Skip to content

Attach authorization headers, api_key, app_name to SDK relay calls#14032

Open
raymondjacobson wants to merge 4 commits intomainfrom
fix/relay-rate-limit-identification
Open

Attach authorization headers, api_key, app_name to SDK relay calls#14032
raymondjacobson wants to merge 4 commits intomainfrom
fix/relay-rate-limit-identification

Conversation

@raymondjacobson
Copy link
Copy Markdown
Member

@raymondjacobson raymondjacobson commented Mar 31, 2026
edited
Loading

Summary

  • Relay calls from EntityManagerClient.manageEntity didn't include any API identification, causing them to fall back to IP-based rate limiting at 5 RPS default
  • Batch track uploads (e.g. 22 tracks via Promise.all) exceed this limit, causing "API Rate Limit Exceeded" errors
  • Adds Authorization header to relay calls: prefers Bearer token (OAuth/PKCE), falls back to Basic auth (apiKey:apiSecret)
  • Also appends api_key and app_name as query params for fallback identification

Companion server-side PR: AudiusProject/api#745

Test plan

  • Verify relay calls include Authorization header when bearerToken or apiSecret is configured
  • Verify relay calls include api_key/app_name query params in network tab
  • Verify batch track upload (20+ tracks) no longer hits rate limit errors
  • Verify SDK without apiKey/appName/bearerToken still works (all fields are optional)

🤖 Generated with Claude Code

@raymondjacobson @claude
Attach api_key and app_name to SDK relay calls
252a1b2 
Relay calls from EntityManagerClient didn't include any API
identification, causing them to fall back to IP-based rate limiting
at 5 RPS. Batch uploads (e.g. 22 tracks) easily exceed this limit.
Thread apiKey/appName through to EntityManagerClient and append them
as query params on /relay requests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Mar 31, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 33a97ab

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages
Name Type
@audius/sdk Patch
@audius/sdk-legacy Patch
@audius/protocol-dashboard Patch
@audius/sp-actions Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026
edited
Loading

🌐 Web preview ready

Preview URL: https://audius-web-preview-pr-14032.audius.workers.dev

Unique preview for this PR (deployed from this branch).
Workflow run

@raymondjacobson @claude
Add Authorization header (Bearer/Basic) to SDK relay calls
a1cb92a 
Relay calls now send an Authorization header so the server's rate
limit middleware can identify the app via getApiSigner. Prefers
Bearer token (OAuth/PKCE), falls back to Basic auth (apiKey:apiSecret),
with api_key/app_name query params as a final fallback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@pull-request-size pull-request-size bot added size/M and removed size/S labels Mar 31, 2026
@raymondjacobson @claude
Fix prettier formatting
0caa4c4 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raymondjacobson raymondjacobson changed the title Attach api_key and app_name to SDK relay calls Attach authorization headers, api_key, app_name to SDK relay calls Mar 31, 2026
@raymondjacobson @claude
Add changeset for SDK patch
33a97ab 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rickyrombo rickyrombo Awaiting requested review from rickyrombo

Assignees

No one assigned

Labels

size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raymondjacobson