Skip to content

Drop the empty-string fallback on the Pro API key#108

Merged
TaprootFreak merged 5 commits into
developfrom
fix/remove-coingecko-key-fallback
May 10, 2026
Merged

Drop the empty-string fallback on the Pro API key#108
TaprootFreak merged 5 commits into
developfrom
fix/remove-coingecko-key-fallback

Conversation

@TaprootFreak
Copy link
Copy Markdown

@TaprootFreak TaprootFreak commented May 10, 2026

Summary

Follow-up to #106. The pro-tier branch of `COINGECKO_CLIENT` carried `'x-cg-pro-api-key': CONFIG.coingeckoApiKey ?? ''`. The bootstrap check guarantees one of the two env vars is set, so an empty key would only reach this branch through a misconfiguration that escaped the bootstrap. The empty header then turns into an upstream 401 that looks like a CoinGecko outage instead of the local config problem it really is.

  • Explicit throw if `coingeckoApiKey` reaches the branch undefined.
  • Plain string assignment, no `??` default.

Test plan

  • `npm run build` passes.
  • Boot with only `COINGECKO_BASE_URL` set → proxy path used, key branch unreached.
  • Boot with only `COINGECKO_API_KEY` set → header sent as plain string.

@TaprootFreak
Drop the empty-string fallback on the Pro API key
5fd024a 
The pro-tier branch of COINGECKO_CLIENT sent
\`'x-cg-pro-api-key': CONFIG.coingeckoApiKey ?? ''\`. The bootstrap
check at the top of the module already guarantees one of the two env
vars is set, so the only way this branch ran with an empty key was a
misconfiguration that escaped the bootstrap. The empty header would
then turn into an upstream 401 that looks like a CoinGecko outage
instead of the local configuration problem it really is.

Explicit throw + plain string assignment removes the silent fallback
and surfaces the misconfiguration where it actually happens.
@TaprootFreak
Align bootstrap error message with helper throw
152a281
@TaprootFreak
Drop the direct-Pro code path; everything goes via pricing-proxy
20b32f9 
COINGECKO_API_KEY is no longer read by this service. The proxy stack
holds the upstream key. COINGECKO_CLIENT is now a one-liner that
always hits the proxy and the bootstrap refuses to start without
COINGECKO_BASE_URL. No more two-branch logic, no more dead code.
@TaprootFreak
Merge remote-tracking branch 'origin/develop' into fix/remove-coingec…
e98628f 
…ko-key-fallback
@TaprootFreak TaprootFreak marked this pull request as ready for review May 10, 2026 19:51
@TaprootFreak
Make COINGECKO_API_KEY orthogonal: optional header, never a fallback
bbcd73a 
The api can now also be pointed at pro-api.coingecko.com directly by
setting COINGECKO_API_KEY alongside COINGECKO_BASE_URL — the key is
attached as the x-cg-pro-api-key header on every request when set, no
two-branch logic, no fallback. In the DFX setup COINGECKO_API_KEY stays
unset because the proxy injects its own key.

README documents the pattern and links the proxy reference
implementation at github.com/DFXswiss/pricing-proxy.
@TaprootFreak TaprootFreak merged commit 2f9fa3e into develop May 10, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TaprootFreak