← Cookbook

⏸ Coming **M6+** (depends on recipes 19 + 22)

Recipe 25 — Migration: API key → OAuth

Status: ⏸ Coming M6+ (depends on recipes 19 + 22)

When both cag_live_* API keys (recipe 22) and OAuth 2.1 (recipe 19) ship in M6+, this recipe will walk through the canonical zero-downtime migration:

  1. Existing API-key consumer keeps running.
  2. Operator registers an OAuth client for the partner.
  3. Consumer adds OAuth credentials alongside the API key.
  4. Toggle SDK auth source via apiKey=oauthClient= (planned constructor option).
  5. Verify a few live calls against the OAuth path.
  6. Revoke the legacy cag_live_* key via client.api_keys.revoke(...) (recipe 22).

Until M6+, both flows are TBD; Day-0 deployments use direct Bearer tokens.

Source: cookbook/recipes/25-api-key-to-oauth/README.md