Skip to content

CRED-2146: Add PAT auth support to Python API client#3243

Open
tausman wants to merge 2 commits intomasterfrom
tausman/cred-2146-python-pat-auth
Open

CRED-2146: Add PAT auth support to Python API client#3243
tausman wants to merge 2 commits intomasterfrom
tausman/cred-2146-python-pat-auth

Conversation

@tausman
Copy link

@tausman tausman commented Mar 4, 2026
edited
Loading

Why

Add Personal Access Token (PAT) authentication support to the Python API client. PATs authenticate via an Authorization: Bearer <PAT> header. This is in addition to (not replacing) the existing API key + app key auth — both can be sent simultaneously.

Behavior

  • Set DD_BEARER_TOKEN env var or pass access_token= to Configuration() to configure PAT auth
  • When configured, the Authorization: Bearer <token> header is sent alongside any configured DD-API-KEY and DD-APPLICATION-KEY headers
  • Auth methods are not mutually exclusive — all configured headers are sent, and the server uses whichever is valid
  • Aligns with the bearerAuth security scheme now defined in the OpenAPI spec (x-env-name: DD_BEARER_TOKEN)

Summary of changes

  • configuration.j2 / configuration.py: Uncommented the existing bearer auth handler in the template so the generator picks up bearerAuth from the OpenAPI spec automatically. Uses the standard access_token field. Added DD_BEARER_TOKEN env var loading.
  • api_client.j2 / api_client.py: No special branching for bearer auth — all configured auth headers flow through the regular auth loop.
  • tests/test_pat_auth.py: Unit tests covering configuration, auth settings, env var loading, and header behavior (all headers sent together, bearer-only, api-keys-only, endpoint without bearerAuth).

Commit structure

  1. CRED-2146: Add PAT auth support to Python API client - templates and tests — Template changes (.j2 files) and test files only. No generated output.
  2. CRED-2146: Regenerated client code from templates — Generated client code produced by running the generator from the modified templates, then formatted with ruff.

Test plan

  • 10 unit tests pass (python -m pytest tests/test_pat_auth.py -v)
  • Verified all three auth headers sent simultaneously when all credentials configured
  • Verified bearer-only and api-key-only paths work independently
  • Verified endpoints without bearerAuth in auth list don't send Authorization header
  • No secrets in committed files
  • Generated files verified to match generator output from templates

PR Stack

API Client Libraries

OpenAPI Spec Changes

This was referenced Mar 4, 2026
Open
Open
Open
Open
Open
@tausman tausman force-pushed the tausman/cred-2146-python-pat-auth branch from 36432fc to fd911c2 Compare March 4, 2026 21:17
@tausman tausman changed the title Add PAT (Personal Access Token) auth support CRED-2146: Add PAT auth support to Python API client Mar 4, 2026
@tausman tausman force-pushed the tausman/cred-2146-python-pat-auth branch 2 times, most recently from 8374703 to fe5c4e4 Compare March 4, 2026 22:51
@tausman tausman force-pushed the tausman/cred-2146-python-pat-auth branch from f7ec619 to 3c7c23c Compare March 5, 2026 17:38
@tausman tausman marked this pull request as ready for review March 5, 2026 18:43
@tausman tausman requested review from a team as code owners March 5, 2026 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tausman