curl -X GET "http://localhost:8001/auth/status"

{
  "authentication": {
    "overall_status": "healthy",
    "providers": {
      "google": {
        "configured": true,
        "valid": true,
        "models_count": 3
      },
      "openai": {
        "configured": true,
        "valid": true,
        "models_count": 4
      },
      "openrouter": {
        "configured": false,
        "valid": null,
        "models_count": 0
      },
      "azure": {
        "configured": true,
        "valid": true,
        "models_count": 2
      },
      "ollama": {
        "configured": true,
        "valid": true,
        "models_count": 3,
        "local": true
      }
    },
    "recommended_provider": "google",
    "fallback_providers": ["openai", "azure"]
  },
  "authorization": {
    "mode": "disabled",
    "required": false
  }
}
The DeepWiki-Open API supports multiple authentication methods to secure your documentation generation service. This guide covers all authentication options, security configurations, and best practices.

Authentication Overview

DeepWiki-Open uses a multi-layered authentication approach:

Environment-Based Auth

API provider keys configured via environment variables

Authorization Mode

Optional secret code protection for wiki generation

Repository Tokens

Personal access tokens for private repository access

Request Validation

Input validation and rate limiting protection

Environment-Based Authentication

API Provider Authentication

The API automatically validates configured AI provider credentials:
Authorization
string
Uses GOOGLE_API_KEY from environment automatically
Validation endpoint:
curl -X GET "http://localhost:8001/auth/validate/google"
Response:
{
  "provider": "google",
  "status": "valid",
  "models_available": [
    "gemini-2.0-flash",
    "gemini-1.5-flash",
    "gemini-1.0-pro"
  ],
  "quota": {
    "requests_per_minute": 15,
    "tokens_per_minute": 32000,
    "usage_today": "12%"
  }
}

Authentication Status

Check overall authentication status: 
curl -X GET "http://localhost:8001/auth/status"

{
  "authentication": {
    "overall_status": "healthy",
    "providers": {
      "google": {
        "configured": true,
        "valid": true,
        "models_count": 3
      },
      "openai": {
        "configured": true,
        "valid": true,
        "models_count": 4
      },
      "openrouter": {
        "configured": false,
        "valid": null,
        "models_count": 0
      },
      "azure": {
        "configured": true,
        "valid": true,
        "models_count": 2
      },
      "ollama": {
        "configured": true,
        "valid": true,
        "models_count": 3,
        "local": true
      }
    },
    "recommended_provider": "google",
    "fallback_providers": ["openai", "azure"]
  },
  "authorization": {
    "mode": "disabled",
    "required": false
  }
}

Authorization Mode

Optional access control requiring a secret code for wiki generation.

Enabling Authorization Mode

1

Configure Environment

Set authorization environment variables:
DEEPWIKI_AUTH_MODE=true
DEEPWIKI_AUTH_CODE=your-secret-code-here
Choose a strong, unique authorization code. This provides basic access control.
2

Restart API Server

Authorization mode requires a server restart:
# Stop current server
# Restart with new configuration
python -m api.main
Server logs should show: “Authorization mode: ENABLED”
3

Verify Configuration

curl -X GET "http://localhost:8001/auth/status"
Should show:
{
  "authorization": {
    "mode": "enabled", 
    "required": true
  }
}

Using Authorization Mode

When authorization is enabled, all wiki generation requests must include the auth code: 
curl -X POST "http://localhost:8001/wiki/generate" \
  -H "Content-Type: application/json" \
  -d '{
    "repo_url": "https://github.com/microsoft/vscode",
    "model_provider": "google",
    "auth_code": "your-secret-code-here"
  }'

Authorization Validation

Test authorization codes before use: 
curl -X POST "http://localhost:8001/auth/validate" \
  -H "Content-Type: application/json" \
  -d '{
    "auth_code": "your-secret-code-here"
  }'

{
  "valid": true,
  "message": "Authorization code accepted"
}

Repository Access Tokens

For accessing private repositories, provide personal access tokens.

Supported Platforms

Token creation:
  1. Go to GitHub Settings → Developer settings → Personal access tokens
  2. Generate new token (classic or fine-grained)
  3. Select scopes: repo (full repository access)
Token format: ghp_xxxxxxxxxxxxxxxxxxxx (classic) or github_pat_xxxx (fine-grained)Usage in requests:
{
  "repo_url": "https://github.com/company/private-repo",
  "access_token": "ghp_xxxxxxxxxxxxxxxxxxxx",
  "model_provider": "google"
}

Token Validation

Validate repository access tokens: 
curl -X POST "http://localhost:8001/auth/validate-token" \
  -H "Content-Type: application/json" \
  -d '{
    "platform": "github",
    "token": "ghp_xxxxxxxxxxxxxxxxxxxx"
  }'

{
  "valid": true,
  "platform": "github",
  "scopes": ["repo", "user"],
  "user": "your-username",
  "expires_at": "2024-12-31T23:59:59Z"
}

Security Best Practices

Environment Security

Production Security

1

Authentication Hardening

# Production security settings
DEEPWIKI_AUTH_MODE=true
DEEPWIKI_AUTH_CODE=complex-random-string-here

# Additional security
NODE_ENV=production
LOG_LEVEL=WARNING
LOG_SENSITIVE_DATA=false
2

Access Control

# Restrict API access to authorized IPs
# Using firewall or reverse proxy
iptables -A INPUT -p tcp --dport 8001 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 8001 -j DROP
3

Monitoring & Alerting

{
  "security_monitoring": {
    "failed_auth_attempts": {
      "threshold": 10,
      "window": "1h", 
      "action": "alert"
    },
    "unusual_usage_patterns": {
      "detect_anomalies": true,
      "baseline_days": 7
    },
    "api_abuse_detection": {
      "large_repository_attempts": true,
      "rapid_fire_requests": true
    }
  }
}

Error Handling

Authentication Errors

{
  "error": {
    "code": "MISSING_API_KEYS",
    "message": "No valid AI provider API keys configured",
    "details": {
      "configured_providers": [],
      "required_providers": ["google", "openai", "openrouter"],
      "suggestion": "Configure at least one AI provider API key"
    }
  }
}

Token Validation Errors

Integration Examples

Middleware Authentication

from functools import wraps
from flask import request, jsonify

def require_auth(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        auth_code = request.json.get('auth_code')
        
        if not validate_auth_code(auth_code):
            return jsonify({
                'error': 'Invalid or missing authorization code'
            }), 401
            
        return f(*args, **kwargs)
    return decorated_function

@app.route('/wiki/generate', methods=['POST'])
@require_auth
def generate_wiki():
    # Wiki generation logic
    pass

Client-Side Authentication

import { useState, useEffect } from 'react';

export function useDeepWikiAuth() {
  const [authStatus, setAuthStatus] = useState(null);
  
  useEffect(() => {
    checkAuthStatus();
  }, []);
  
  const checkAuthStatus = async () => {
    try {
      const response = await fetch('/api/auth/status');
      const status = await response.json();
      setAuthStatus(status);
    } catch (error) {
      console.error('Auth check failed:', error);
    }
  };
  
  const validateAuthCode = async (code) => {
    try {
      const response = await fetch('/api/auth/validate', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ auth_code: code })
      });
      return response.ok;
    } catch (error) {
      return false;
    }
  };
  
  return { authStatus, validateAuthCode, checkAuthStatus };
}

Next Steps

Wiki Endpoints

Learn about wiki generation and management endpoints

Security Guide

Implement comprehensive security measures

Production Setup

Deploy with proper authentication in production

Monitoring

Set up authentication monitoring and alerts