Skip to content

Distinguish rate limit and network errors from invalid USDA keys#960

Open
munzzyy wants to merge 1 commit into
davidhealey:masterfrom
munzzyy:fix-usda-key-validation-947
Open

Distinguish rate limit and network errors from invalid USDA keys#960
munzzyy wants to merge 1 commit into
davidhealey:masterfrom
munzzyy:fix-usda-key-validation-947

Conversation

@munzzyy

@munzzyy munzzyy commented Jul 5, 2026

Copy link
Copy Markdown

Fixes #947.

testApiKey() only ever resolved true or false, so any non-2xx response got collapsed into the same "invalid" result. In practice that meant a rate-limited key and an actually-bad key showed the identical "API Key Invalid" toast. I hit the live USDA API to check what a rate limit actually looks like: a valid DEMO_KEY past its limit comes back as HTTP 429 with error.code: "OVER_RATE_LIMIT", completely different from the 403 / API_KEY_INVALID a bad key gets. The old code had no way to tell those apart.

There was a second problem in the same branch: anything that wasn't a rate limit fell straight through to "invalid-key". That includes a USDA outage (5xx), a malformed/non-JSON response, or any other api.data.gov error code. So someone with a perfectly good key would get told their key is wrong during an outage, which is really the same bug as the rate-limit case, just a different trigger.

The fix picks the reason from both the response status and the error code: 403 or API_KEY_INVALID means the key itself is bad, 429 or OVER_RATE_LIMIT means rate-limited, and anything else (including unknown or server errors) falls back to a "couldn't verify, check your connection" message instead of "API Key Invalid". testApiKey now resolves { valid, reason } instead of a bare boolean, and saveUSDAKey shows the message that matches the actual reason.

Verified locally with a standalone Node script hitting the real USDA endpoint (not through Cordova, just plain fetch against the same URL testApiKey builds): a garbage key comes back invalid-key, hammering DEMO_KEY until it 429s comes back rate-limit, and pointing the request at a host that doesn't resolve comes back network. All three matched what the mapping is supposed to produce.

I ran this against Cordova's browser platform (cordova platform add browser, cordova run browser) rather than a real Android device, so I can't confirm behavior on-device, just that the logic and messages are correct.

testApiKey() only ever returned true/false, so a rate-limited or
network-failed request got treated the same as an actually bad key
and the user saw "API Key Invalid" either way. Confirmed against the
live USDA API that a valid key past its rate limit comes back as
HTTP 429 / OVER_RATE_LIMIT, not the 403 / API_KEY_INVALID a bad key
gets, and the old code couldn't tell the two apart.

The non-ok branch also fell through to invalid-key for anything that
wasn't a rate limit, which meant a 5xx USDA outage or a non-JSON
response got the same "API Key Invalid" message as a genuinely bad
key. The reason is now picked from the response status alongside the
error code (403/API_KEY_INVALID for a bad key, 429/OVER_RATE_LIMIT
for the rate limit, anything else falls back to network), so an
outage or unexpected response reads as "couldn't verify" instead of
telling the user their key is wrong.

testApiKey now resolves an object with a reason (invalid-key,
rate-limit, network) instead of a bare boolean, and saveUSDAKey
shows a message that matches the actual failure. Fixes davidhealey#947.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

USDA API key invalid

1 participant