.Net: Google Gemini - Move API key from the URL to x-goog-api-key HTTP header (#12717)

rogerbarreto · web-flow · commit e44bfb1de01a · 2025-07-16T10:10:50.000Z
### Motivation and Context - Resolves #12666 The implementation successfully addresses the security concern raised in GitHub issue #12666 by moving the Google API key from the URL query parameter to the secure x-goog-api-key HTTP header, preventing sensitive information from being logged or traced. - Modified ClientBase class to support API key in headers - Updated all Google AI clients (Chat, Streaming, Token Counter, Embeddings) to use header-based authentication - Removed API key from URLs to prevent exposure in logs and OTEL traces - Comprehensive Testing:
diff --git a/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/Gemini/Clients/GeminiChatGenerationTests.cs b/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/Gemini/Clients/GeminiChatGenerationTests.cs
@@ -422,6 +422,38 @@ public async Task ItCreatesPostRequestWithSemanticKernelVersionHeaderAsync()
         Assert.Equal(expectedVersion, header);
     }
 
+    [Fact]
+    public async Task ItCreatesPostRequestWithApiKeyInHeaderAsync()
+    {
+        // Arrange
+        var client = this.CreateChatCompletionClient();
+        var chatHistory = CreateSampleChatHistory();
+
+        // Act
+        await client.GenerateChatMessageAsync(chatHistory);
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestHeaders);
+        var apiKeyHeader = this._messageHandlerStub.RequestHeaders.GetValues("x-goog-api-key").SingleOrDefault();
+        Assert.NotNull(apiKeyHeader);
+        Assert.Equal("fake-key", apiKeyHeader);
+    }
+
+    [Fact]
+    public async Task ItCreatesPostRequestWithoutApiKeyInUrlAsync()
+    {
+        // Arrange
+        var client = this.CreateChatCompletionClient();
+        var chatHistory = CreateSampleChatHistory();
+
+        // Act
+        await client.GenerateChatMessageAsync(chatHistory);
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestUri);
+        Assert.DoesNotContain("key=", this._messageHandlerStub.RequestUri.ToString());
+    }
+
     [Fact]
     public async Task ItCreatesPostRequestWithResponseSchemaPropertyAsync()
     {
diff --git a/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/Gemini/Clients/GeminiChatStreamingTests.cs b/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/Gemini/Clients/GeminiChatStreamingTests.cs
@@ -392,6 +392,38 @@ public async Task ItCreatesPostRequestWithSemanticKernelVersionHeaderAsync()
         Assert.Equal(expectedVersion, header);
     }
 
+    [Fact]
+    public async Task ItCreatesPostRequestWithApiKeyInHeaderAsync()
+    {
+        // Arrange
+        var client = this.CreateChatCompletionClient();
+        var chatHistory = CreateSampleChatHistory();
+
+        // Act
+        await client.StreamGenerateChatMessageAsync(chatHistory).ToListAsync();
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestHeaders);
+        var apiKeyHeader = this._messageHandlerStub.RequestHeaders.GetValues("x-goog-api-key").SingleOrDefault();
+        Assert.NotNull(apiKeyHeader);
+        Assert.Equal("fake-key", apiKeyHeader);
+    }
+
+    [Fact]
+    public async Task ItCreatesPostRequestWithoutApiKeyInUrlAsync()
+    {
+        // Arrange
+        var client = this.CreateChatCompletionClient();
+        var chatHistory = CreateSampleChatHistory();
+
+        // Act
+        await client.StreamGenerateChatMessageAsync(chatHistory).ToListAsync();
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestUri);
+        Assert.DoesNotContain("key=", this._messageHandlerStub.RequestUri.ToString());
+    }
+
     private static ChatHistory CreateSampleChatHistory()
     {
         var chatHistory = new ChatHistory();
diff --git a/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/Gemini/Clients/GeminiCountingTokensTests.cs b/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/Gemini/Clients/GeminiCountingTokensTests.cs
@@ -116,6 +116,36 @@ public async Task ItCreatesPostRequestWithSemanticKernelVersionHeaderAsync()
         Assert.Equal(expectedVersion, header);
     }
 
+    [Fact]
+    public async Task ItCreatesPostRequestWithApiKeyInHeaderAsync()
+    {
+        // Arrange
+        var client = this.CreateTokenCounterClient();
+
+        // Act
+        await client.CountTokensAsync("fake-text");
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestHeaders);
+        var apiKeyHeader = this._messageHandlerStub.RequestHeaders.GetValues("x-goog-api-key").SingleOrDefault();
+        Assert.NotNull(apiKeyHeader);
+        Assert.Equal("fake-key", apiKeyHeader);
+    }
+
+    [Fact]
+    public async Task ItCreatesPostRequestWithoutApiKeyInUrlAsync()
+    {
+        // Arrange
+        var client = this.CreateTokenCounterClient();
+
+        // Act
+        await client.CountTokensAsync("fake-text");
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestUri);
+        Assert.DoesNotContain("key=", this._messageHandlerStub.RequestUri.ToString());
+    }
+
     [Theory]
     [InlineData("https://malicious-site.com")]
     [InlineData("http://internal-network.local")]
diff --git a/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/GoogleAI/GoogleAIClientEmbeddingsGenerationTests.cs b/dotnet/src/Connectors/Connectors.Google.UnitTests/Core/GoogleAI/GoogleAIClientEmbeddingsGenerationTests.cs
@@ -142,6 +142,38 @@ public async Task ItCreatesPostRequestWithSemanticKernelVersionHeaderAsync()
         Assert.Equal(expectedVersion, header);
     }
 
+    [Fact]
+    public async Task ItCreatesPostRequestWithApiKeyInHeaderAsync()
+    {
+        // Arrange
+        var client = this.CreateEmbeddingsClient();
+        IList<string> data = ["sample data"];
+
+        // Act
+        await client.GenerateEmbeddingsAsync(data);
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestHeaders);
+        var apiKeyHeader = this._messageHandlerStub.RequestHeaders.GetValues("x-goog-api-key").SingleOrDefault();
+        Assert.NotNull(apiKeyHeader);
+        Assert.Equal("fake-key", apiKeyHeader);
+    }
+
+    [Fact]
+    public async Task ItCreatesPostRequestWithoutApiKeyInUrlAsync()
+    {
+        // Arrange
+        var client = this.CreateEmbeddingsClient();
+        IList<string> data = ["sample data"];
+
+        // Act
+        await client.GenerateEmbeddingsAsync(data);
+
+        // Assert
+        Assert.NotNull(this._messageHandlerStub.RequestUri);
+        Assert.DoesNotContain("key=", this._messageHandlerStub.RequestUri.ToString());
+    }
+
     [Fact]
     public async Task ShouldIncludeDimensionsInAllRequestsAsync()
     {
diff --git a/dotnet/src/Connectors/Connectors.Google/Core/ClientBase.cs b/dotnet/src/Connectors/Connectors.Google/Core/ClientBase.cs
@@ -15,6 +15,7 @@ namespace Microsoft.SemanticKernel.Connectors.Google.Core;
 internal abstract class ClientBase
 {
     private readonly Func<ValueTask<string>>? _bearerTokenProvider;
+    private readonly string? _apiKey;
 
     protected ILogger Logger { get; }
 
@@ -32,12 +33,14 @@ protected ClientBase(
 
     protected ClientBase(
         HttpClient httpClient,
-        ILogger? logger)
+        ILogger? logger,
+        string? apiKey = null)
     {
         Verify.NotNull(httpClient);
 
         this.HttpClient = httpClient;
         this.Logger = logger ?? NullLogger.Instance;
+        this._apiKey = apiKey;
     }
 
     protected static void ValidateMaxTokens(int? maxTokens)
@@ -96,6 +99,10 @@ protected async Task<HttpRequestMessage> CreateHttpRequestAsync(object requestDa
             httpRequestMessage.Headers.Authorization =
                 new AuthenticationHeaderValue("Bearer", bearerKey);
         }
+        else if (!string.IsNullOrWhiteSpace(this._apiKey))
+        {
+            httpRequestMessage.Headers.Add("x-goog-api-key", this._apiKey);
+        }
 
         return httpRequestMessage;
     }
diff --git a/dotnet/src/Connectors/Connectors.Google/Core/Gemini/Clients/GeminiChatCompletionClient.cs b/dotnet/src/Connectors/Connectors.Google/Core/Gemini/Clients/GeminiChatCompletionClient.cs
@@ -100,16 +100,17 @@ public GeminiChatCompletionClient(
         ILogger? logger = null)
         : base(
             httpClient: httpClient,
-            logger: logger)
+            logger: logger,
+            apiKey: apiKey)
     {
         Verify.NotNullOrWhiteSpace(modelId);
         Verify.NotNullOrWhiteSpace(apiKey);
 
         string versionSubLink = GetApiVersionSubLink(apiVersion);
 
         this._modelId = modelId;
-        this._chatGenerationEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._modelId}:generateContent?key={apiKey}");
-        this._chatStreamingEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._modelId}:streamGenerateContent?key={apiKey}&alt=sse");
+        this._chatGenerationEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._modelId}:generateContent");
+        this._chatStreamingEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._modelId}:streamGenerateContent?alt=sse");
     }
 
     /// <summary>
diff --git a/dotnet/src/Connectors/Connectors.Google/Core/Gemini/Clients/GeminiTokenCounterClient.cs b/dotnet/src/Connectors/Connectors.Google/Core/Gemini/Clients/GeminiTokenCounterClient.cs
@@ -33,15 +33,16 @@ public GeminiTokenCounterClient(
         ILogger? logger = null)
         : base(
             httpClient: httpClient,
-            logger: logger)
+            logger: logger,
+            apiKey: apiKey)
     {
         Verify.NotNullOrWhiteSpace(modelId);
         Verify.NotNullOrWhiteSpace(apiKey);
 
         string versionSubLink = GetApiVersionSubLink(apiVersion);
 
         this._modelId = modelId;
-        this._tokenCountingEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._modelId}:countTokens?key={apiKey}");
+        this._tokenCountingEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._modelId}:countTokens");
     }
 
     /// <summary>
diff --git a/dotnet/src/Connectors/Connectors.Google/Core/GoogleAI/GoogleAIEmbeddingClient.cs b/dotnet/src/Connectors/Connectors.Google/Core/GoogleAI/GoogleAIEmbeddingClient.cs
@@ -37,15 +37,16 @@ public GoogleAIEmbeddingClient(
         int? dimensions = null)
         : base(
             httpClient: httpClient,
-            logger: logger)
+            logger: logger,
+            apiKey: apiKey)
     {
         Verify.NotNullOrWhiteSpace(modelId);
         Verify.NotNullOrWhiteSpace(apiKey);
 
         string versionSubLink = GetApiVersionSubLink(apiVersion);
 
         this._embeddingModelId = modelId;
-        this._embeddingEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._embeddingModelId}:batchEmbedContents?key={apiKey}");
+        this._embeddingEndpoint = new Uri($"https://generativelanguage.googleapis.com/{versionSubLink}/models/{this._embeddingModelId}:batchEmbedContents");
         this._dimensions = dimensions;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ namespace Microsoft.SemanticKernel.Connectors.Google.Core;`
`15`	`15`	`internal abstract class ClientBase`
`16`	`16`	`{`
`17`	`17`	`private readonly Func<ValueTask<string>>? _bearerTokenProvider;`
	`18`	`+ private readonly string? _apiKey;`
`18`	`19`
`19`	`20`	`protected ILogger Logger { get; }`
`20`	`21`
`@@ -32,12 +33,14 @@ protected ClientBase(`
`32`	`33`
`33`	`34`	`protected ClientBase(`
`34`	`35`	`HttpClient httpClient,`
`35`		`- ILogger? logger)`
	`36`	`+ ILogger? logger,`
	`37`	`+ string? apiKey = null)`
`36`	`38`	`{`
`37`	`39`	`Verify.NotNull(httpClient);`
`38`	`40`
`39`	`41`	`this.HttpClient = httpClient;`
`40`	`42`	`this.Logger = logger ?? NullLogger.Instance;`
	`43`	`+ this._apiKey = apiKey;`
`41`	`44`	`}`
`42`	`45`
`43`	`46`	`protected static void ValidateMaxTokens(int? maxTokens)`
`@@ -96,6 +99,10 @@ protected async Task<HttpRequestMessage> CreateHttpRequestAsync(object requestDa`
`96`	`99`	`httpRequestMessage.Headers.Authorization =`
`97`	`100`	`new AuthenticationHeaderValue("Bearer", bearerKey);`
`98`	`101`	`}`
	`102`	`+ else if (!string.IsNullOrWhiteSpace(this._apiKey))`
	`103`	`+ {`
	`104`	`+ httpRequestMessage.Headers.Add("x-goog-api-key", this._apiKey);`
	`105`	`+ }`
`99`	`106`
`100`	`107`	`return httpRequestMessage;`
`101`	`108`	`}`