passportxyz · tim-schultz · Jun 19, 2024 · Jun 19, 2024
diff --git a/api/account/api.py b/api/account/api.py
@@ -32,6 +32,10 @@
 
 from .deduplication import Rules
 
+from trusta_labs.api import CgrantsApiKey
+
+secret_key = CgrantsApiKey()
+
 log = logging.getLogger(__name__)
 
 api = NinjaExtraAPI(urls_namespace="account")
@@ -646,7 +650,7 @@ def get_account_customization(request, dashboard_path: str):
         raise APIException("Customization not found", status.HTTP_404_NOT_FOUND)
 
 
-@api.get("/allow-list/{str:list}/{str:address}", auth=None)
+@api.get("/allow-list/{str:list}/{str:address}", auth=secret_key)
 def check_on_allow_list(request, list: str, address: str):
     """
     Check if an address is on the allow list for a specific round

diff --git a/api/account/test/test_allow_list.py b/api/account/test/test_allow_list.py
@@ -1,3 +1,4 @@
+from django.conf import settings
 import pytest
 from django.test import Client
 from account.models import AddressListMember, AddressList
@@ -19,13 +20,19 @@ def test_successful_get_allow_list(self):
         )
 
         client = Client()
-        response = client.get(f"/account/allow-list/{list_name}/{user_address}")
+        response = client.get(
+            f"/account/allow-list/{list_name}/{user_address}",
+            HTTP_AUTHORIZATION=settings.CGRANTS_API_TOKEN,
+        )
         assert response.status_code == 200
         assert response.json()["is_member"]
 
     def test_unsuccessful_get_allow_list(self):
         list_name = "test"
         client = Client()
-        response = client.get(f"/account/allow-list/{list_name}/0x123")
+        response = client.get(
+            f"/account/allow-list/{list_name}/0x123",
+            HTTP_AUTHORIZATION=settings.CGRANTS_API_TOKEN,
+        )
         assert response.status_code == 200
         assert not response.json()["is_member"]