Skip to content

fix: API key not sent on /search requests #155

New issue
New issue
Closed
Closed
fix: API key not sent on /search requests#155
Labels
P2-highMajor functionality broken, no workaroundbugSomething isn't working
@deucebucket

Description

@deucebucket
deucebucket
opened on Feb 16, 2026

Bug

Library Manager sends the X-API-Key header on POST /match requests but not on GET /search requests. Since the Skaldleita API now requires authentication on all endpoints (PR #108), /search calls are getting 403 Forbidden.

Evidence

From the Skaldleita API logs, same IP (136.34.33.51):

# These work (API key sent):
POST /match HTTP/1.1  200 OK
POST /match HTTP/1.1  200 OK

# These fail (no API key):
GET /search?q=Book+4_+Conqueror... HTTP/1.1  403 Forbidden
GET /search?q=The+Customer_Is_Always_Wrong HTTP/1.1  403 Forbidden

Expected behavior

All API requests should include the X-API-Key header if the user has one configured, not just /match.

Fix

Ensure the API key is included in the headers for every request to the Skaldleita API, not just specific endpoints.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2-highMajor functionality broken, no workaroundbugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions