diff --git a/CHANGELOG.md b/CHANGELOG.md index 61085a9..f98b176 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to `cryptohopper/sdk` are documented here. The format follow [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and the project adheres to [Semantic Versioning](https://semver.org/). +## [0.1.0-alpha.2] - Unreleased + +### Fixed +- **Critical: every authenticated request was rejected by the API gateway.** The transport sent `Authorization: Bearer `, which the AWS API Gateway in front of `api.cryptohopper.com/v1/*` rejects (`405 Missing Authentication Token`). Cryptohopper's Public API v1 uses `access-token: ` — confirmed by the official [API documentation](https://www.cryptohopper.com/api-documentation/how-the-api-works) and the legacy iOS/Android SDKs. Switching to send `access-token`. The `Authorization` header is no longer set. + +### Compatibility +No public-API change. `$client->user->get()`, `$client->hoppers->list()`, etc. keep their signatures. + ## [0.1.0-alpha.1] - 2026-04-24 Initial alpha release. Full coverage of the 18 public API domains from day one. diff --git a/src/Transport.php b/src/Transport.php index 121a2c9..4ca5e36 100644 --- a/src/Transport.php +++ b/src/Transport.php @@ -156,9 +156,12 @@ private function buildUrl(string $path, ?array $query): string private function buildHeaders(bool $hasBody): array { $headers = [ - 'Authorization' => "Bearer {$this->apiKey}", - 'Accept' => 'application/json', - 'User-Agent' => $this->buildUserAgent(), + // Cryptohopper Public API v1 uses `access-token: `, not the + // OAuth2-conventional `Authorization: Bearer `. The gateway + // in front of the API rejects Bearer with a SigV4 parse error. + 'access-token' => $this->apiKey, + 'Accept' => 'application/json', + 'User-Agent' => $this->buildUserAgent(), ]; if ($this->appKey !== null && $this->appKey !== '') { $headers['x-api-app-key'] = $this->appKey; diff --git a/src/Version.php b/src/Version.php index 336e224..e3e7f47 100644 --- a/src/Version.php +++ b/src/Version.php @@ -6,7 +6,7 @@ final class Version { - public const VERSION = '0.1.0-alpha.1'; + public const VERSION = '0.1.0-alpha.2'; private function __construct() { diff --git a/tests/ClientTest.php b/tests/ClientTest.php index 91dc280..016d639 100644 --- a/tests/ClientTest.php +++ b/tests/ClientTest.php @@ -17,14 +17,15 @@ public function testRejectsEmptyApiKey(): void new Client(apiKey: ''); } - public function testSendsBearerTokenAndUserAgent(): void + public function testSendsAccessTokenAndUserAgent(): void { $backend = new MockBackend([new Response(200, [], '{"data":{"id":1}}')]); $backend->client->user->get(); $req = $backend->last(); - self::assertSame('Bearer test-token', $req->getHeaderLine('Authorization')); + self::assertSame('test-token', $req->getHeaderLine('access-token')); + self::assertSame('', $req->getHeaderLine('Authorization'), 'Authorization header must NOT be set on v1 API calls'); self::assertStringStartsWith('cryptohopper-sdk-php/' . Version::VERSION, $req->getHeaderLine('User-Agent')); self::assertSame('application/json', $req->getHeaderLine('Accept')); self::assertSame('', $req->getHeaderLine('x-api-app-key'));