sim icon indicating copy to clipboard operation
sim copied to clipboard
Published 15 hours ago verified publisher icon simstudioai

[REQUEST] Add API key authentication support to GET /api/workflows list endpoint for programmatic discovery

Open Lutherwaves opened this issue 3 months ago • 6 comments

Is your feature request related to a problem? Please describe. I think it makes a lot of sense to be able to programmatically discover and list workflows from SimStudio (per api key), but the /api/workflows endpoint only supports session-based authentication (cookies) for now. This makes it impossible to use SimStudio's API for automation, CI/CD pipelines, or third-party integrations that need to list workflows without maintaining browser sessions.

Describe the solution you'd like Add support for API key authentication (X-API-Key header) to the /api/workflows endpoint, similar to how other SimStudio endpoints like /api/workflows/[id] and /api/workflows/[id]/execute already support API key authentication. This would allow programmatic access to workflow listings using the same authentication method that's already supported for individual workflow operations.

Describe alternatives you've considered

  1. Session-based authentication: Storing SimStudio credentials and creating sessions programmatically, but this is complex, fragile, and requires storing sensitive login credentials
  2. Individual workflow endpoints: Using /api/workflows/[id] for known workflow IDs, but this requires knowing the IDs beforehand, which is what I am trying to avoid

Additional context

# This currently fails with 401 Unauthorized
curl -H "X-API-Key: sim_abc123..." http://localhost:3000/api/workflows

# But this works for individual workflows
curl -H "X-API-Key: sim_abc123..." http://localhost:3000/api/workflows/workflow-id/execute

Lutherwaves avatar Sep 15 '25 14:09 Lutherwaves

@waleedlatif1 looking at the referenced PR https://github.com/simstudioai/sim/pull/1338, I believe this issue was incorrectly referenced and instead it should have referenced #1330 https://github.com/simstudioai/sim/pull/1338/commits/d73a97ffa236e3b4eafdac562365d37d4a76ca

Let me know if there is a more generic "external api auth exposure" type of issue we can link this to, as the more I use sim the more endpoints I see that use the default session auth and do not provide the option to connect via an api key

Lutherwaves avatar Sep 24 '25 08:09 Lutherwaves

@Lutherwaves You are right about the incorrect reference, thank you for the heads up.

We have a function called 'checkHybridAuth' that we can use in place of the 'getSession' to make this possible for you.

waleedlatif1 avatar Sep 24 '25 12:09 waleedlatif1

@Lutherwaves You are right about the incorrect reference, thank you for the heads up.

We have a function called 'checkHybridAuth' that we can use in place of the 'getSession' to make this possible for you.

Yeah I saw that, but was not sure if that is how you planned on having it work. If that is feasible I can also submit a PR.

Lutherwaves avatar Sep 24 '25 13:09 Lutherwaves

that'd be great @Lutherwaves

waleedlatif1 avatar Sep 24 '25 13:09 waleedlatif1

that'd be great @Lutherwaves

I had https://github.com/simstudioai/sim/pull/1443 opened up but did not satisfy the desired setup I guess. Will standby to see your inputs so we have this in a matter that fits simstudio vision

Lutherwaves avatar Oct 29 '25 16:10 Lutherwaves

that'd be great @Lutherwaves

I had https://github.com/simstudioai/sim/pull/1443 opened up but did not satisfy the desired setup I guess. Will standby to see your inputs so we have this in a matter that fits simstudio vision

@waleedlatif1 any preferences how we address this?

Lutherwaves avatar Nov 14 '25 00:11 Lutherwaves