Fix auth header in API docs (access-token, not Authorization: Bearer)#10
Open
pimfeltkamp wants to merge 1 commit intomainfrom
Open
Fix auth header in API docs (access-token, not Authorization: Bearer)#10pimfeltkamp wants to merge 1 commit intomainfrom
pimfeltkamp wants to merge 1 commit intomainfrom
Conversation
…ation: Bearer) The Public API v1 uses an 'access-token: <token>' header, not the OAuth2-conventional 'Authorization: Bearer <token>' that the docs described. The AWS API Gateway in front of the production API rejects Bearer-style Authorization headers (it routes them to a SigV4 parser and returns 405 Missing Authentication Token). This was the root cause behind cryptohopper-resources#9 and the matching transport fixes shipped today across all 8 SDKs. Source-of-truth references: - https://www.cryptohopper.com/api-documentation/how-the-api-works - cryptohopper/cryptohopper-ios-sdk HopperAPIRequest.swift:248 - cryptohopper/cryptohopper-android-sdk HopperAPIRequest.kt:331 - cryptohopper/code-samples curl/README.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tracking: #9. Companion to the transport-fix PRs landing in all 8 SDK repos this same hour (Node #9, Python #4, Go #4, Ruby #3, Rust #7, PHP #6, Dart #4, Swift #2).
The local docs in this repo described the auth header as
Authorization: Bearer <token>, which is what every SDK in the org has been sending — and what the AWS API Gateway in front of the production API rejects with405 Missing Authentication Token. The actual header isaccess-token: <token>, as documented at https://www.cryptohopper.com/api-documentation/how-the-api-works and used by the legacy iOS/Android SDKs and thecode-samplesrepo.Files changed
docs/api/authentication.md—Authorization: Bearerblock replaced withaccess-token; added a note explaining the v1-vs-V2 split (V2 uses Bearer; v1 — what these SDKs target — does not).docs/api/getting-started.md— same fix in two places (the inline header example and the GET-hopper example).The remaining
Authorizationmentions inauthentication.mdare about the OAuth2 "Authorization Code Flow" grant type and the consent-page URL — those are correct usage.What's NOT in this PR (separate sweeps already done or pending)
docs/sdks.md(PR Add docs/sdks.md — public overview of the SDK suite #3) probably mentions Bearer somewhere; will update after they land or fold in.Ready to merge as soon as you can take a look.