From ec0aed195d817cc901b4ebd3623fb4294d881e72 Mon Sep 17 00:00:00 2001
From: Evan Sosenko <evan@getseam.com>
Date: Fri, 28 Jul 2023 14:23:27 -0700
Subject: [PATCH] fix: Send authorization header with client session token

---
 docs/classes/Seam.md       |  4 ++--
 src/seam-connect/client.ts | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/docs/classes/Seam.md b/docs/classes/Seam.md
index 32754ca7..0821cb7f 100644
--- a/docs/classes/Seam.md
+++ b/docs/classes/Seam.md
@@ -403,7 +403,7 @@ Routes.makeRequest
 
 #### Defined in
 
-[src/seam-connect/client.ts:107](https://github.com/seamapi/javascript/blob/main/src/seam-connect/client.ts#L107)
+[src/seam-connect/client.ts:108](https://github.com/seamapi/javascript/blob/main/src/seam-connect/client.ts#L108)
 
 ___
 
@@ -428,4 +428,4 @@ ___
 
 #### Defined in
 
-[src/seam-connect/client.ts:113](https://github.com/seamapi/javascript/blob/main/src/seam-connect/client.ts#L113)
+[src/seam-connect/client.ts:114](https://github.com/seamapi/javascript/blob/main/src/seam-connect/client.ts#L114)
diff --git a/src/seam-connect/client.ts b/src/seam-connect/client.ts
index 913bebbd..c145815b 100644
--- a/src/seam-connect/client.ts
+++ b/src/seam-connect/client.ts
@@ -93,6 +93,7 @@ export class Seam extends Routes {
       ] = `Javascript SDK v${version}, Node.js mode, (https://github.com/seamapi/javascript)`
     }
     this.client = axios.create({
+      withCredentials: clientSessionToken ? true : false,
       ...axiosOptions,
       baseURL: endpoint,
       headers,
@@ -216,15 +217,15 @@ const getAuthHeaders = ({
     if (!clientSessionToken.startsWith("seam_cst")) {
       throw new Error("clientSessionToken must start with seam_cst")
     }
-    return { "client-session-token": clientSessionToken }
+    return {
+      authorization: `Bearer ${clientSessionToken}`,
+      "client-session-token": clientSessionToken,
+    }
   }
 
   if (apiKey) {
     if (apiKey.startsWith("seam_cst")) {
-      console.warn(
-        "Using API Key as Client Session Token is deprecated. Please use the clientSessionToken option instead."
-      )
-      return { "client-session-token": apiKey }
+      throw new Error("You can't use a Client Session Token as an apiKey.")
     }
     if (!isValueUsedForBearerAuthentication(apiKey) && workspaceId)
       throw new Error(