Pass apikey in header instead of querystring

Author: danmichaelo

spec/ClientSpec.php

@@ -68,7 +68,7 @@ public function it_sends_an_API_key_with_each_request()
         $this->getJSON(str_random());
 
         // Query string should include apikey
-        expect($http->getRequests()[0])->getUri()->getQuery()->toContain('apikey=DummyApiKey');
+        expect($http->getRequests()[0])->getHeaderLine('authorization')->toBe('apikey DummyApiKey');
     }
 
     public function it_can_request_and_parse_JSON()

src/Client.php

@@ -275,7 +275,6 @@ public function buildUrl($url, $query = [])
             parse_str($url[1], $query0);
             $query = array_merge($query0, $query);
         }
-        $query['apikey'] = $this->key;
 
         $url = $url[0];
 
@@ -300,8 +299,8 @@ public function buildUrl($url, $query = [])
      */
     public function request(RequestInterface $request, $attempt = 1)
     {
-        if (!$this->key) {
-            throw new AlmaClientException('No API key defined for ' . $this->zone);
+        if (isset($this->key)) {
+            $request = $request->withHeader('Authorization', 'apikey ' . $this->key);
         }
         foreach ($this->extraHeaders as $key => $val) {
             $request = $request->withHeader($key, $val);
@@ -593,6 +592,10 @@ protected function parseClientError(HttpException $exception)
         // so we generalize it as a string.
         $code = empty($code) ? null : (string) $code;
 
+        if ($code == 'UNAUTHORIZED') {
+            return new InvalidApiKey($message, null, $exception);
+        }
+
         if (strtolower($message) == 'invalid api key') {
             return new InvalidApiKey($message, null, $exception);
         }