Skip to content

feat(sdk): support custom API key prefix for client-side validation#1360

Open
mishushakov wants to merge 2 commits into
mainfrom
mishushakov/custom-api-key-prefix
Open

feat(sdk): support custom API key prefix for client-side validation#1360
mishushakov wants to merge 2 commits into
mainfrom
mishushakov/custom-api-key-prefix

Conversation

@mishushakov

@mishushakov mishushakov commented May 28, 2026

Copy link
Copy Markdown
Member

Summary

  • Both SDKs now accept a custom API key prefix via E2B_API_KEY_PREFIX env var or the apiKeyPrefix (JS) / api_key_prefix (Python) connection option, defaulting to e2b_.
  • validateApiKey / validate_api_key use the configured prefix (regex-escaped) so deployments issuing keys with a non-default prefix pass client-side validation; the prefix is threaded through ApiClient from ConnectionConfig.
  • Added unit tests covering prefix override, regex-metacharacter escaping, and env/arg precedence on ConnectionConfig; extracted the JS escapeRegExp helper into utils.ts.

Test plan

  • pnpm run format, pnpm run lint, pnpm run typecheck
  • pnpm exec vitest run tests/api/validateApiKey.test.ts tests/api/handleApiError.test.ts tests/connectionConfig.test.ts tests/sandbox/abortSignal.test.ts tests/template/abortSignal.test.ts tests/sandbox/configPropagation.test.ts
  • poetry run pytest tests/test_validate_api_key.py tests/test_connection_config.py tests/test_api_client_transport.py tests/sync/sandbox_sync/test_config_propagation.py tests/async/sandbox_async/test_config_propagation.py

🤖 Generated with Claude Code

@mishushakov @claude
feat(sdk): support custom API key prefix for client-side validation
d08f1f7 
Add `E2B_API_KEY_PREFIX` env var and `apiKeyPrefix` / `api_key_prefix`
connection option so deployments issuing keys with a non-default prefix
can pass client-side validation. Defaults to `e2b_`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@cla-bot cla-bot Bot added the cla-signed label May 28, 2026
@changeset-bot

changeset-bot Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 764bfd2

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
e2b Patch
@e2b/python-sdk Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@cursor

cursor Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown

PR Summary

Low Risk
Backward-compatible default prefix; changes only local format validation before requests, not server auth behavior.

Overview
Both JS and Python SDKs now take a configurable API key prefix for client-side format checks instead of hard-coding e2b_. The default stays e2b_; overrides use E2B_API_KEY_PREFIX or apiKeyPrefix / api_key_prefix on connection options, with constructor args beating the env var.

validateApiKey / validate_api_key build the check from that prefix (regex-escaped in JS via new escapeRegExp, re.escape in Python) and use it in error text. ApiClient validation reads the prefix from ConnectionConfig, and Python get_api_params propagates api_key_prefix. Unit tests cover custom prefixes, metacharacters in the prefix, and precedence. A patch changeset documents the release.

Reviewed by Cursor Bugbot for commit 764bfd2. Bugbot is set up for automated code reviews on this repo. Configure here.

@github-actions

github-actions Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Package Artifacts

Built from a00fcd3. Download artifacts from this workflow run.

JS SDK (e2b@2.28.1-mishushakov-custom-api-key-prefix.0):

npm install ./e2b-2.28.1-mishushakov-custom-api-key-prefix.0.tgz

CLI (@e2b/cli@2.10.5-mishushakov-custom-api-key-prefix.0):

npm install ./e2b-cli-2.10.5-mishushakov-custom-api-key-prefix.0.tgz

Python SDK (e2b==2.26.0+mishushakov-custom-api-key-prefix):

pip install ./e2b-2.26.0+mishushakov.custom.api.key.prefix-py3-none-any.whl

github-advanced-security[bot]
github-advanced-security AI found potential problems May 28, 2026
View reviewed changes
Comment thread packages/js-sdk/src/connectionConfig.ts Dismissed
@mishushakov mishushakov mentioned this pull request May 28, 2026
Open
@mishushakov mishushakov mentioned this pull request Jun 8, 2026
Open
@mishushakov
Merge remote-tracking branch 'origin/main' into mishushakov/custom-ap…
764bfd2 
…i-key-prefix

# Conflicts:
#	packages/python-sdk/tests/test_connection_config.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jakubno jakubno Awaiting requested review from jakubno jakubno is a code owner

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas is a code owner

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mishushakov @github-advanced-security