Skip to content

Use serverless usage check for auth#2215

Merged
hansent merged 5 commits intomainfrom
codex/serverless-usage-check-auth
Apr 9, 2026
Merged

Use serverless usage check for auth#2215
hansent merged 5 commits intomainfrom
codex/serverless-usage-check-auth

Conversation

@hansent
Copy link
Copy Markdown
Collaborator

@hansent hansent commented Apr 8, 2026

Summary

  • switch serverless auth from the workspace lookup endpoint to /serverless/usage-check
  • cache successful 200 auth results for 1 hour and short-lived 401/402 failures for 1 minute
  • add unit coverage for the new Roboflow API helper and the serverless middleware cache/response behavior

Why

Serverless inference should fail as early as possible when an API key is not authorized for inference or when the resolved workspace can no longer spend credits.

Impact

Serverless requests now distinguish unauthorized keys from billing-restricted workspaces, while preserving the existing route skip list and workspace header behavior on success.

Root Cause

The existing middleware only verified that an API key resolved to a workspace ID, which did not catch inference authorization and billing-cap failures early enough for serverless deployments.

Validation

  • python -m py_compile inference/core/roboflow_api.py inference/core/interfaces/http/http_api.py tests/inference/unit_tests/core/test_roboflow_api.py tests/inference/unit_tests/core/interfaces/http/test_http_api.py
  • python -m pytest ... could not be run in this shell because pytest is not installed in the active Python environment

@hansent hansent changed the title [codex] Use serverless usage check for auth Use serverless usage check for auth Apr 8, 2026
@hansent hansent marked this pull request as ready for review April 8, 2026 21:28
grzegorz-roboflow
grzegorz-roboflow approved these changes Apr 9, 2026
View reviewed changes
inference/core/interfaces/http/http_api.py
return await call_next(request)

def _unauthorized_response(msg):
def _authorization_error_response(status_code: int, msg: str):
Copy link
Copy Markdown
Collaborator

@grzegorz-roboflow grzegorz-roboflow Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know the _unauthorized_response was already here, but maybe we can move _authorization_error_response outside of check_authorization_serverless middleware (since it's potentially hot path)

@hansent hansent enabled auto-merge (squash) April 9, 2026 17:31
@hansent hansent merged commit 859f6af into main Apr 9, 2026
46 checks passed
@hansent hansent deleted the codex/serverless-usage-check-auth branch April 9, 2026 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grzegorz-roboflow grzegorz-roboflow grzegorz-roboflow approved these changes

@PawelPeczek-Roboflow PawelPeczek-Roboflow Awaiting requested review from PawelPeczek-Roboflow PawelPeczek-Roboflow is a code owner

@yeldarby yeldarby Awaiting requested review from yeldarby yeldarby is a code owner

@probicheaux probicheaux Awaiting requested review from probicheaux probicheaux is a code owner

@dkosowski87 dkosowski87 Awaiting requested review from dkosowski87 dkosowski87 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hansent @grzegorz-roboflow