fix: Do not send authorization header with client session token

seamapi · Jul 28, 2023 · ee0fa03 · ee0fa03
1 parent 62dbfb9
commit ee0fa03
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/docs/classes/Seam.md b/docs/classes/Seam.md
diff --git a/src/seam-connect/client.ts b/src/seam-connect/client.ts
@@ -93,7 +93,6 @@ export class Seam extends Routes {
       ] = `Javascript SDK v${version}, Node.js mode, (https://github.com/seamapi/javascript)`
     }
     this.client = axios.create({
-      withCredentials: clientSessionToken ? true : false,
       ...axiosOptions,
       baseURL: endpoint,
       headers,
@@ -217,15 +216,15 @@ const getAuthHeaders = ({
     if (!clientSessionToken.startsWith("seam_cst")) {
       throw new Error("clientSessionToken must start with seam_cst")
     }
-    return {
-      authorization: `Bearer ${clientSessionToken}`,
-      "client-session-token": clientSessionToken,
-    }
+    return { "client-session-token": clientSessionToken }
   }
 
   if (apiKey) {
     if (apiKey.startsWith("seam_cst")) {
-      throw new Error("You can't use a Client Session Token as an apiKey.")
+      console.warn(
+        "Using API Key as Client Session Token is deprecated. Please use the clientSessionToken option instead."
+      )
+      return { "client-session-token": apiKey }
     }
     if (!isValueUsedForBearerAuthentication(apiKey) && workspaceId)
       throw new Error(