Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Heuristic:Langgenius Dify Credential Sanitization In API Responses

From Leeroopedia
Knowledge Sources
Domains Security, Backend
Last Updated 2026-02-12 08:00 GMT

Overview

Security rule: always sanitize decrypted credentials from API response payloads before returning to the frontend, even for authenticated admin users.

Description

The model provider service maintains encrypted credentials in the database (API keys for OpenAI, Anthropic, etc.). When listing model providers for the frontend UI, the service decrypts credentials internally for validation but always drops the credential payload from the API response. This prevents accidental exposure of secrets through browser dev tools, network logs, or frontend state dumps.

This is a defense-in-depth approach: even if the user is an authenticated admin, the API never returns raw credential values. The frontend only needs to know whether credentials are configured, not what they are.

Usage

Apply this rule when adding any new API endpoint that internally accesses encrypted secrets (provider keys, OAuth tokens, webhook secrets). Always sanitize the response before returning it to the client.

The Insight (Rule of Thumb)

  • Action: Drop credential/secret fields from all API response DTOs. Only return boolean flags indicating whether credentials are configured.
  • Value: Prevents credential leakage through API responses.
  • Trade-off: Frontend cannot display or pre-fill credential values. Users must re-enter credentials when editing.

Reasoning

Even with proper HTTPS and authentication, returning decrypted credentials in API responses creates multiple attack vectors:

  • Browser extensions can intercept and exfiltrate response data
  • Frontend state management stores (Redux, Zustand) may persist data to localStorage
  • Network proxy tools used in development log all response bodies
  • XSS vulnerabilities (if any exist) could extract credentials from API responses

By never including secrets in responses, these attack vectors are eliminated at the API layer.

Evidence from the codebase: The model provider list API sanitizes custom model configs by dropping the credentials payload, ensuring decrypted credentials never reach the frontend.

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Heuristic:Langgenius_Dify_Credential_Sanitization_In_API_Responses&oldid=978"