fix: updating Geckoboard auth

[maycon-pipedream]

🔐 Fix Geckoboard API authentication in Pipedream integration

Summary

This PR fixes an authentication issue when calling the Geckoboard Datasets API from Pipedream.

Although Geckoboard uses HTTP Basic Auth with the API key as the username and an empty password, relying on Axios’ auth option caused the generated Authorization header to omit the required colon (:) in some cases. This resulted in 401 Unauthorized responses from the Geckoboard API.

What changed

Replaced Axios auth configuration with an explicit Authorization header.

Manually generate the Basic Auth token using api_key: to guarantee the required colon is always included.

Added explicit Content-Type: application/json header for consistency.

Why this change

Geckoboard strictly requires Basic Authentication in the format:

Authorization: Basic base64(API_KEY:)

Summary by CodeRabbit

• Refactor
  • Geckoboard integration now sends authentication via HTTP headers and standardizes requests to use JSON content-type.
• Chores
  • Bumped package and action versions for the Geckoboard component (release/version updates only).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
pipedream-docs-redirect-do-not-edit	Ignored		Jan 2, 2026 8:39pm

[pipedream-component-development]

Thank you so much for submitting this! We've added it to our backlog to review, and our team has been notified.

[pipedream-component-development]

Thanks for submitting this PR! When we review PRs, we follow the Pipedream component guidelines. If you're not familiar, here's a quick checklist:

• Create components to address specific use cases whenever possible
• Component keys should follow the format app_name_slug-slugified-component-name
• Components should follow the standard directory structure
• Prefer Node.js client libraries to REST APIs
• When making API requests, handle pagination to ensure all data / events are processed
• Use secret props to capture sensitive data
• Props and methods should be defined in app files whenever possible
• Document methods with JS Docs
• Use optional props whenever possible, and set a default value where you can
• Use async options to accept user input wherever possible

[coderabbitai]

Walkthrough

_makeRequest in the Geckoboard component was changed to stop using axios auth; it now builds a per-request Basic token from this.$auth.api_key, sets Authorization: Basic <token> and Content-Type: application/json in request headers, and merges any provided headers.

Changes

Cohort / File(s)	Summary
Authentication mechanism refactoring components/geckoboard/geckoboard.app.mjs	_makeRequest() now destructures headers from opts, computes token = Base64(${this.$auth.api_key}:), and sends Authorization: Basic ${token} plus Content-Type: application/json, merging provided headers; axios auth usage removed.
Action version bumps components/geckoboard/actions/append-to-dataset/append-to-dataset.mjs, components/geckoboard/actions/create-dataset/create-dataset.mjs, components/geckoboard/actions/delete-dataset/delete-dataset.mjs	Updated exported version from 0.0.2 → 0.0.3 in each action file; no logic or control-flow changes.
Package version bump components/geckoboard/package.json	Package version updated from 0.1.0 → 0.1.1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly relates to the main change: replacing Axios auth configuration with explicit HTTP header-based authentication for Geckoboard API requests.
Description check	✅ Passed	The description provides a comprehensive explanation of the authentication issue, the solution implemented, and the technical rationale behind the changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 696ce4c and 65bb97f.

📒 Files selected for processing (1)

• components/geckoboard/geckoboard.app.mjs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: pnpm publish
• GitHub Check: Lint Code Base
• GitHub Check: Verify TypeScript components
• GitHub Check: Publish TypeScript components

🔇 Additional comments (2)

components/geckoboard/geckoboard.app.mjs (2)

38-38: LGTM! Headers destructuring added correctly.

The addition of headers destructuring with a default empty object is appropriate for the new header-based authentication approach.

---

49-53: Headers configuration looks good with one consideration.

The Authorization header is correctly formatted with the "Basic" scheme, and adding an explicit Content-Type header improves API consistency.

Minor consideration: The spread operator ...headers is placed after the default headers, which allows callers to override the Authorization and Content-Type headers. This provides flexibility but could potentially be a security concern if the Authorization header is accidentally overridden.

If the intent is to prevent overriding these critical headers, consider reversing the order:

headers: {
  ...headers,
  Authorization: `Basic ${token}`,
  "Content-Type": "application/json",
}

However, if flexibility is desired (e.g., for testing or special cases), the current implementation is fine.

Please confirm whether allowing callers to override the Authorization header is intentional.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7448c05 and 339fb35.

📒 Files selected for processing (1)

• components/geckoboard/geckoboard.app.mjs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Lint Code Base
• GitHub Check: pnpm publish
• GitHub Check: Verify TypeScript components
• GitHub Check: Publish TypeScript components

🔇 Additional comments (1)

components/geckoboard/geckoboard.app.mjs (1)

34-40: LGTM: Headers parameter addition.

The addition of headers = {} to the destructuring correctly enables callers to provide custom headers while maintaining backward compatibility with a safe default.

[michelle0927]

LGTM! Ready for QA!

[vunguyenhung]

Hi everyone, all test cases are passed! Ready for release!

Test reports

• fix: updating Geckoboard auth - Actions Batch 1: https://www.notion.so/fix-updating-Geckoboard-auth-Actions-Batch-1-1-2dcbf548bb5e819eb8d3d9bcab700939