Use accessKey header instead of Authorization header (confirmed with Rakuten support)

sugi · sugi · commit 91ac7e70a225 · 2026-03-12T18:56:01.000+09:00
diff --git a/lib/rakuten_web_service/client.rb b/lib/rakuten_web_service/client.rb
@@ -40,7 +40,10 @@ def request(path, params)
       path = "#{path}?#{URI.encode_www_form(params)}"
       header = { 'User-Agent' => USER_AGENT }
       if RakutenWebService.configuration.access_key
-        header['Authorization'] = "Bearer #{RakutenWebService.configuration.access_key}"
+        case RakutenWebService.configuration.access_key_transport
+        when :access_key_header
+          header['accessKey'] = RakutenWebService.configuration.access_key
+        end
       end
       http.get(path, header)
     end
diff --git a/lib/rakuten_web_service/configuration.rb b/lib/rakuten_web_service/configuration.rb
@@ -5,12 +5,16 @@
 module RakutenWebService
   class Configuration
     attr_accessor :application_id, :affiliate_id, :max_retries, :debug, :access_key
+    attr_reader :access_key_transport
+
+    ALLOWED_ACCESS_KEY_TRANSPORTS = [:access_key_header, :query].freeze
 
     def initialize
       @application_id = ENV['RWS_APPLICATION_ID']
       @affiliate_id = ENV['RWS_AFFILIATE_ID']
       @max_retries = 5
       @access_key = ENV['RWS_ACCESS_KEY']
+      @access_key_transport = :access_key_header
     end
 
     def generate_parameters(params)
@@ -19,7 +23,11 @@ def generate_parameters(params)
 
     def default_parameters
       raise 'Application ID and access key are not defined' unless has_required_options?
-      { application_id: application_id, affiliate_id: affiliate_id, format_version: '2' }
+      params = { application_id: application_id, affiliate_id: affiliate_id, format_version: '2' }
+      if access_key_transport == :query
+        params[:access_key] = access_key
+      end
+      params
     end
 
     def has_required_options?
@@ -30,6 +38,13 @@ def debug_mode?
       ENV.key?('RWS_SDK_DEBUG') || debug
     end
 
+    def access_key_transport=(value)
+      unless ALLOWED_ACCESS_KEY_TRANSPORTS.include?(value&.to_sym)
+        raise ArgumentError, "Invalid access_key_transport value: #{value}, expected one of: #{ALLOWED_ACCESS_KEY_TRANSPORTS.inspect}"
+      end
+      @access_key_transport = value&.to_sym
+    end
+
     private
 
     using RakutenWebService::StringSupport
diff --git a/spec/rakuten_web_service/client_spec.rb b/spec/rakuten_web_service/client_spec.rb
@@ -21,7 +21,7 @@
       with(query: expected_query,
            headers: {
              'User-Agent' => "RakutenWebService SDK for Ruby v#{RWS::VERSION}(ruby-#{RUBY_VERSION} [#{RUBY_PLATFORM}])",
-             'Authorization' => "Bearer #{access_key}"
+             'accessKey' => access_key
            }).
       to_return(expected_response)
 
@@ -86,6 +86,34 @@
         end
       end
     end
+
+    context 'when access_key_transport is :query' do
+      let(:expected_query) do
+        { affiliateId: affiliate_id, applicationId: application_id, formatVersion: '2', accessKey: access_key }
+      end
+
+      around do |example|
+        original = RakutenWebService.configuration.access_key_transport
+        RakutenWebService.configuration.access_key_transport = :query
+        example.run
+        RakutenWebService.configuration.access_key_transport = original
+      end
+
+      before do
+        @expected_request = stub_request(:get, endpoint).
+          with(query: expected_query,
+               headers: {
+                 'User-Agent' => "RakutenWebService SDK for Ruby v#{RWS::VERSION}(ruby-#{RUBY_VERSION} [#{RUBY_PLATFORM}])"
+               }).
+          to_return(expected_response)
+
+        client.get({})
+      end
+
+      specify 'sends access_key as query parameter' do
+        expect(@expected_request).to have_been_made.once
+      end
+    end
   end
 
   describe 'about exceptions' do
diff --git a/spec/rakuten_web_service/configuration_spec.rb b/spec/rakuten_web_service/configuration_spec.rb
@@ -54,6 +54,21 @@
     end
   end
 
+  describe '#access_key_transport=' do
+    let(:config) { RakutenWebService::Configuration.new }
+
+    %i[access_key_header query].each do |valid_value|
+      it "accepts :#{valid_value}" do
+        config.access_key_transport = valid_value
+        expect(config.access_key_transport).to eq valid_value
+      end
+    end
+
+    it 'raises ArgumentError for invalid value' do
+      expect { config.access_key_transport = :invalid }.to raise_error(ArgumentError)
+    end
+  end
+
   describe "#default_parameters" do
     before do
       RakutenWebService.configure do |c|
@@ -76,6 +91,20 @@
       it "does not include access_key in parameters" do
         expect(subject).not_to have_key(:access_key)
       end
+
+      context "when access_key_transport is :query" do
+        around do |example|
+          original = RakutenWebService.configuration.access_key_transport
+          RakutenWebService.configuration.access_key_transport = :query
+          example.run
+          RakutenWebService.configuration.access_key_transport = original
+        end
+
+        it "includes access_key in parameters" do
+          expect(subject[:access_key]).to eq 'access_key'
+        end
+      end
+
     end
     context "When application id is not given" do
       let(:application_id) { nil }
