Skip to content

Feature: Admin Control to Disable Personal API Keys #397

Description

@LexioJ

Describe the feature you'd like to request

Description

Add an admin setting to prevent users from providing their own API keys, enforcing the use of administrator-configured API keys only.

Use Case

In enterprise environments, administrators may want stricter control over API key management:

  • Ensure all API requests use centrally managed credentials
  • Prevent accidental API key exposure by users
  • Maintain consistent billing and usage tracking across the organization
  • Reduce security risks from users storing API keys in their personal Nextcloud accounts

Current Behavior

  • Users can optionally configure their own API keys in Personal Settings
  • User-provided API keys take precedence over admin-configured keys
  • There is no way for admins to restrict users from providing their own keys

Describe the solution you'd like

Desired Behavior

A new admin setting should allow administrators to:

  • Disable personal API keys: When disabled, users cannot input their own API keys
  • Enforce admin-managed keys: All API requests use only the centrally configured keys
  • Backward compatibility: Default behavior remains unchanged (personal keys allowed)
  • Graceful degradation: Existing user-configured keys are preserved but ignored when the setting is disabled

Implementation Details

Backend Changes

  1. OpenAiSettingsService.php

    • Add new config key: allow_user_api_keys (boolean, default: true)
    • Add getter: getAllowUserApiKeys()
    • Add setter: setAllowUserApiKeys(bool $enabled)
    • Include in getAdminConfig() response
  2. ConfigController.php

    • Validate in setSensitiveUserConfig(): Reject API key updates if allow_user_api_keys is false
    • Return HTTP 403 (Forbidden) with message "User API keys are not allowed"
  3. OpenAiAPIService.php

    • Check getAllowUserApiKeys() before falling back to user-provided keys
    • Ignore user keys and use admin keys when setting is disabled

Frontend Changes

  1. AdminSettings.vue

    • Add new section: "User Permissions"
    • Add toggle switch: "Allow users to provide their own API keys"
    • Include help text explaining the impact
  2. PersonalSettings.vue

    • Hide API key input field when allow_user_api_keys is false
    • Show informational message: "Your administrator has disabled personal API keys"
  3. Personal.php

    • Provide initial state: allow_user_api_keys value

Security Considerations

  • ✅ Admin setting protected by existing #[PasswordConfirmationRequired] validation
  • ✅ Blocked API requests return HTTP 403 (not 500)
  • ✅ Existing user keys preserved in database (for re-enabling the feature)
  • ✅ No personal data exposure; only configuration privacy

Testing Strategy

  1. When enabled (default)

    • Users can configure personal API keys
    • Personal keys take precedence over admin keys
    • API key field visible in Personal Settings
  2. When disabled

    • Users cannot save personal API keys (HTTP 403)
    • Existing user-configured keys are ignored
    • Only admin-configured keys are used
    • API key field hidden in Personal Settings
  3. Setting toggle

    • Admin disables the setting
    • Existing user keys remain in database
    • User keys are ignored
    • Admin re-enables setting
    • User keys resume working

Localization

New strings to translate:

  • "User Permissions"
  • "Allow users to provide their own API keys"
  • "When disabled, users can only use the API keys configured by administrators."
  • "User API keys are not allowed" (error message)

Backward Compatibility

  • ✅ Default: allow_user_api_keys = true (all existing installs unaffected)
  • ✅ No database schema changes required
  • ✅ Existing user keys preserved when setting changes
  • ✅ No breaking changes to API endpoints

Related Issues

None (new feature request)

Additional Context

This feature enhances the enterprise suitability of the integration by providing administrators with fine-grained control over API key management policies.

Describe alternatives you've considered

Hide using Custom CSS app

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions