wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2025-12-20 11:32:58 +08:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
06bf79b19b
ComfyUI/API_AUTHENTICATION.md
daverbj 06bf79b19b feat: Add API key authentication and health endpoint 
- Add API key authentication middleware with multiple auth methods (Bearer, X-API-Key, query param)
- Add /health endpoint with server status, queue info, device info, and VRAM stats
- Add CLI arguments --api-key and --api-key-file for authentication configuration
- Static files and WebSocket connections exempt from authentication
- Fully backward compatible - no authentication required by default
- Add comprehensive documentation, examples, and test scripts
2025-12-11 15:33:08 +03:00

222 lines
4.9 KiB
Markdown
Raw Blame History

# API Key Authentication and Health Check
## Overview
This implementation adds API key authentication protection to the ComfyUI REST API and a health check endpoint.
## Features
### 1. API Key Authentication
Protects all API endpoints (except exempt ones) with API key authentication.
#### Configuration
You can enable API key authentication in two ways:
**Option 1: Command line argument**
```bash
python main.py --api-key "your-secret-api-key-here"
```
**Option 2: API key file (more secure)**
```bash
# Create a file with your API key
echo "your-secret-api-key-here" > api_key.txt
# Start ComfyUI with the API key file
python main.py --api-key-file api_key.txt
```
#### Using the API with Authentication
When API key authentication is enabled, you must provide the API key in your requests:
**Method 1: Authorization Header (Bearer Token)**
```bash
curl -H "Authorization: Bearer your-secret-api-key-here" http://localhost:8188/prompt
```
**Method 2: X-API-Key Header**
```bash
curl -H "X-API-Key: your-secret-api-key-here" http://localhost:8188/prompt
```
**Method 3: Query Parameter (less secure, for testing only)**
```bash
curl "http://localhost:8188/prompt?api_key=your-secret-api-key-here"
```
#### Exempt Endpoints
The following endpoints do NOT require authentication:
- `/health` - Health check endpoint
- `/` - Root page (frontend)
- `/ws` - WebSocket endpoint
### 2. Health Check Endpoint
A new `/health` endpoint provides server status information.
#### Usage
```bash
curl http://localhost:8188/health
```
#### Response Format
```json
{
"status": "healthy",
"version": "0.4.0",
"timestamp": 1702307890.123,
"queue": {
"pending": 0,
"running": 0
},
"device": "cuda:0",
"vram": {
"total": 8589934592,
"free": 6442450944,
"used": 2147483648
}
}
```
If the server is unhealthy, it returns a 503 status code:
```json
{
"status": "unhealthy",
"error": "error message here",
"timestamp": 1702307890.123
}
```
## Examples
### Starting ComfyUI with API Key Protection
```bash
# With direct API key
python main.py --api-key "my-super-secret-key-12345"
# With API key from file
python main.py --api-key-file /path/to/api_key.txt
# With API key and custom port
python main.py --api-key "my-key" --port 8080
```
### Making Authenticated Requests
**Python example:**
```python
import requests
API_KEY = "your-api-key-here"
BASE_URL = "http://localhost:8188"
# Using Authorization header
headers = {
"Authorization": f"Bearer {API_KEY}"
}
# Check health
response = requests.get(f"{BASE_URL}/health")
print(response.json())
# Make authenticated request
response = requests.post(
f"{BASE_URL}/prompt",
headers=headers,
json={"prompt": {...}}
)
print(response.json())
```
**JavaScript example:**
```javascript
const API_KEY = "your-api-key-here";
const BASE_URL = "http://localhost:8188";
// Using fetch with Authorization header
async function makeRequest(endpoint, data) {
const response = await fetch(`${BASE_URL}${endpoint}`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(data)
});
return response.json();
}
// Check health (no auth required)
fetch(`${BASE_URL}/health`)
.then(r => r.json())
.then(data => console.log(data));
```
### Monitoring with Health Check
You can use the health endpoint for monitoring and health checks:
```bash
# Simple health check
curl http://localhost:8188/health
# Use in a monitoring script
#!/bin/bash
response=$(curl -s http://localhost:8188/health)
status=$(echo $response | jq -r '.status')
if [ "$status" == "healthy" ]; then
echo "✓ ComfyUI is healthy"
exit 0
else
echo "✗ ComfyUI is unhealthy"
exit 1
fi
```
## Security Considerations
1. **Keep your API key secret**: Never commit API keys to version control
2. **Use API key files**: Store API keys in separate files with restricted permissions
3. **Use HTTPS in production**: Combine with `--tls-keyfile` and `--tls-certfile` options
4. **Rotate keys regularly**: Change your API key periodically
5. **Use strong keys**: Generate long, random API keys (e.g., using `openssl rand -hex 32`)
### Generating a Secure API Key
```bash
# Generate a secure random API key
openssl rand -hex 32
# Or using Python
python -c "import secrets; print(secrets.token_hex(32))"
```
## Troubleshooting
### 401 Unauthorized Error
If you receive a 401 error:
- Verify the API key is correct
- Check that you're including the key in the correct header format
- Ensure there are no extra spaces or newlines in the key
### Health Check Returns 503
If the health check returns 503:
- Check the server logs for error details
- Verify ComfyUI started correctly
- Check system resources (memory, disk space)
## Disabling Authentication
To disable API key authentication, simply don't provide the `--api-key` or `--api-key-file` arguments when starting ComfyUI. The server will work exactly as before with no authentication required.
Reference in New Issue View Git Blame Copy Permalink