Skip to content

Use X-goog-api-key header instead of URL parameter#4

Closed
langsharpe wants to merge 1 commit into
masterfrom
fix-issue-3
Closed

Use X-goog-api-key header instead of URL parameter#4
langsharpe wants to merge 1 commit into
masterfrom
fix-issue-3

Conversation

@langsharpe
Copy link
Copy Markdown
Owner

@langsharpe langsharpe commented Jul 26, 2025

Summary

Implements Google's recommended REST API authentication practice by using the X-goog-api-key header instead of passing the API key as a URL parameter.

Changes Made

  • Authentication Enhancement: Added add_auth_header method to set X-goog-api-key header for API requests
  • Client Updates: Modified get and post methods in GoogleMapsService::Client to use header authentication
  • URL Generation: Updated generate_auth_url to exclude API key from URL parameters when using API key authentication
  • Test Updates: Updated all API test specs to expect header-based authentication instead of URL parameters
  • Backward Compatibility: Client ID authentication continues to work unchanged (still uses URL parameters and signatures)

Security Benefits

  • Follows Google's current recommended authentication practices
  • Reduces exposure of API keys in URLs and logs
  • Aligns with modern REST API security standards

Testing

  • All existing tests have been updated to validate header-based authentication
  • Maintains full backward compatibility for client ID authentication
  • No breaking changes to the public API interface

Reference

🤖 Generated with Claude Code

@langsharpe @claude
Use X-goog-api-key header instead of URL parameter for API authentica…
90de9ce 
…tion

This change implements Google's recommended REST API authentication practice
by using the X-goog-api-key header instead of passing the API key as a URL
parameter. This improves security and follows modern API standards.

Changes:
- Added add_auth_header method to set X-goog-api-key header
- Updated get and post methods to use header authentication
- Modified generate_auth_url to exclude API key from URL parameters
- Updated all test specs to expect header-based authentication
- Client ID authentication continues to work unchanged

Fixes #3

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@langsharpe langsharpe closed this Jul 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use X-goog-api-key header instead of url param

1 participant

@langsharpe