Skip to content

refactor: use Authorization header for API authentication #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 8, 2025
Merged

refactor: use Authorization header for API authentication #9

merged 2 commits into from
Aug 8, 2025

Conversation

MiniCodeMonkey
Copy link
Member

Summary

  • Refactored API authentication to use Authorization headers instead of query parameters
  • Improves security by following best practices recommended in the Geocodio API documentation
  • Eliminates code duplication by centralizing authentication in the _request method

Changes

  • Modified _request method to automatically add Authorization header with Bearer token
  • Removed redundant api_key parameter initialization from all API methods (geocode, reverse, list operations)
  • Made params parameter optional in _request method, defaulting to empty dict when not provided
  • Updated all unit tests to expect Authorization header instead of api_key query parameter
  • Removed TODO comment about repeated API key handling (now resolved)

Test Plan

Unit Tests (✅ All Passing)

  • test_client.py - Client initialization and basic geocoding tests
  • test_geocode.py - Forward geocoding with various parameters
  • test_reverse.py - Reverse geocoding with various parameters
  • test_errors.py - Error handling with proper authentication
  • All 48 unit tests passing with 85% code coverage

Test Execution

# All unit tests pass
uv run pytest tests/unit/ -v
# Result: 48 passed in 1.05s

Breaking Changes

None - The public API remains unchanged. This is an internal implementation improvement that maintains backward compatibility.

@MiniCodeMonkey
refactor(auth): use Authorization header instead of query params for …
c2f16d2 
…API key

Migrate API key authentication from query parameters to Authorization header
following security best practices and Geocodio API documentation recommendations.
This reduces code duplication by centralizing auth header injection in the
_request method.

- Add Authorization header with Bearer token in _request method
- Remove redundant api_key parameter initialization from all API methods
- Make params parameter optional in _request method (defaults to empty dict)
- Remove TODO comment about repeated API key handling
@MiniCodeMonkey
test: update mocks to expect Authorization header
4a1ca43 
Update all test mocks to match the new authentication implementation
using Authorization headers instead of query parameters.

- Update httpx_mock fixtures to use match_headers with Bearer token
- Remove api_key from query parameter expectations in all test files
- Ensure all error mapping and geocoding tests pass with new auth format
@MiniCodeMonkey MiniCodeMonkey merged commit cb1433a into main Aug 8, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MiniCodeMonkey