langflow-ai · mendonk · Jul 23, 2025 · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025
diff --git a/SECURITY.md b/SECURITY.md
@@ -49,3 +49,14 @@ Langflow allows users to define and run **custom code components** through endpo
 This means an attacker could send malicious code to the endpoint and have it executed on the server—leading to full system compromise, including data theft, remote shell access, or lateral movement within the network.
 
 To address, upgrade to >= 1.3.0.
+
+### No API key required if running Langflow with `LANGFLOW_AUTO_LOGIN=true` and `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true`
+
+In Langflow versions earlier than 1.5, if `LANGFLOW_AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication. In this case, API requests don't require a Langflow API key.
+
+In Langflow version 1.5, a Langflow API key is required to authenticate requests.
+Setting `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true` and `LANGFLOW_AUTO_LOGIN=true` skips authentication for API requests. However, the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` option will be removed in v1.6.
+
+`LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true` is the default behavior, so users do not need to change existing workflows in 1.5. To update your workflows to require authentication, set `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=false`.
+
+For more information, see [Authentication](https://docs.langflow.org/configuration-authentication).
diff --git a/docs/docs/Configuration/configuration-api-keys.mdx b/docs/docs/Configuration/configuration-api-keys.mdx
@@ -19,11 +19,11 @@ The only exceptions are the MCP endpoints `/v1/mcp`, `/v1/mcp-projects`, and `/v
 <details>
 <summary>AUTO_LOGIN and SKIP_AUTH options</summary>
 
-In Langflow versions earlier than 1.5, if `AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
+In Langflow versions earlier than 1.5, if `LANGFLOW_AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
 In this case, API requests don't require a Langflow API key.
 
-In Langflow version 1.5, you can set `SKIP_AUTH_AUTO_LOGIN=true` and `AUTO_LOGIN=true` to skip authentication for API requests.
-However, the `SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
+In Langflow version 1.5, you can set `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true` and `LANGFLOW_AUTO_LOGIN=true` to skip authentication for API requests.
+However, the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
 </details>
 
 ## Generate a Langflow API key

diff --git a/docs/docs/Configuration/configuration-authentication.mdx b/docs/docs/Configuration/configuration-authentication.mdx
@@ -36,11 +36,11 @@ The only exceptions are the MCP endpoints `/v1/mcp`, `/v1/mcp-projects`, and `/v
 <details>
 <summary>AUTO_LOGIN and SKIP_AUTH options</summary>
 
-In Langflow versions earlier than 1.5, if `AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
+In Langflow versions earlier than 1.5, if `LANGFLOW_AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
 In this case, API requests don't require a Langflow API key.
 
-In Langflow version 1.5, you can set `SKIP_AUTH_AUTO_LOGIN=true` and `AUTO_LOGIN=true` to skip authentication for API requests.
-However, the `SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
+In Langflow version 1.5, you can set `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true` and `LANGFLOW_AUTO_LOGIN=true` to skip authentication for API requests.
+However, the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
 </details>
 
 ### LANGFLOW_SUPERUSER and LANGFLOW_SUPERUSER_PASSWORD

diff --git a/docs/docs/Configuration/environment-variables.mdx b/docs/docs/Configuration/environment-variables.mdx
@@ -240,7 +240,7 @@ The following table lists the environment variables supported by Langflow.
 | <Link id="LANGFLOW_WORKERS"/><span class="env-prefix">LANGFLOW_</span>WORKERS | Integer | `1` | Number of worker processes.<br/>See [`--workers` option](./configuration-cli.mdx#run-workers). |
 | <Link id="LANGFLOW_SSL_CERT_FILE"/><span class="env-prefix">LANGFLOW_</span>SSL_CERT_FILE | String | Not set | Path to the SSL certificate file on the local system. |
 | <Link id="LANGFLOW_SSL_KEY_FILE"/><span class="env-prefix">LANGFLOW_</span>SSL_KEY_FILE | String | Not set | Path to the SSL key file on the local system. |
-| <Link id="SKIP_AUTH_AUTO_LOGIN"/>SKIP_AUTH_AUTO_LOGIN | Boolean | `false` | If set to `true`, disables automatic login and enforces authentication, regardless of the value of `LANGFLOW_AUTO_LOGIN`.
+| <Link id="LANGFLOW_SKIP_AUTH_AUTO_LOGIN"/><span class="env-prefix">LANGFLOW_</span>SKIP_AUTH_AUTO_LOGIN | Boolean | `true` | If set to `true`, and `LANGFLOW_AUTO_LOGIN` is set to `true`, skips authentication and allows automatic login as the superuser. If set to `false`, and `LANGFLOW_AUTO_LOGIN` is set to `true`, disables automatic login and enforces authentication. If `LANGFLOW_AUTO_LOGIN` is `false`, has no effect. |
 </div>