Background
When using rpcclient in HTTPPostMode with third-party RPC providers that authenticate via API key in the URL path (e.g. Alchemy, GetBlock), the forced BasicAuth header causes 401 errors.
The problem
handleSendPostMessage (infrastructure.go, L799) unconditionally calls SetBasicAuth(user, pass):
user, pass, err := c.config.getAuth()
if err != nil { ... }
httpReq.SetBasicAuth(user, pass)And getAuth() has no "no auth" path — if Pass is empty, it falls through to retrieveCookie() which fails if CookiePath is also empty.
This means there is no way to configure rpcclient to skip authentication entirely, which is required for providers that:
- Use API key in URL path (
https://provider.com/v2/<api-key>)
- Reject any
Authorization header with 401
Proposed fix
Add a DisableAuth field to ConnConfig. When set, skip the getAuth() + SetBasicAuth() call in handleSendPostMessage.
Related
Background
When using
rpcclientinHTTPPostModewith third-party RPC providers that authenticate via API key in the URL path (e.g. Alchemy, GetBlock), the forcedBasicAuthheader causes 401 errors.The problem
handleSendPostMessage(infrastructure.go, L799) unconditionally callsSetBasicAuth(user, pass):And
getAuth()has no "no auth" path — ifPassis empty, it falls through toretrieveCookie()which fails ifCookiePathis also empty.This means there is no way to configure rpcclient to skip authentication entirely, which is required for providers that:
https://provider.com/v2/<api-key>)Authorizationheader with 401Proposed fix
Add a
DisableAuthfield toConnConfig. When set, skip thegetAuth()+SetBasicAuth()call inhandleSendPostMessage.Related
rpcclient: clarifyConnConfigHostfield description #2490 clarifies Host field documentation