OPEN

API Security

G
Gareth
2 hours ago 7 votes 1 comment

The API is useful, but powerful.

As it can modify calls (e.g. turning off recording) it would be good to add some security, e.g. some of:

  • a token parameter?

  • allow/blocklists lists of IPs allowed to access it?

  • more granular control of what interfaces/IP were bound to (rather than all/localhost)

1 Comment

T
Ted Mielczarek 2 hours ago

A straightforward way to implement this would be for MuteDeck to generate a random value on startup and write it to a fixed location (e.g. ~/Library/Application Support/MuteDeck/MuteDeck/api-token) and then require that all API requests include that token. This is functionally similar to a CSRF token.

Sign in to comment.

Support

Details

Status
OPEN
Submitted
Mar 21, 2026
Updated
2 hours ago