Skip to content

🔑 Make API key optional for server-side proxy support #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SpiGAndromeda wants to merge 1 commit into
base: master
Choose a base branch
from
Open

🔑 Make API key optional for server-side proxy support #11

SpiGAndromeda wants to merge 1 commit into from

Conversation

@SpiGAndromeda
Copy link
Contributor

@SpiGAndromeda SpiGAndromeda commented Jul 7, 2025

Summary

This PR makes the API key optional in the Endereco JavaScript SDK, allowing systems to proxy requests through their own servers and add the API key server-side for enhanced security.

Changes Made

  • Modified API request headers to conditionally include the X-Auth-Key only when apiKey is configured
  • Updated the following extensions:
    • AddressExtension.js - Modified getAddressMeta function
    • EmailCheckExtension.js - Modified checkEmail function
    • PhoneCheckExtension.js - Modified checkPhone function
    • NameCheckExtension.js - Modified checkPerson function
  • No breaking changes - maintains full backward compatibility

Testing

  • Manual testing in demo environment
  • Integration testing completed
  • No breaking changes to existing APIs

Related Issues

This change enables server-side proxy patterns for systems that need to keep API keys secret and add them via backend proxy services.

This enhancement complements the server-side proxy implementation in the Shopware 6 plugin (PR #76), where API keys are stored securely in the backend and requests are proxied through the shop's server. With this SDK change, the Shopware plugin and similar implementations can now operate without exposing API keys in the frontend.

Implementation Details

When config.apiKey is not provided or is empty, the SDK will make requests without the X-Auth-Key header. This allows backend systems to:

  1. Intercept the requests via a proxy
  2. Add the API key server-side
  3. Forward the request to Endereco's API

Existing implementations with client-side API keys will continue to work exactly as before.

@SpiGAndromeda
🔑 Make API key optional for server-side proxy support
12e1acd 
Enable SDK to work without client-side API key by conditionally
adding X-Auth-Key header only when apiKey is configured. This allows
systems to proxy requests through their own servers and add the API
key server-side for enhanced security.

Modified header construction in AddressExtension, EmailCheckExtension,
PhoneCheckExtension, and NameCheckExtension to check for apiKey
existence before including it in request headers. Maintains full
backward compatibility for existing implementations.
@iljamobilemojo iljamobilemojo force-pushed the master branch 3 times, most recently from 1bd2fd8 to 9396787 Compare December 1, 2025 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SpiGAndromeda