Use custom uhd auth header for jwt

mattjreynolds · mattjreynolds · commit b4fd396a4dec · 2026-03-23T09:52:34.000Z
Use `X-UHD-AUTH` header for the JWT instead of `Authorization` header
- The Authorzation header is already being used for the API key which is
  checked by the AWS load balancer, so commands with just the JWT are
  rejected.
- Sending both headers means the ALB can verify the API key and send the
  request on to Django which can then verify the JWT
diff --git a/src/api/utils/api.utils.ts b/src/api/utils/api.utils.ts
@@ -100,7 +100,7 @@ export async function client<T>(
       ...customConfig.headers,
       //passing authorization header only if access token is available, to avoid sending
       // "Authorization: Bearer undefined" in the headers which might cause issues with some APIs
-      ...(accessToken ? { Authorization: `Bearer ${accessToken}` } : {}),
+      ...(accessToken ? { 'X-UHD-AUTH': `Bearer ${accessToken}` } : {}),
     },
   }
 

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ export async function client<T>(`
`100`	`100`	`...customConfig.headers,`
`101`	`101`	`//passing authorization header only if access token is available, to avoid sending`
`102`	`102`	`// "Authorization: Bearer undefined" in the headers which might cause issues with some APIs`
`103`		- ...(accessToken ? { Authorization: `Bearer ${accessToken}` } : {}),
	`103`	+ ...(accessToken ? { 'X-UHD-AUTH': `Bearer ${accessToken}` } : {}),
`104`	`104`	`},`
`105`	`105`	`}`
`106`	`106`