yungle246 a79bc7d074 feat(api): mask secret tokens in api-key list responses (reveal-once) ... Previously the console api-key list returned every key's full plaintext token, so anyone with console access could retrieve the secret of an already-created key (via the copy button or the raw API response). This is contrary to the reveal-once norm. - List endpoints (app keys, workspace dataset keys, per-dataset keys) now return a masked token (prefix + last 4); the full secret is only ever returned by the create endpoint, at creation time. - Frontend secret-key modal displays the masked token as-is and drops the copy affordance for existing keys (copying a masked value is pointless). Applies to both app and dataset keys since they share the modal and the ApiKeyItem response model.		2026-06-25 14:21:38 +09:00
..
common	feat: guard openapi with rbac (#37752)	2026-06-22 09:35:33 +00:00
console	feat(api): mask secret tokens in api-key list responses (reveal-once)	2026-06-25 14:21:38 +09:00
files	feat(dify-agent): sync shell and back proxy updates (#37159)	2026-06-10 03:04:32 +00:00
inner_api	feat(agent-v2): sync nightly updates to main (2026-06-22) (#37651)	2026-06-23 08:05:16 +00:00
mcp	refactor(api): type end user records with enum (#36945)	2026-06-19 01:02:01 +00:00
openapi	fix(app): derive get-app --mode whitelist from listable app types (#37761)	2026-06-23 04:40:05 +00:00
service_api	Merge branch 'main' into feat/dataset-api-key-scope	2026-06-23 18:21:21 +09:00
trigger	refactor(api): type webhook data extraction with RawWebhookDataDict TypedDict (#34486)	2026-04-03 02:24:17 +00:00
web	refactor: accept db.session explicitly in SavedMessageService (#37682)	2026-06-20 12:35:06 +00:00
__init__.py	chore(api/controllers): Apply Ruff Formatter. (#7645)	2024-08-26 15:29:10 +08:00
API_SCHEMA_GUIDE.md	refactor(api): migrate console.app.workflow to BaseModel (#36216)	2026-05-18 07:31:37 +00:00
fastopenapi.py	chore(api): Fix several typing errors (#37119)	2026-06-06 01:44:32 +00:00