From 9db20097775d2a8717a2e4bc7e86889f2264aaab Mon Sep 17 00:00:00 2001
From: Alexander Bocken <alexander@bocken.org>
Date: Wed, 28 Jan 2026 15:09:34 +0100
Subject: [PATCH] fix: update DeepL API to header-based authentication

DeepL deprecated form-body authentication (auth_key in request body).
Now using Authorization header as required by the API.
---
 src/utils/translation.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/utils/translation.ts b/src/utils/translation.ts
index bbfa8c8..2b38bf2 100644
--- a/src/utils/translation.ts
+++ b/src/utils/translation.ts
@@ -149,7 +149,6 @@ class DeepLTranslationService {
 			const preprocessedText = replaceGermanCookingTerms(text);
 
 			const params = new URLSearchParams({
-				auth_key: this.apiKey,
 				text: preprocessedText,
 				target_lang: targetLang,
 				...(preserveFormatting && { tag_handling: 'xml' })
@@ -159,6 +158,7 @@ class DeepLTranslationService {
 				method: 'POST',
 				headers: {
 					'Content-Type': 'application/x-www-form-urlencoded',
+					'Authorization': `DeepL-Auth-Key ${this.apiKey}`,
 				},
 				body: params.toString()
 			});
@@ -218,7 +218,6 @@ class DeepLTranslationService {
 
 		try {
 			const params = new URLSearchParams({
-				auth_key: this.apiKey,
 				target_lang: targetLang,
 			});
 
@@ -231,6 +230,7 @@ class DeepLTranslationService {
 				method: 'POST',
 				headers: {
 					'Content-Type': 'application/x-www-form-urlencoded',
+					'Authorization': `DeepL-Auth-Key ${this.apiKey}`,
 				},
 				body: params.toString()
 			});