Not all API routes cannot be called with Api-Key auth prefix #5146
Description
How are you running Flagsmith
- Self Hosted with Docker
- Self Hosted with Kubernetes
- SaaS at flagsmith.com
- Some other way (add details in description below)
Describe the bug
According to our API docs, workflows endpoints such as Get change request by ID can be called with an Admin API key. However, calling them with Authorization: Api-Key ... returns a 401:
{"detail":"Valid Master API Key not found."}
Steps To Reproduce
curl 'https://api.flagsmith.com/api/v1/features/workflows/change-requests/8048/' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0' -H 'Accept: application/json' -H 'Accept-Language: en-US,en;q=0.7,es-AR;q=0.3' -H 'Accept-Encoding: gzip, deflate, br, zstd' -H 'Referer: https://app.flagsmith.com/' -H 'AUTHORIZATION: Api-Key ...' -H 'Origin: https://app.flagsmith.com' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-site' -H 'Priority: u=0' -H 'TE: trailers'
Expected behavior
Accept both Api-Key and Token prefixes for all Admin API endpoints.
Screenshots
No response