Prerequisites

• I have searched existing issues and discussions to avoid duplicates

Problem to solve

The admin API should be protected by authentication because:

1. Bifrost logs the full input and response of each request, which may contain sensitive content.
2. An attacker may use the admin APIs to hijack requests or cause service disruption.

Proposed solution

Add random token or password based authentication.

Alternatives considered

Add authentication via a reverse proxy, but this does not prevent attack vectors from localhost because the port is still exposed to any compromised local user or malicious application with network access.

Area(s)

Core (Go), UI (Next.js)

Additional context

No response