Skip to content

Use X-API-Key header for org-level provider invocation in docs#1197

Draft
jhivandb wants to merge 1 commit into
wso2:mainfrom
jhivandb:worktree-docs-org-llm-x-api-key
Draft

Use X-API-Key header for org-level provider invocation in docs#1197
jhivandb wants to merge 1 commit into
wso2:mainfrom
jhivandb:worktree-docs-org-llm-x-api-key

Conversation

@jhivandb

@jhivandb jhivandb commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Purpose

Correct the documentation for organization-level LLM Service Providers (and the MCP proxy code snippet) so the API key is passed in the X-API-Key header. The "Next" docs previously instructed callers to use an API-Key header for org-level provider invocation, which does not match the gateway, which expects X-API-Key.

Goals

  • Make the docs consistent with the gateway's actual inbound auth header (X-API-Key) for org-level provider invocation.
  • Align all header references across the tutorials docs.

Approach

Updated the Next (current) docs only — versioned docs were left untouched:

  • documentation/docs/tutorials/configure-agent-llm-configuration.mdx — Python snippet, Header Name table row, example cURL, and prose (4 occurrences) API-KeyX-API-Key.
  • documentation/docs/tutorials/configure-agent-mcp-proxies.mdx — Python snippet (1 occurrence) API-KeyX-API-Key.

The registration, secure-endpoints, MCP-proxy cURL, and CORS docs already used X-API-Key, so the tutorial set is now fully consistent.

User stories

N/A — documentation-only correction.

Release note

Docs: org-level LLM/MCP provider invocation examples now use the correct X-API-Key header.

Documentation

This PR is the documentation change.

Training

N/A — no training impact.

Certification

N/A — no certification impact.

Marketing

N/A — internal docs correction.

Automation tests

Unit tests: N/A — docs-only change.
Integration tests: N/A — docs-only change.

Security checks

  • Did you add or modify any encrypted secrets? No
  • Did you add or modify any code that handles authentication/authorization? No — docs only; describes an existing header.
  • Did you add or modify any dependencies? No

Samples

N/A — no samples affected.

Related PRs

N/A

Migrations

N/A — no DB migrations.

Test environment

N/A — docs-only.

Learning

N/A

Summary by CodeRabbit

  • Documentation
    • Updated agent setup examples to use the X-API-Key header consistently when connecting to LLM providers and MCP proxies.
    • Clarified the sample request headers and command-line examples so they match the expected authentication format.

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: abfccf3c-f65e-430b-a237-a91ab64b7096

📥 Commits

Reviewing files that changed from the base of the PR and between 4dabd36 and 5d49963.

📒 Files selected for processing (2)
  • documentation/docs/tutorials/configure-agent-llm-configuration.mdx
  • documentation/docs/tutorials/configure-agent-mcp-proxies.mdx

📝 Walkthrough

Walkthrough

The PR updates agent tutorial examples to use X-API-Key instead of API-Key for LLM provider and MCP proxy requests, including the surrounding instructions in the LLM configuration guide.

Changes

API key header documentation updates

Layer / File(s) Summary
LLM configuration examples
documentation/docs/tutorials/configure-agent-llm-configuration.mdx
The Platform-hosted agent Python example and the External agent LLM provider instructions use X-API-Key for the API key header.
MCP proxy example
documentation/docs/tutorials/configure-agent-mcp-proxies.mdx
The Platform-hosted agent MCP proxy Python snippet uses X-API-Key for the injected API key header.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

Suggested reviewers

  • hanzjk
  • RAVEENSR

Poem

A bunny hopped through docs so bright,
and set the header names just right.
X-API-Key now leads the way,
for agents nibbling requests all day. 🐇

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the docs update to use X-API-Key for org-level provider invocation, matching the main change.
Description check ✅ Passed The PR description covers Purpose, Goals, Approach, and the required ancillary sections, with reasonable N/A entries where applicable.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@jhivandb jhivandb requested review from Oshanath and menakaj June 26, 2026 06:26
@jhivandb jhivandb marked this pull request as draft June 26, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant