dlawler489/etsy-finance-tracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Format x-api-key header as keystring:sharedsecret

Browse source 
Etsy v3 expects both credentials joined by a colon in the x-api-key
header; sending the shared secret alone returns 403 'incorrect shared
secret for API key'.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
dlawler489 2026-06-13 11:25:45 +10:00
parent 4333b1c55d
commit e09f082420
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/src/routes/etsy.ts
View file

@ -44,11 +44,11 @@ const loadConfig = async (userId: string): Promise<EtsyConfig | null> => {
return { apiKey, sharedSecret, redirectUri };
};
// Keystring is the OAuth client id; Etsy wants the shared secret in the
// x-api-key header for API resource calls
// Keystring is the OAuth client id; API resource calls want the x-api-key
// header formatted as "keystring:sharedsecret"
const toCredentials = (config: EtsyConfig) => ({
clientId: config.apiKey,
apiKeyHeader: config.sharedSecret || config.apiKey,
apiKeyHeader: config.sharedSecret ? `${config.apiKey}:${config.sharedSecret}` : config.apiKey,
});
// Where to send the browser after the OAuth callback: same origin as the