Skip to content

CRED-2149: Add PAT auth support to Java API client#3555

Open
tausman wants to merge 2 commits intomasterfrom
tausman/cred-2149-java-pat-auth
Open

CRED-2149: Add PAT auth support to Java API client#3555
tausman wants to merge 2 commits intomasterfrom
tausman/cred-2149-java-pat-auth

Conversation

@tausman
Copy link

@tausman tausman commented Mar 4, 2026
edited
Loading

Why

Adds Personal Access Token (PAT) authentication support to the Java API client. PATs can be used via the Authorization: Bearer <PAT> header, providing an alternative authentication method alongside API key + app key auth.

Jira: CRED-2149

Summary

  • Env var: DD_BEARER_TOKEN -- when set, the client sends Authorization: Bearer <token> on every request
  • Behavior: Auth methods are NOT mutually exclusive. All configured headers are sent simultaneously (DD-API-KEY, DD-APPLICATION-KEY, Authorization: Bearer), and the server uses whichever is valid
  • Generator template (ApiClient.j2): Added spec-driven support for type: http security schemes. Reads x-env-name from the OpenAPI spec for env var configuration. Iterates over security schemes rather than hardcoding names
  • ApiClient.java (generated): Registers bearerAuth in the authentication map, reads DD_BEARER_TOKEN from the environment, and applies bearer auth alongside any other configured auth headers
  • HttpBearerAuth (pre-existing class): Applies Authorization: Bearer <token> to request headers
  • HttpBearerAuthTest: Unit tests for token get/set, header application, null-token no-op, client registration, and client set/get round-trip

Commit structure

  1. CRED-2149: Add PAT auth support to Java API client - templates and tests — Template (.j2) and test file changes only. No generated output.
  2. CRED-2149: Regenerated client code from templates — Generated ApiClient.java output from running the generator + google-java-format.

Changes

  • .generator/src/generator/templates/ApiClient.j2 -- http type handler in security scheme loop, spec-driven env var reading via x-env-name, bearer auth applied alongside other auth in updateParamsForAuth()
  • src/main/java/com/datadog/api/client/ApiClient.java -- generated output with bearerAuth registration, DD_BEARER_TOKEN env var reading, non-exclusive auth header application
  • src/test/java/com/datadog/api/client/auth/HttpBearerAuthTest.java -- 5 unit tests

Test plan

  • Unit tests pass (5/5 in HttpBearerAuthTest)
  • E2E verification against staging (api.datad0g.com/api/v2/current_user) with Authorization: Bearer header returns 200
  • Confirmed all configured auth headers are sent independently -- no suppression or mutual exclusivity
  • No secrets in committed files
  • Generated files verified: ApiClient.java matches generator + formatter output exactly

PR Stack

API Client Libraries

OpenAPI Spec Changes

This was referenced Mar 4, 2026
Open
Open
Open
Open
Open
@tausman tausman force-pushed the tausman/cred-2149-java-pat-auth branch from f143b4c to 33c1e99 Compare March 4, 2026 21:17
@tausman tausman changed the title Add PAT bearer auth support (CRED-2149) CRED-2149: Add PAT auth support to Java API client Mar 4, 2026
@tausman tausman force-pushed the tausman/cred-2149-java-pat-auth branch 3 times, most recently from 20d4b7c to 0bbf78d Compare March 5, 2026 00:45
@tausman tausman force-pushed the tausman/cred-2149-java-pat-auth branch from 986e638 to 98ae115 Compare March 5, 2026 17:40
@tausman tausman marked this pull request as ready for review March 5, 2026 18:43
@tausman tausman requested review from a team as code owners March 5, 2026 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tausman