add: Optional router-level API key that gates router/API/web UI access

Optional router-level API key that gates router/API/web UI access (leave empty to disable) ## Supplying the router API key If you set `nomyo-router-api-key` in `config.yaml` (or `NOMYO_ROUTER_API_KEY` env), every request to NOMYO Router must include the key: - HTTP header (recommended): `Authorization: Bearer <router_key>` - Query param (fallback): `?api_key=<router_key>` Examples: ```bash curl -H "Authorization: Bearer $NOMYO_ROUTER_API_KEY" http://localhost:12434/api/tags curl "http://localhost:12434/api/tags?api_key=$NOMYO_ROUTER_API_KEY" ```
2026-01-14 09:28:02 +01:00 · 2026-01-14 09:28:02 +01:00 · eca4a92a33
commit eca4a92a33
parent 6828411f95
9 changed files with 412 additions and 25 deletions
--- a/doc/configuration.md
+++ b/doc/configuration.md
@ -14,6 +14,9 @@ endpoints:

 # Maximum concurrent connections *per endpoint‑model pair*
 max_concurrent_connections: 2
+
+# Optional router-level API key to secure the router and dashboard (leave blank to disable)
+nomyo-router-api-key: ""
 ```

 ### Complete Example
@ -29,6 +32,9 @@ endpoints:
 # Maximum concurrent connections *per endpoint‑model pair* (equals to OLLAMA_NUM_PARALLEL)
 max_concurrent_connections: 2

+# Optional router-level API key to secure the router and dashboard (leave blank to disable)
+nomyo-router-api-key: ""
+
 # API keys for remote endpoints
 # Set an environment variable like OPENAI_KEY
 # Confirm endpoints are exactly as in endpoints block
@ -80,6 +86,21 @@ max_concurrent_connections: 4
 - When this limit is reached, the router will route requests to other endpoints with available capacity
 - Higher values allow more parallel requests but may increase memory usage

+### `router_api_key`
+
+**Type**: `str` (optional)
+
+**Description**: Shared secret that gates access to the NOMYO Router APIs and dashboard. When set, clients must send `Authorization: Bearer <key>` or an `api_key` query parameter.
+
+**Example**:
+```yaml
+nomyo-router-api-key: "super-secret-value"
+```
+
+**Notes**:
+- Leave this blank or omit it to disable router-level authentication.
+- You can also set the `NOMYO_ROUTER_API_KEY` environment variable to avoid storing the key in plain text.
+
 ### `api_keys`

 **Type**: `dict[str, str]`
@ -118,6 +139,15 @@ export NOMYO_ROUTER_CONFIG_PATH=/etc/nomyo-router/config.yaml
 export NOMYO_ROUTER_DB_PATH=/var/lib/nomyo-router/token_counts.db
 ```

+### `NOMYO_ROUTER_API_KEY`
+
+**Description**: Router-level API key. When set, all router endpoints and the dashboard require this key via `Authorization: Bearer <key>` or the `api_key` query parameter.
+
+**Example**:
+```bash
+export NOMYO_ROUTER_API_KEY=your_router_api_key
+```
+
 ### API-Specific Keys

 You can set API keys directly as environment variables:
@ -195,3 +225,15 @@ The configuration is loaded at startup and cannot be changed without restarting
 ## Example Configurations

 See the [examples](examples/) directory for ready-to-use configuration examples.
+
+
+### Using the router API key
+
+When `router_api_key`/`NOMYO_ROUTER_API_KEY` is set, clients must send it on every request:
+- Header (recommended): Authorization: Bearer <router_key>
+- Query param (fallback): ?api_key=<router_key>
+
+Example:
+```bash
+curl -H "Authorization: Bearer $NOMYO_ROUTER_API_KEY" http://localhost:12434/api/tags
+```