Skip to content

Add support for service-to-service API key authentication #6764

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 18, 2025
Merged

Add support for service-to-service API key authentication #6764

merged 1 commit into from
Apr 18, 2025

Conversation

@jnsdls
Copy link
Member

@jnsdls jnsdls commented Apr 18, 2025
edited by pr-codex bot
Loading

Add support for service-to-service API key authentication

This PR adds support for service-to-service API key authentication by:

  • Adding the ability to pass a service API key via the x-service-api-key header
  • Implementing logic to validate incoming service API keys
  • Allowing service API keys to bypass domain restrictions when used with publishable keys
  • Updating the caching mechanism to handle service API key authentication
  • Adding tests to verify service API key authentication works correctly

This enhancement enables secure communication between different thirdweb services while maintaining proper authorization controls.

PR-Codex overview

This PR adds support for service-to-service API key authentication in the service-utils package, enhancing the authorization process by allowing clients to use an incoming service API key alongside traditional methods.

Detailed summary

  • Added incomingServiceApiKey and incomingServiceApiKeyHash to various data structures.
  • Updated authorizeClient function to handle incoming service API key for authorization.
  • Modified caching logic to include incoming service API key.
  • Enhanced tests to validate authorization using the incoming service API key.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@vercel
Copy link

vercel bot commented Apr 18, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 18, 2025 8:21am
login ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 18, 2025 8:21am
thirdweb_playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 18, 2025 8:21am
thirdweb-www ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 18, 2025 8:21am
wallet-ui ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 18, 2025 8:21am

@changeset-bot
Copy link

changeset-bot bot commented Apr 18, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 483376d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@thirdweb-dev/service-utils Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@jnsdls jnsdls marked this pull request as ready for review April 18, 2025 07:53
@jnsdls jnsdls requested a review from a team as a code owner April 18, 2025 07:54
@jnsdls Graphite App
Copy link
Member Author

jnsdls commented Apr 18, 2025
edited
Loading

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@codecov
Copy link

codecov bot commented Apr 18, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.16%. Comparing base (3a43fb2) to head (483376d).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #6764   +/-   ##
=======================================
  Coverage   55.16%   55.16%           
=======================================
  Files         896      896           
  Lines       56910    56910           
  Branches     3938     3938           
=======================================
  Hits        31396    31396           
  Misses      25419    25419           
  Partials       95       95
Flag Coverage Δ
packages 55.16% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Contributor

github-actions bot commented Apr 18, 2025
edited
Loading

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
thirdweb (esm) 50.75 KB (0%) 1.1 s (0%) 190 ms (+154.47% 🔺) 1.3 s
thirdweb (cjs) 138.9 KB (0%) 2.8 s (0%) 351 ms (+111.92% 🔺) 3.2 s
thirdweb (minimal + tree-shaking) 5.59 KB (0%) 112 ms (0%) 88 ms (+1597.68% 🔺) 200 ms
thirdweb/chains (tree-shaking) 514 B (0%) 11 ms (0%) 80 ms (+4602.78% 🔺) 90 ms
thirdweb/react (minimal + tree-shaking) 19.36 KB (0%) 388 ms (0%) 121 ms (+938.89% 🔺) 508 ms

@jnsdls jnsdls force-pushed the Add_support_for_service-to-service_API_key_authentication branch from fd4e718 to 9d18dd7 Compare April 18, 2025 08:09
@jnsdls jnsdls force-pushed the Add_support_for_service-to-service_API_key_authentication branch from 9d18dd7 to 483376d Compare April 18, 2025 08:11
@jnsdls jnsdls merged commit 72875f9 into main Apr 18, 2025
23 checks passed
@jnsdls jnsdls deleted the Add_support_for_service-to-service_API_key_authentication branch April 18, 2025 08:43
@joaquim-verges joaquim-verges mentioned this pull request Apr 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joaquim-verges joaquim-verges joaquim-verges approved these changes

Assignees

@jnsdls jnsdls

Labels

packages

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jnsdls @joaquim-verges