runtimesandbox 171 Posted November 17, 2025 Posted November 17, 2025 Can we get the ability to create read only API keys? Or even better, the ability to control the scope of each API key eg similar to user permissions. As an example use case, I have set up Jellyseerr which links in to emby via the API to read media, users, sync libraries etc to function. However it needs no ability to write and modify my emby settings and configuration (*as far as i know from my limited current experience with it). If my jellyseerr were to be compromised eg through a vulnerability in a dependency or the jellyseerr code itself (supply chain attacks are getting ever more common) then the attacker would have full access to the emby server via the read / write API key and could attack my emby server from that. I understand that this is likely a niche request from a security conscious user but it would be a real bonus to emby imo 2 2
Luke 42077 Posted November 18, 2025 Posted November 18, 2025 HI, yes this is something we are planning on adding. Thanks. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now