Open-WebUI restart, plus may have expiration time if enabled. Proper usage of JWT requires two-phase interaction, first with /signin using login&password (unless you are using OAuth then things are somewhat more complicated) then API calls using this JWT as a drop-in replacement from API Key.

GiteaMirror commented 2026-04-19 21:22:27 -05:00

Author

Owner

Copy Link

@tkg61 commented on GitHub (Jan 7, 2025):

We are needing service account like utilization. So this might still be relevant then?

<!-- gh-comment-id:2575081483 --> @tkg61 commented on GitHub (Jan 7, 2025): We are needing service account like utilization. So this might still be relevant then?

GiteaMirror commented 2026-04-19 21:22:27 -05:00

Author

Owner

Copy Link

@adhusch commented on GitHub (Sep 3, 2025):

@tjbck Is my understanding correct that its currently only possible to enable API keys globally for all users or not at all, or am i missing a configuration option? Thx

<!-- gh-comment-id:3248228702 --> @adhusch commented on GitHub (Sep 3, 2025): @tjbck Is my understanding correct that its currently only possible to enable API keys globally for all users or not at all, or am i missing a configuration option? Thx

GiteaMirror referenced this issue 2026-04-20 04:58:10 -05:00

[PR #15077] feat: Add Google Cloud Identity API support for OAuth group-based roles #23706

GiteaMirror referenced this issue 2026-04-25 11:58:04 -05:00

[PR #15077] feat: Add Google Cloud Identity API support for OAuth group-based roles #39336

GiteaMirror referenced this issue 2026-04-29 21:40:47 -05:00

[PR #15077] feat: Add Google Cloud Identity API support for OAuth group-based roles #46754

GiteaMirror referenced this issue 2026-05-06 06:46:11 -05:00

[PR #15077] feat: Add Google Cloud Identity API support for OAuth group-based roles #62562

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#15077