Use Bearer token instead of token_auth, #PG-5027 (#24)

lachiebol · web-flow · commit 6c51982241e7 · 2026-03-13T09:32:47.000+13:00
* Changed to bearer token for better security practices

* remove token auth urls in response descriptions

* Updated changelog
diff --git a/Annotations/AnnotationGenerator.php b/Annotations/AnnotationGenerator.php
@@ -1239,17 +1239,7 @@ protected function determineResponses(array $rules, string $plugin, string $meth
             $successArray['schema'] = $responseSchema;
         }
 
-        $tsvExampleLink = 'TSV (N/A)';
-        if (count($mediaTypes) > 2) {
-            $tsvExampleLink = "[TSV (Excel)]({$exampleUrls['tsv']})";
-        }
-        $descriptionLinks = empty($exampleUrls) ? '' : "[XML]({$exampleUrls['xml']}), [JSON]({$exampleUrls['json']}), $tsvExampleLink";
-        $descriptionLinks = !empty($descriptionLinks) ? 'Example links: ' . $descriptionLinks : $descriptionLinks;
-
-        // Append the links to the description with a prefix linebreak. If there's no description, skip the break
-        $successArray['description'] .= (!empty($successArray['description']) && !empty($descriptionLinks) ? '</br>' : '') . $descriptionLinks;
-
-        if (empty($successArray['ref']) && empty($descriptionLinks) && empty($successArray['schema'])) {
+        if (empty($successArray['ref']) && empty($successArray['schema'])) {
             $this->addMissingImportantDataWarning($method, 'return', 'Type could not be determined via comment block or example.');
         }
 
diff --git a/Annotations/GlobalApiComponents.php b/Annotations/GlobalApiComponents.php
@@ -34,10 +34,9 @@
  *
  * @OA\SecurityScheme(
  *     securityScheme="MatomoToken",
- *     type="apiKey",
- *     in="query",
- *     name="token_auth",
- *     description="Matomo API token passed as the 'token_auth' query parameter."
+ *     type="http",
+ *     scheme="bearer",
+ *     description="Matomo API token passed in the Authorization header as a bearer token. For demo.matomo.cloud requests, use the anonymous token value: anonymous."
  * )
  *
  * @OA\Server(
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 - Added support for string literal union types
 - Added API endpoint to retrieve static matomo swagger file
 - Added support for deactivated plugins
+- Removed token auth support
 
 5.0.1-b1 - 2026-02-16
 - Added class and function level docs

Original file line number	Diff line number	Diff line change
`@@ -34,10 +34,9 @@`
`34`	`34`	`*`
`35`	`35`	`* @OA\SecurityScheme(`
`36`	`36`	`* securityScheme="MatomoToken",`
`37`		`- * type="apiKey",`
`38`		`- * in="query",`
`39`		`- * name="token_auth",`
`40`		`- * description="Matomo API token passed as the 'token_auth' query parameter."`
	`37`	`+ * type="http",`
	`38`	`+ * scheme="bearer",`
	`39`	`+ * description="Matomo API token passed in the Authorization header as a bearer token. For demo.matomo.cloud requests, use the anonymous token value: anonymous."`
`41`	`40`	`* )`
`42`	`41`	`*`
`43`	`42`	`* @OA\Server(`