Support custom request headers

[ghost]

Summary

Can amplitude SDK support custom request headers? Like

amplitude.getInstance().init(APIKEY, null, {
  headers: {     // <- new attribute in option
     'x-session-id': appToken
  }
});

// or

 amplitude.getInstance().init(APIKEY, null, {
  headers: function() {     // <- new attribute in option
    return {
       'x-session-id': appToken
    };
  }
});

Motivations

Our frontend events require to flow into our backend and then to amplitude (frontend -> backend -> amplitude). We are doing so because we want to massage (by adding user information based on the x-session-id) the frontend events a little and then use a centralized forwarder to send events to amplitude.

We still want to keep using the amplitude frontend SDK to collect the metadata information (like device ID) and queue feature. But need a way to pass our backend the auth token.

Is this possible or is there any workaround? Thanks.

[kelvin-lu]

Hey! A a glance, this seems like a reasonable and useful request - we'll do some exploration to see if there are any caveats.

in the meantime, it seems like you're already doing some massaging -have you tried passing the info that would eventually go into headers through the event properties and reform your events as needed in your backend?

[ghost]

Yes, as a workaround for now, we are parsing x-session-id as an event attribute, and in backend we remove this attribute before sending to amplitude.

[sethbro]

Please please add this. I filed this as a support ticket a while back, & have mentioned it directly to our Amplitude reps a couple times.

Our use case is exactly the same as @jshao-scw—we use a custom endpoint & need to send authorization tokens.

We worked around the limitation the same way—by passing our auth tokens in the event properties.

But we just discovered a further issue—Identify calls. When we use amp.setUserGroup() or amp.setUserProperties(), the request body is different and event_properties is empty. There are no great solutions for this. Those I can think of are:

1. Have our private endpoint search for auth tokens in either event_properties or user_properties (and then strip them before sending to Amplitude). Augment user properties with our auth tokens any time we set user properties.
2. Roll our own setUserProperties util function. Under the hood, this would actually use ampClient.logEvent, but would set user_properties manually. This would be brittle if the user_properties schema changed, & would probably fail to update cookies accordingly.
3. Monkeypatch setUserProperties to add our auth tokens to event_properties.

Allowing custom headers is the much cleaner, canonical way to handle this, & should be supported if Amplitude supports custom endpoints.

[sethbro]

I should mention that we currently generate a unique auth hash for every network request. We might be able to relax this, but it's not certain.

Therefore, rather than (or in addition to) a headers option, I would love to see a getCustomHeaders option that takes a function which would be called for every network request.

[sethbro]

Thank you so much for adding this functionality! The SDK docs don't yet cover this new option. https://amplitude.github.io/Amplitude-JavaScript/Options/