---
editLink: false
lastUpdated: false
---

[@salesforce/b2c-tooling-sdk](../../modules.md) / [auth](../index.md) / ApiKeyStrategy

# Class: ApiKeyStrategy

Defined in: [packages/b2c-tooling-sdk/src/auth/api-key.ts:27](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/api-key.ts#L27)

API Key authentication strategy.

Supports two modes:
- Bearer token: When headerName is 'Authorization', formats as 'Bearer {key}'
- Direct key: For other headers (e.g., 'x-api-key'), sets the key directly

## Examples

```ts
// For MRT API (Bearer token)
const auth = new ApiKeyStrategy(apiKey, 'Authorization');
// Sets: Authorization: Bearer {apiKey}
```

```ts
// For custom API key header
const auth = new ApiKeyStrategy(apiKey, 'x-api-key');
// Sets: x-api-key: {apiKey}
```

## Implements

- [`AuthStrategy`](../interfaces/AuthStrategy.md)

## Constructors

### Constructor

> **new ApiKeyStrategy**(`key`, `headerName`): `ApiKeyStrategy`

Defined in: [packages/b2c-tooling-sdk/src/auth/api-key.ts:37](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/api-key.ts#L37)

Creates a new ApiKeyStrategy instance for API key authentication.

#### Parameters

##### key

`string`

The API key value to use for authentication

##### headerName

`string` = `'x-api-key'`

The HTTP header name to populate with the API key. Defaults to 'x-api-key'. When set to 'Authorization', the key will be formatted as a Bearer token ('Bearer {key}'); for other header names, the key is set directly.

#### Returns

`ApiKeyStrategy`

## Methods

### fetch()

> **fetch**(`url`, `init`): `Promise`\<`Response`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/api-key.ts:50](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/api-key.ts#L50)

Performs a fetch request with authentication.
Implementations MUST handle header injection and 401 retries (token refresh) internally.

#### Parameters

##### url

`string`

##### init

[`FetchInit`](../type-aliases/FetchInit.md) = `{}`

#### Returns

`Promise`\<`Response`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`fetch`](../interfaces/AuthStrategy.md#fetch)

***

### getAuthorizationHeader()

> **getAuthorizationHeader**(): `Promise`\<`string`\>

Defined in: [packages/b2c-tooling-sdk/src/auth/api-key.ts:60](https://github.com/SalesforceCommerceCloud/b2c-developer-tooling/blob/67fb8580ac3c5b372617ee3ec3fc8f2bc9f16174/packages/b2c-tooling-sdk/src/auth/api-key.ts#L60)

Returns the authorization header value for use with openapi-fetch middleware.

#### Returns

`Promise`\<`string`\>

#### Implementation of

[`AuthStrategy`](../interfaces/AuthStrategy.md).[`getAuthorizationHeader`](../interfaces/AuthStrategy.md#getauthorizationheader)
