Two formats
api_key→x-api-key: <value>token→Authorization: Token <value>
Different partners expect different formats. Endpoint config lets each partner specify their preferred style for both directions (inbound to OMNI, outbound callbacks from OMNI).
Why both exist
- Grab and OCPI standard use
Authorization: Token - OMNI’s own endpoints use
x-api-key - Existing integrations predate the change — need backwards compatibility
Beep example (Grab flow)
Grab → OMNI: x-api-key: <GRAB_API_KEY>
OMNI → grab-backend: Authorization: Token <OMNI_TOKEN>
Same integration, two different auth mechanisms in each direction. Partners implementing callback endpoints must handle Authorization: Token even when they call OMNI using x-api-key.