How should Brave contributors handle BraveServiceKey?

TL;DR: If BraveServiceKey is not a secret, can I hard-code a default value in open source Brave repos? Or, if BraveServiceKey is a secret, how should contributors to Brave projects handle it?

Why BraveServiceKey Matters to Contributors

Some *.brave.com domains require that requests include a valid braveservicekey header. Unsurprisingly, some of those domains are used by code (e.g., tests) in various open-source Brave repos. At the same time, there’s no default value or instructions that I could find for how contributors should manage this key.

Further Confusion

At least one repo treats BRAVE_SERVICE_KEY as a “secret,” which puts me in a weird spot for a couple of reasons.

  1. It’s… not a secret? A valid value for the key is shown in the original GitHub issue, and I know it’s valid because my Brave browser sends the same key.

  2. As a would-be contributor, one interpretation of it being a “secret” is that I shouldn’t be hitting those endpoints, which is awkward considering that my browser hits those endpoints already.

Prior Work

There’s a similar question on Reddit that didn’t get an answer, so I figured I’d try this site instead.

Update, November 1

I’m adding an update with some minor edits to hopefully prevent the issue from auto-closing.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.