From 29aae0d426562173932b7802ff88e9593da34315 Mon Sep 17 00:00:00 2001
From: szymeo <11583029+szymeo@users.noreply.github.com>
Date: Fri, 29 May 2026 01:20:01 +0200
Subject: [PATCH] chore(check-deployed-package): read back with personal API
 key instead of /auth/api-key

The backend is removing POST /auth/api-key (ingest-key -> full-account JWT escalation). The smoke test now reads back logs/metrics with a read-only personal API key (ldp_), identifying the project via /personal-api-keys/whoami. Needs a LOGDASH_PERSONAL_API_KEY secret.
---
 .github/workflows/check-deployed-package.yml |  1 +
 check-deployed-package/run.sh                | 20 +++++++++-----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/check-deployed-package.yml b/.github/workflows/check-deployed-package.yml
index ece8c14..4d5b031 100644
--- a/.github/workflows/check-deployed-package.yml
+++ b/.github/workflows/check-deployed-package.yml
@@ -28,4 +28,5 @@ jobs:
       - name: Check deployed package
         env:
           LOGDASH_API_KEY: ${{ secrets.LOGDASH_API_KEY }}
+          LOGDASH_PERSONAL_API_KEY: ${{ secrets.LOGDASH_PERSONAL_API_KEY }}
         run: ./check-deployed-package/run.sh
diff --git a/check-deployed-package/run.sh b/check-deployed-package/run.sh
index b18a4f1..d6a0b47 100755
--- a/check-deployed-package/run.sh
+++ b/check-deployed-package/run.sh
@@ -29,18 +29,16 @@ echo "Demo completed!"
 echo
 echo "Authenticating with Logdash API..."
 
-# Authenticate with API using the API key
-AUTH_RESPONSE=$(curl -s -X 'POST' \
-  'https://api.logdash.io/auth/api-key' \
+# Identify the project via the read-only personal API key (whoami).
+# The ingest key (LOGDASH_API_KEY) is write-only and is no longer exchangeable for a token.
+TOKEN="${LOGDASH_PERSONAL_API_KEY}"
+AUTH_RESPONSE=$(curl -s -X 'GET' \
+  'https://api.logdash.io/personal-api-keys/whoami' \
   -H 'accept: application/json' \
-  -H 'Content-Type: application/json' \
-  -d "{
-  \"apiKey\": \"${LOGDASH_API_KEY}\"
-}")
+  -H "Authorization: Bearer ${TOKEN}")
 
-# Extract token and projectId from response
-TOKEN=$(echo "$AUTH_RESPONSE" | grep -o '"token":"[^"]*"' | sed 's/"token":"\(.*\)"/\1/')
-PROJECT_ID=$(echo "$AUTH_RESPONSE" | grep -o '"projectId":"[^"]*"' | sed 's/"projectId":"\(.*\)"/\1/')
+# The key is scoped to a single project; whoami returns it under access.ids.
+PROJECT_ID=$(echo "$AUTH_RESPONSE" | grep -o '"ids":\[[^]]*\]' | grep -o '"[^"]*"' | head -1 | tr -d '"')
 
 if [ -z "$TOKEN" ] || [ -z "$PROJECT_ID" ]; then
     echo "Error: Failed to authenticate with Logdash API"
@@ -55,7 +53,7 @@ echo "Fetching logs from Logdash API..."
 
 # Fetch logs from the API
 LOGS_RESPONSE=$(curl -s -X 'GET' \
-  "https://api.logdash.io/projects/${PROJECT_ID}/logs?limit=10" \
+  "https://api.logdash.io/projects/${PROJECT_ID}/logs/v2?limit=10" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}")