support API key authentication via header

Yelp · Oct 21, 2016 · 3fba4be · 3fba4be
1 parent 65472fa
commit 3fba4be
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/bravado/requests_client.py b/bravado/requests_client.py
@@ -48,20 +48,25 @@ def apply(self, request):
 class ApiKeyAuthenticator(Authenticator):
     """?api_key authenticator.
 
-    This authenticator adds a query parameter to specify an API key.
+    This authenticator adds an API key via query parameter or header.
 
     :param host: Host to authenticate for.
     :param api_key: API key.
     :param param_name: Query parameter specifying the API key.
+    :param param_in: How to send the API key. Can be 'query' or 'header'.
     """
 
-    def __init__(self, host, api_key, param_name=u'api_key'):
+    def __init__(self, host, api_key, param_name=u'api_key', param_in=u'query'):
         super(ApiKeyAuthenticator, self).__init__(host)
         self.param_name = param_name
+        self.param_in = param_in
         self.api_key = api_key
 
     def apply(self, request):
-        request.params[self.param_name] = self.api_key
+        if self.param_in == 'header':
+            request.headers[self.param_name] = self.api_key
+        else:
+            request.params[self.param_name] = self.api_key
         return request
 
 
@@ -151,9 +156,9 @@ def set_basic_auth(self, host, username, password):
         self.authenticator = BasicAuthenticator(
             host=host, username=username, password=password)
 
-    def set_api_key(self, host, api_key, param_name=u'api_key'):
+    def set_api_key(self, host, api_key, param_name=u'api_key', param_in=u'query'):
         self.authenticator = ApiKeyAuthenticator(
-            host=host, api_key=api_key, param_name=param_name)
+            host=host, api_key=api_key, param_name=param_name, param_in=param_in)
 
     def authenticated_request(self, request_params):
         return self.apply_authentication(requests.Request(**request_params))

diff --git a/tests/http_client_test.py b/tests/http_client_test.py
@@ -112,6 +112,27 @@ def test_api_key(self):
         self.assertEqual('expected', resp.text)
         self.assertEqual({'foo': ['bar'], 'test': ['abc123']},
                          httpretty.last_request().querystring)
+        self.assertEqual(None, httpretty.last_request().headers.get('test'))
+
+    @httpretty.activate
+    def test_api_key_header(self):
+        httpretty.register_uri(
+            httpretty.GET, "http://swagger.py/client-test",
+            body='expected')
+
+        client = RequestsClient()
+        client.set_api_key("swagger.py", 'abc123', param_name='Key',
+                           param_in='header')
+        params = self._default_params()
+        params['params'] = {'foo': 'bar'}
+
+        resp = client.request(params).result()
+
+        self.assertEqual(200, resp.status_code)
+        self.assertEqual('expected', resp.text)
+        self.assertEqual({'foo': ['bar']},
+                         httpretty.last_request().querystring)
+        self.assertEqual('abc123', httpretty.last_request().headers['Key'])
 
     @httpretty.activate
     def test_auth_leak(self):