[Other] Are API Keys sent in X-Api-Key headers?

[robflate]

I'm setting up Sonarr, Radarr and Lidarr which sit behind a Traefik reverse proxy that also has OAuth. I'm using the following Traefik label to bypass auth for the API requests;

- "traefik.http.routers.sonarr-rtr-bypass.rule=Headers(`X-Api-Key`, `$SONARR_API_KEY`)"

This checks for a key in the X-Api-Key header and bypasses OAuth if one is found, if not, it redirects to OAuth. This works in NZB360 but in LunaSea, the request is routed to my OAuth provider suggesting LunaSea doesn't send keys in a X-Api-Key header. Is that correct? If so, in the absence of OAuth support, can an X-Api-Key header be added? If not, does anyone know a workaround that doesn't require bypassing auth for anything with /api in the request? I'm keen to use the API key as auth rather than using basic auth or similar due to it spoiling the advantage of having SSO for all my services when using OAuth. Thanks.

[JagandeepBrar]

API keys are appended to the URL, I was actually not aware of the header option for authentication but will definitely add that in as an advanced configuration option in the next release!

[JagandeepBrar]

A new feature has been added to 2.3.0, and is live in the TestFlight currently that gives users the option to define custom headers. This should remedy this problem, as you can set the X-API-Key header yourself with your API key and leave the API Key field empty.

[robflate]

Thanks. This works for me in combination with the traefik label from my 1st post. Regarding the UI note about images, if I leave the API key field blank and add the X-Api-Key header I get no images but if I enter my API key in the field and also add the X-Api-Key header, I get images. Not sure why. Anyway, thanks again.

[JagandeepBrar]

@robflate I gave some more context on the image loading issue in #216, but it has to do with the network image caching package being used.

Am currently investigating and hopefully can have something before this TestFlight is finished!