Skip to content

refactor: use Authorization header for API authentication#9

Merged
MiniCodeMonkey merged 2 commits into
mainfrom
refactor/auth-header-authentication
Aug 8, 2025
Merged

refactor: use Authorization header for API authentication#9
MiniCodeMonkey merged 2 commits into
mainfrom
refactor/auth-header-authentication

Conversation

@MiniCodeMonkey

@MiniCodeMonkey MiniCodeMonkey commented Aug 8, 2025

Copy link
Copy Markdown
Member

Summary

  • Refactored API authentication to use Authorization headers instead of query parameters
  • Improves security by following best practices recommended in the Geocodio API documentation
  • Eliminates code duplication by centralizing authentication in the _request method

Changes

  • Modified _request method to automatically add Authorization header with Bearer token
  • Removed redundant api_key parameter initialization from all API methods (geocode, reverse, list operations)
  • Made params parameter optional in _request method, defaulting to empty dict when not provided
  • Updated all unit tests to expect Authorization header instead of api_key query parameter
  • Removed TODO comment about repeated API key handling (now resolved)

Test Plan

Unit Tests (✅ All Passing)

  • test_client.py - Client initialization and basic geocoding tests
  • test_geocode.py - Forward geocoding with various parameters
  • test_reverse.py - Reverse geocoding with various parameters
  • test_errors.py - Error handling with proper authentication
  • All 48 unit tests passing with 85% code coverage

Test Execution

# All unit tests pass
uv run pytest tests/unit/ -v
# Result: 48 passed in 1.05s

Breaking Changes

None - The public API remains unchanged. This is an internal implementation improvement that maintains backward compatibility.

@MiniCodeMonkey
refactor(auth): use Authorization header instead of query params for …
c2f16d2 
…API key

Migrate API key authentication from query parameters to Authorization header
following security best practices and Geocodio API documentation recommendations.
This reduces code duplication by centralizing auth header injection in the
_request method.

- Add Authorization header with Bearer token in _request method
- Remove redundant api_key parameter initialization from all API methods
- Make params parameter optional in _request method (defaults to empty dict)
- Remove TODO comment about repeated API key handling
@MiniCodeMonkey
test: update mocks to expect Authorization header
4a1ca43 
Update all test mocks to match the new authentication implementation
using Authorization headers instead of query parameters.

- Update httpx_mock fixtures to use match_headers with Bearer token
- Remove api_key from query parameter expectations in all test files
- Ensure all error mapping and geocoding tests pass with new auth format
@MiniCodeMonkey MiniCodeMonkey merged commit cb1433a into main Aug 8, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MiniCodeMonkey