fix(flags): Pass project API key in remote_config requests
#303
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR updates the remote configuration functionality in the PostHog Python SDK to align with backend API changes. The core modification switches the remote_config function from making GET requests to POST requests, and introduces a required project_api_key parameter for deterministic project selection and validation.
The changes span four files:
-
posthog/request.py: Theremote_configfunction is completely rewritten to use POST requests instead of GET. It now accepts aproject_api_keyparameter and includes both the personal API key (in Authorization header) and project API key (in request body) for proper authentication and project validation. -
posthog/client.py: Theget_remote_config_payloadmethod is updated to passself.api_keyas theproject_api_keyparameter when calling theremote_configfunction. This ensures that remote config requests include the necessary project identification. -
posthog/test/test_client.py: Test cases are updated to expect the newproject_api_keyparameter in remote_config function calls. The test mocking is adjusted to reflect the new API signature. -
remote_config_example.py: A new example script is added to demonstrate usage of the updated remote config functionality, showing how both project and personal API keys work together.
This change improves security by ensuring that personal API keys are properly validated against the expected project context, and provides more reliable routing for multi-project scenarios. The modification is part of a broader effort to standardize project identification across PostHog's API endpoints.
Confidence score: 2/5
- This PR has significant implementation issues that could cause production problems
- Score lowered due to anti-patterns in the request.py implementation and potential reliability concerns
- The remote_config function bypasses the configured session and retry logic, imports modules inline, and may break existing functionality
4 files reviewed, 2 comments
haacked
changed the title
remote_config requestsremote_config and local_evaluation requests
haacked
changed the title
remote_config and local_evaluation requestsremote_config requests
haacked
force-pushed
the
haacked/remote-config-fix
branch
from
eea00bb to
735bde8
Compare
haacked
force-pushed
the
haacked/remote-config-fix
branch
2 times, most recently
from
2625ff5 to
29ecfbe
Compare
haacked
force-pushed
the
haacked/remote-config-fix
branch
from
29ecfbe to
19b1bcd
Compare
haacked
changed the title
remote_config requestsremote_config requests
haacked
force-pushed
the
haacked/remote-config-fix
branch
from
19b1bcd to
b61cb20
Compare
Updates `remote_config` to pass the project api key in the token query string parameter. This is the same approach used by local_evaluation to ensure routing to the correct project.
Prepare for release with remote_config project API key fix
haacked
force-pushed
the
haacked/remote-config-fix
branch
from
248f195 to
5815f35
Compare
…ect routing This change ensures that remote config requests include the project API key as a query parameter, enabling deterministic project routing when using personal API keys that have access to multiple projects. Port of PostHog Python implementation: PostHog/posthog-python#303 Changes: - Update remote config URL to include token parameter with project API key - Add comprehensive test coverage for the new URL format - Update changelog to document the fix
Updates
remote_configto pass the project api key in thetokenquery string parameter. This is the same approach taken withlocal_evaluation. This ensures deterministic project routing.