From 5b8d2d22a4a011eca73b57b3dab6b3ca14ac3990 Mon Sep 17 00:00:00 2001
From: Ben Sully <ben.sully@grafana.com>
Date: Fri, 5 Sep 2025 15:49:56 +0100
Subject: [PATCH] feat: accept X-Grafana-Service-Account-Token in headers too

Similar to how we now accept a service-account-named env var.
---
 mcpgrafana.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/mcpgrafana.go b/mcpgrafana.go
index 58f31cf..7dc102d 100644
--- a/mcpgrafana.go
+++ b/mcpgrafana.go
@@ -32,8 +32,9 @@ const (
 	grafanaUsernameEnvVar = "GRAFANA_USERNAME"
 	grafanaPasswordEnvVar = "GRAFANA_PASSWORD"
 
-	grafanaURLHeader    = "X-Grafana-URL"
-	grafanaAPIKeyHeader = "X-Grafana-API-Key"
+	grafanaURLHeader                    = "X-Grafana-URL"
+	grafanaServiceAccountTokenHeader    = "X-Grafana-Service-Account-Token"
+	grafanaAPIKeyHeader                 = "X-Grafana-API-Key" // Deprecated: use X-Grafana-Service-Account-Token instead
 )
 
 func urlAndAPIKeyFromEnv() (string, string) {
@@ -68,7 +69,15 @@ func userAndPassFromEnv() *url.Userinfo {
 
 func urlAndAPIKeyFromHeaders(req *http.Request) (string, string) {
 	u := strings.TrimRight(req.Header.Get(grafanaURLHeader), "/")
-	apiKey := req.Header.Get(grafanaAPIKeyHeader)
+	
+	// Check for the new service account token header first
+	apiKey := req.Header.Get(grafanaServiceAccountTokenHeader)
+	if apiKey != "" {
+		return u, apiKey
+	}
+	
+	// Fall back to the deprecated API key header
+	apiKey = req.Header.Get(grafanaAPIKeyHeader)
 	return u, apiKey
 }