Skip to content

CRED-2149: Add PAT auth support to Java API client#3555

Draft
tausman wants to merge 2 commits intomasterfrom
tausman/cred-2149-java-pat-auth
Draft

CRED-2149: Add PAT auth support to Java API client#3555
tausman wants to merge 2 commits intomasterfrom
tausman/cred-2149-java-pat-auth

Conversation

@tausman
Copy link

@tausman tausman commented Mar 4, 2026
edited
Loading

Why

Adds Personal Access Token (PAT) authentication support to the Java API client. PATs can be used via the Authorization: Bearer <PAT> header, providing an alternative authentication method alongside API key + app key auth.

Jira: CRED-2149

Summary

  • Env var: DD_BEARER_TOKEN -- when set, the client sends Authorization: Bearer <token> on every request
  • Behavior: Auth methods are NOT mutually exclusive. All configured headers are sent simultaneously (DD-API-KEY, DD-APPLICATION-KEY, Authorization: Bearer), and the server uses whichever is valid
  • Generator template (ApiClient.j2): Added spec-driven support for type: http security schemes. Reads x-env-name from the OpenAPI spec for env var configuration. Iterates over security schemes rather than hardcoding names
  • ApiClient.java (generated): Registers bearerAuth in the authentication map, reads DD_BEARER_TOKEN from the environment, and applies bearer auth alongside any other configured auth headers
  • HttpBearerAuth (pre-existing class): Applies Authorization: Bearer <token> to request headers
  • HttpBearerAuthTest: Unit tests for token get/set, header application, null-token no-op, client registration, and client set/get round-trip

Changes

  • .generator/src/generator/templates/ApiClient.j2 -- http type handler in security scheme loop, spec-driven env var reading via x-env-name, bearer auth applied alongside other auth in updateParamsForAuth()
  • src/main/java/com/datadog/api/client/ApiClient.java -- generated output with bearerAuth registration, DD_BEARER_TOKEN env var reading, non-exclusive auth header application
  • src/test/java/com/datadog/api/client/auth/HttpBearerAuthTest.java -- 5 unit tests

Test plan

  • Unit tests pass (5/5 in HttpBearerAuthTest)
  • E2E verification against staging (api.datad0g.com/api/v2/current_user) with Authorization: Bearer header returns 200
  • Confirmed all configured auth headers are sent independently -- no suppression or mutual exclusivity
  • No secrets in committed files

PR Stack

API Client Libraries

OpenAPI Spec Changes

This was referenced Mar 4, 2026
Draft
Draft
Draft
Draft
Draft
@tausman tausman force-pushed the tausman/cred-2149-java-pat-auth branch from f143b4c to 33c1e99 Compare March 4, 2026 21:17
@tausman tausman changed the title Add PAT bearer auth support (CRED-2149) CRED-2149: Add PAT auth support to Java API client Mar 4, 2026
@tausman tausman force-pushed the tausman/cred-2149-java-pat-auth branch 2 times, most recently from 32c7f00 to 20d4b7c Compare March 4, 2026 22:53
@tausman tausman force-pushed the tausman/cred-2149-java-pat-auth branch from 20d4b7c to 0bbf78d Compare March 5, 2026 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tausman