v1.17.0

Version 1.17.0 of Medusa ships new and improved authentication methods.

Overview

Breaking changes

This release comes with changes to our authentication methods, which has led to a breaking change in the client-side usage of our API token method.

The header used for API token authentication has changed from a Bearer authorization scheme to a custom header specific to Medusa, x-medusa-access-token.

Specifically, an authenticated request with API tokens have changed from:

# PREVIOUSLY
curl -L GET '<BACKEND_URL>/admin/products' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {api_token}'

To:

# NOW
curl -L GET '<BACKEND_URL>/admin/products' \
-H 'Content-Type: application/json' \
-H 'x-medusa-access-token: {api_token}'

Additionally, the underlying strategies of session authentication have been updated in both the Store and Admin API, causing existing alive sessions to no longer be valid.

Note

Existing sessions will not be converted to fit the updated strategies. Make sure to plan your upgrade accordingly.

---

How to Update

Run the following command in your project:

• npm
• Yarn
• pnpm

npm install @medusajs/medusa@1.17.0

yarn add @medusajs/medusa@1.17.0

pnpm add @medusajs/medusa@1.17.0

To avoid unexpected issues with dependencies, it is also recommended to update all other Medusa plugins or packages you have installed.