MichaelGHSeg
commented
6 months ago While the Tracking API will continue to support write keys being sent in the auth header, our recommendation for write keys is to send them as part of the body of the request, and our SDKs have been updated to reflect that. You can see examples of this in the documentation linked, e.g. under identify.
I sympathize that this causes a problem for your workflow. Older versions of the library will continue to work with the Tracking API, and branching the repo for modification is fine by us. We can only support issues that persist when switching back to our releases, of course.
OAuth support is a separate feature requested by customers to meet regulatory and security requirements. While it coincidentally is using the now-vacant auth header field, the write key location change had already been decided upon. OAuth isn't suggested or required for the vast majority of use-cases.
After adding support for OAuth (v2.3), now it is not possible to authorize requests using basic authentication. At the time of writing this issue, basic auth support from Segment's API is still present. This client should be able to use supported auth mechanisms.
For development purposes we have an API that receives the events and having basic auth support it's extremely useful as it's a simple auth mechanism and let's us avoid the need of reading payloads and implementing OAuth for such services