mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 23:21:44 -05:00
[GH-ISSUE #24434] bug: API key regenerated immediately on arrow click — no confirmation or save required #91041
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @schmunk42 on GitHub (May 7, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/24434
Check Existing Issues
Installation Method
Docker
Open WebUI Version
0.9.2
Ollama Version (if applicable)
No response
Operating System
Debian 12
Browser (if applicable)
Chromium 147.0.7727.137
Confirmation
README.md.Expected Behavior
Clicking the regenerate/refresh arrow button next to the API key in Settings → Account → API Keys should either:
Actual Behavior
Clicking the arrow button immediately and irrevocably replaces the API key — no confirmation dialog is shown, and no Save button click is required. The old token is invalidated instantly, breaking any active integrations (CI/CD pipelines, API clients, etc.) without warning.
Steps to Reproduce
Logs & Screenshots
Click on "Regenerate"
Additional Information
No response
@owui-terminator[bot] commented on GitHub (May 7, 2026):
🔍 Related Issues Found
I found some existing issues that might be related. Please check if any of these are duplicates or contain helpful solutions:
🟣 #20064 issue: Create new API key (CRITICAL)
Related because it concerns the same API key creation/rotation endpoint and user-facing action. It shows that the API key UI behavior has been a prior issue, even though this report is about immediate regeneration/confirmation rather than failure to create a key.
by richrich89 ·
bug🟣 #12332 issue: Personal API Key unstable after Upgrade
Related because it documents personal API keys changing unexpectedly after an upgrade, which overlaps with the core concern here: API keys becoming invalid without user intent or warning.
by Xeroxxx ·
bug🟣 #13957 issue: Your session has expired or the token is invalid. Please sign in again.
Related only indirectly: it captures the exact invalid-token/session-expired error that occurs after the key is regenerated, helping confirm the downstream impact of the bug.
by chrisbeardy ·
bug💡 If your issue is a duplicate, please close it and add any additional details to the existing issue instead.
This comment was generated automatically. React with 👍 if helpful, 👎 if not.
@tjbck commented on GitHub (May 8, 2026):
Intended behaviour.
@schmunk42 commented on GitHub (May 8, 2026):
@tjbck Is there a reason why this is intended? There are so many places in the UI, where you have to hit "save" to apply changes. But this very critical value is changed - as mentioned - without confirm or save. What am I missing here?
Actually I misclicked the button, I hit regenerate instead of copy - that's how I stumbled upon this.