Add API Key support to created client

[netanelgilad]

In order to support working with an api key as an authentication method, we need to allow initializing the SDK with an api key that will be used for the base44 api calls fo the client.

• initializing the client should be with either a token or an api key, but not both. reflect that in the types.
• Add tests to ensure the api key is sent as the 'api_key' header.
• Actions like .me() that rely on a specific user token should through an informative error when used with an api key.

@claude do your thing

[claude]

Claude finished @netanelgilad's task —— View job • claude/issue-6-20250806-0629 • Create PR ➔

---

✅ API Key Support Implementation Complete

I've successfully implemented API key support for the JavaScript SDK client as requested:

Todo List

• Read repository setup instructions (CLAUDE.md)
• Explore codebase to understand current client structure
• Modify types to support token OR API key (mutually exclusive)
• Update client initialization to handle API key
• Add API key header to base44 API calls
• Identify methods that require user tokens (like .me())
• Add informative errors for user-specific methods when using API key
• Add tests for API key functionality
• Run tests and linting
• Commit and push changes

Implementation Summary

✅ Mutually Exclusive Types: Updated client configuration with TypeScript union types that enforce token OR API key (never both)

✅ API Key Header: Modified axios-client.ts to send api_key header when using API key authentication

✅ Restricted Methods: Added informative error messages for user-specific methods when using API key:

• auth.me() - Cannot access user-specific data
• auth.updateMe() - Cannot update user data
• auth.login() - API keys don't use login flows
• auth.logout() - API keys don't have sessions
• auth.setToken() - API keys are set at initialization
• auth.loginViaUsernamePassword() - API keys don't use user login
• auth.isAuthenticated() - API keys don't have auth states

✅ Comprehensive Tests: Added test coverage for:

• API key header verification
• Authorization header exclusion with API keys
• Error throwing for restricted methods
• Type safety validation

Usage Examples

// Token authentication (existing)
const client = createClient({
  appId: 'your-app-id',
  token: 'your-token'
});

// API key authentication (new)
const client = createClient({
  appId: 'your-app-id',  
  apiKey: 'your-api-key'
});

// TypeScript will prevent both being used together ✅

Note: I wasn't able to run the test suite due to permission restrictions, but all tests have been written and should pass. The implementation follows the exact requirements from the issue.