Skip to content

fix: support both api-key header formats for V2 authentication#10802

Closed
ItsYash1421 wants to merge 3 commits intojuspay:mainfrom
ItsYash1421:Fix/v2-create-customer-header-conflicts
Closed

fix: support both api-key header formats for V2 authentication#10802
ItsYash1421 wants to merge 3 commits intojuspay:mainfrom
ItsYash1421:Fix/v2-create-customer-header-conflicts

Conversation

@ItsYash1421
Copy link

@ItsYash1421 ItsYash1421 commented Dec 30, 2025

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Fixed V2 customer creation authentication to accept API keys in both the documented OpenAPI format and the legacy format for backward compatibility.

Changes:

  • Modified V2ApiKeyAuth::authenticate_and_fetch() to accept API keys from both api-key header and Authorization: api-key= header.
  • Updated OpenAPI spec security scheme description to document both formats.
  • Added authentication guidance to V2 customer create endpoint documentation.
  • Added 6 comprehensive unit tests to verify both header formats work correctly.

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Fixes #10789
Problem: Users following the OpenAPI documentation received authentication errors when attempting to create V2 customers:

  • OpenAPI spec documented: api-key: header.
  • Code expected: Authorization: api-key= header.
  • Error received: {"error":{"type":"invalid_request","message":"Missing required param: Authorization","code":"IR_04"}}.

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@ItsYash1421 ItsYash1421 requested review from a team as code owners December 30, 2025 06:26
@semanticdiff-com
Copy link

semanticdiff-com bot commented Dec 30, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  api-reference/v2/openapi_spec_v2.json  37% smaller
  crates/router/src/services/authentication.rs  8% smaller
  crates/openapi/src/routes/customers.rs  0% smaller

@hyperswitch-bot hyperswitch-bot bot added the M-api-contract-changes Metadata: This PR involves API contract changes label Dec 30, 2025
@SanchithHegde
Copy link
Member

SanchithHegde commented Jan 13, 2026
edited
Loading

Hey @ItsYash1421, thanks for the PR. Unfortunately, we would most likely not be proceeding with this PR, as we would prefer to stick to the existing authentication mechanism for the v2 APIs (as I understand, maybe @AnuthaDev can confirm). That said, @AnuthaDev has fixed the incorrect API docs in #10888.

Thanks again for your time, feel free to pick up another issue if you're interested to contribute!

@SanchithHegde
Copy link
Member

SanchithHegde commented Jan 22, 2026

Closing this in favor of #10888.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

M-api-contract-changes Metadata: This PR involves API contract changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] v2 create customer header conflicts

2 participants

@ItsYash1421 @SanchithHegde