CRED-2151: Add PAT auth support to Ruby API client#3058
Draft
CRED-2151: Add PAT auth support to Ruby API client#3058
Conversation
tausman
force-pushed
the
tausman/cred-2151-ruby-pat-auth
branch
from
dce1801 to
9cf7cda
Compare
This was referenced Mar 4, 2026
Draft
tausman
force-pushed
the
tausman/cred-2151-ruby-pat-auth
branch
from
9cf7cda to
1f5bbc8
Compare
tausman
changed the title
tausman
force-pushed
the
tausman/cred-2151-ruby-pat-auth
branch
2 times, most recently
from
9164bb9 to
9dfda24
Compare
tausman
force-pushed
the
tausman/cred-2151-ruby-pat-auth
branch
from
9dfda24 to
027cc15
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Adds Personal Access Token (PAT) auth support to the Ruby API client. PATs authenticate via the
Authorization: Bearer <PAT>header. The OpenAPI spec now definesbearerAuthas a proper security scheme withx-env-name: DD_BEARER_TOKEN, so this change enables the generator to handle it automatically.Behavior
When
DD_BEARER_TOKENis set (orconfig.access_tokenis set programmatically), theAuthorization: Bearer <token>header is sent alongside any configured API key and app key headers. Auth methods are not mutually exclusive — all configured headers are sent, and the server uses whichever is valid.DD_BEARER_TOKENset → sendsAuthorization: Bearer <token>DD_API_KEYset → sendsDD-API-KEYheaderDD_APP_KEYset → sendsDD-APPLICATION-KEYheaderSummary
Generator templates (
.generator/src/generator/templates/):configuration.j2: Uncommented thebearerAuthblock so bearer auth is auto-generated from the OpenAPI spec. Added env var loading forhttp/bearertype security schemes (picks upDD_BEARER_TOKENfromx-env-name).api_client.j2: Added nil/empty value guard to skip auth settings with no configured value. AddedAuthorizationto redacted headers in debug output.Generated files (matching template output):
lib/datadog_api_client/configuration.rb:bearerAuthentry inauth_settingsusing the existingaccess_tokenattribute. LoadsDD_BEARER_TOKENenv var into@access_token.lib/datadog_api_client/api_client.rb: Skips auth entries with nil/empty values. RedactsAuthorizationheader in debug logs.Tests:
spec/api_client_spec.rb: Tests that all configured auth headers are sent simultaneously. Tests bearer-only and API+app-key-only scenarios. TestsAuthorizationheader redaction.spec/configuration_spec.rb: Testsaccess_tokendefaults, direct setting,DD_BEARER_TOKENenv var loading, andbearerAuthauth_settings entries.Test plan
api.datad0g.com): Bearer auth returns HTTP 200DD_BEARER_TOKENmatching OpenAPI specx-env-namePR Stack
API Client Libraries
OpenAPI Spec Changes