[Bug]: endpoint /token does not require credentials

[BigNerd]

crawl4ai version

0.7.6

Expected Behavior

When running crawl4ai from the docker image with a security config of
security: enabled: true jwt_enabled: true I would expect it is required to present a secret to the endpoint POST /token in order to obtain a temporary access token.

Current Behavior

The endpoint POST /token can be called without any credentials and it still returns a valid token that can subsequently be used to call protected endpoints such as POST /crawl. This renders the security useless in my understanding, because anyone with network access to the API alone can use it.

In previous versions we had CRAWL4AI_API_TOKEN to protect the API from unauthorised usage. But sadly, this simple but effective mechanism has been removed from later versions.

Is this reproducible?

Yes

Inputs Causing the Bug

Steps to Reproduce

Build the Docker image using a config.yml with 
security:
  enabled: true
  jwt_enabled: true

Run the Docker image

Go to http://127.0.0.1:11235/docs#/default/get_token_token_post

Obtain a token

Use the token to call POST /crawl

Code snippets

deploy/docker/server.py at https://github.com/unclecode/crawl4ai/blob/main/deploy/docker/server.py#L288 does not require any credentials to obtain a valid JWT token for subsequent access to protected endpoints:

@app.post("/token")
async def get_token(req: TokenRequest):
    if not verify_email_domain(req.email):
        raise HTTPException(400, "Invalid email domain")
    token = create_access_token({"sub": req.email})
    return {"email": req.email, "access_token": token, "token_type": "bearer"}

OS

macOS

Python version

3.10

Browser

Firefox

Browser version

No response

Error logs & Screenshots (if applicable)

No response

[benwhut]

I also run into this security issue. Anyone can generate a token on my server using the /token endpoint. Running v0.7.7. How can I lock this down?

[Ahmed-Tawfik94]

Root Cause Analysis

• Primary cause: /token endpoint in deploy/docker/server.py lacks any authentication/authorization check.
• Contributing factors:
  • verify_email_domain validates only MX records (not a user secret).
  • No fallback API token (CRAWL4AI_API_TOKEN) or shared secret gate in the Docker server.
• Evidence:
  • deploy/docker/server.py defines /token without dependencies or secret checks.
  • deploy/docker/auth.py enforces JWT only on protected endpoints via get_token_dependency, not on /token itself.
  • deploy/docker/utils.py verify_email_domain only validates MX records.

Resolution Check (Current Version)

• Status: not resolved
• Evidence:
  • Local Docker build still allows unauthenticated POST /token and issues JWTs.

Suggested Fixes (Backward-Compatible)

1. Add an optional token-issuance secret (e.g., security.token_secret or CRAWL4AI_API_TOKEN) and require it on /token when configured.
2. Add a config flag (e.g., security.token_public=false) to disable unauthenticated /token issuance when security.jwt_enabled=true.
3. Log a startup warning when security.jwt_enabled=true and no token-issuance secret is configured.

Mitigations

• Protect /token with a reverse proxy (basic auth or IP allowlist).
• Restrict network access to the API (firewall or private network).
• Disable /token at the gateway until a secret gate is added.

[Br1an67]

I'd like to work on this. Added an api_token field to the security config — when set, the /token endpoint requires a matching api_token in the request body before issuing JWTs. Backward compatible (no api_token configured = existing behavior).

PR: #1795